The problem is much worse than this contrived 'I cant download PuTTY securely'. Lets choose an example, of which I have had my hands in with my tech support job.
*
Goal: "Download Firefox"
First, the user was using IE. And the user is not a tech savvy user (as in, cannot read words on the screen). Turns out, the user's computer was infested with spyware and garbageware. Mainly Conduit and others.
Normally, I would use a remote support tool and just do the cleaning for the user. However, this client comes from another area in which we are not allowed to use the remote support tool.
In the end, I tried to have user uninstall the bad-firefox, and attempt to install the good, but the softonic installer installs a ton of crap everywhere. User got very frustrated and hung up when having him read the uninstall programs installed list.
*
That is the danger to most users, running Windows.
EDIT: For the user whom penalized my comment score, why?
If you are wondering why searching for "firefox" leads people to install malware the main reason is that most of the ads Google shows for that term, and which appear at the very top of the results, take you to sites with malware downloads.
I've mentioned it a few times on here before[1], even directly to Google employees[2] and they don't seem to give a shit at all. I've even noticed searches for Chrome sometimes show links to (what appear to be) malware sites now[3]. Maybe that will motivate them to sort this out but I'm not hopeful.
Putting my conspiracy hat on; it seems like there isn't much motivation for Google to sort out the problem because every new malware loaded PC is another potential convert to a locked down cloud based platform like ChromeOS. There isn't really much downside for them in making Windows as horrendously unsafe for non-experts to use as possible. Why Mozilla aren't screaming about it constantly is more of a mystery to me.
Absofuckinglutely. These sites thrive solely because Google ranks them at the top. Crapware sites appear so consistently at the top of searches for software that excludes the term "linux" that coincidence is many sigma less likely than intent.
Considering that what most Windows crapware installers do is mercilessly track users for the purposes of marketing and that Google's main business is tracking users mercilessly for the purpose of marketing, it is hard to see how this is some random event.
Google's definition of "best search results" is related to their bottom line, and the goal is to be as intrusive as possible without driving searches away. This is why the Google ad network laden "weather.com" is returned before the ad free and purely scientific "weather.gov" from a US search for "weather."
For real fun, search for "pdf to html" and "pdf to html linux" to compare the degree to which Google promotes solutions that collect data on users. A Windows user would never know that a free quick private and powerful alternative is just one VM away.
You are confusing search results and paid search ads. Google will happily put whoever bids the highest in the ads, but they don't force weather.com to rank above weather.gov in the organic results. That's a totally baseless conspiracy theory.
A lot of ordinary consumers confuse search results and paid search ads, and this is _entirely_ Google's fault. It would be very simple to make them look completely different.
Also, it's not just malware. Google also makes money by promoting scam sites that charge people for free government services.
Explain how Google's corporate officers better meet their fidudiary duty to maximize shareholder value by not structuring search results to optimize revenue than they meet that fiduciary duty by structuring search results to maximize returns.
This isn't a conspiracy. It's basic business and doing otherwise would be the basis for a tort.
There's no actual fiduciary duty to maximize shareholder value (though a few cases in the early 20th century said otherwise). The fiduciary duties of a public corporation are a lot more narrow, mostly involving not prejudicing some shareholders at the expense of others, or enriching the officers at the expense of the shareholders. Making unprofitable market decisions out of principle (even if misguided), however, is not a breach of fiduciary duty. For that kind of run-of-the-mill disagreement over how to run a business, the shareholders' remedies don't lie in the courts, but in their control over the board. Courts in the past few decades really aren't interested in second-guessing strategic/policy/market decisions, certainly not getting into stuff as detailed as whether Google could choose to ban malware ads, for any definition of "malware" they choose.
You're simply wrong. It is in Google's long-term financial interest to continue to provide objective, trustworthy search results. For a non-Google example of something similar, see the recent story of Apple CEO Tim Cook challenging a shareholder who challenged the impact of Apple's environmental policies on Apple's bottom line:
http://gizmodo.com/apple-ceo-tim-cook-shuts-down-anti-enviro...
Oh bloody fucking hell, Cook told shareholder activists to piss off because a CEO's job is to tell shareholder activists to piss off. Rarely is it so easy as in Cook's case where the activists were total wingnuts, had no business case since Apple's investment in renewable energy is almost certain to payoff over the long term, and presented a massively unpopular position. They got the microphone because their pitch had homerun written all over it.
In Google's case, their officers are responsible for optimizing the mix of objective search results with revenue producing search results. That optimum can be described as just good enough not to drive too many queries away while maximizing clicks to their customers. There's no legal requirement or demand from shareholders for a wall.
And indeed the very idea of tailoring search results to an individual's past browsing history is always going to push sites that share data with Google to the top of the results page.
You should read Google's corporate filings. It's clearly not a fiduciary duty of their executives to maximize shareholder value. They were very clear about that when they went public. There is also no SEC - or any other - regulation stipulating this as the prime directive for corporate officers.
The constantly repeated 'duty to maximize shareholder value' line is nothing more than a myth.
In the case of Google, the triangle of Page / Brin / Schmidt basically control Google outright, regardless of the other shareholders, due to their voting shares. So they absolutely do not have any duty what-so-ever to maximize anything. Buyer beware, is basically what they stapled to the prospectus.
In fact it's no more complicated than this: if some random shareholder is upset, they can stir the pot accordingly, and the waves they'll make is almost always in proportion to the shares they can vote directly or indirectly. There is no singular objective qualification on what would lead to the maximization of shareholder value, it's an opinion that varies from one shareholder to the next as to what they think is "best" for the company.
Simple example: some shareholders might think it'd be better to slash salaries at Costco to boost the bottom line. Others believe part of the reason Costco is so successful is their employee culture.
If users lose their trust in Google (as I have, FWIW), then it loses its eyeballs to sell.
Short-term-ism in terms of maximizing ads revenue which costs long-term goodwill is a serious negative for Google.
I'd argue that in the past year or three, the company has started showing its vulnerabilities. I'm not sure who will take over from it, or how, or what that company's business model will be, but I see vulnerabilities.
I switched to DDG a while ago as my "default" search. Unfortunately, Google does reliably provide better results. They'll maintain a user base as long as that's true; I still switch to them when DDG fails.
Well, it provides better results when it doesn't rewrite your search into oblivion in an attempt to save you from typos you didn't make. Unfortunately, DDG being worse at everything else still leaves Google in the lead. But it also still leaves me very unhappy when I search.
Usually it's turning an uncommon domain specific word into something uselessly common (and completely unrelated) for me.
Or when I put an entire error message in quotes and it deems the number of results for that error message too low to be intentional so it deconstructs it into a useless mashy search of all the words in the error. Note, I don't mean when the results are zero, but even then I usually have to spend an annoying amount of time before I realize that my search actually had zero results instead of the millions it claims it had.
There was a time when google's cleverness was just enough to be useful, but it gets more and more clever (and frustrating) every year now.
Convincing Google that I don't want its assumption that I want a typo fixed is getting more difficult.
The dynamic Google results page means that it's really difficult to refine a search based on the presently visible results which disappear as I update the search. I find that that behavior incredibly annoying, and greatly appreciate that DDG doesn't do this.
It took me two goes to make DDG stick but since June of last year (just after the Snowden revelations started) I've been using DDG as my primary and nearly exclusive search engine.
It's much better than the first time around: more relevant, faster, and very few technical hangups.
I still fall back to Google periodically, especially for:
• Date-bounded search. DDG doesn't support this.
• Specialty searches: news, books, scholar. I've also keyed up custom searches for a bunch of sites in my browser.
• Rarely: I don't seem to find what I'm looking for on DDG. Usually first an !sp re-search, if that fails, !g. About 2 times out of 3, I still don't find what I'm looking for and return to DDG for more refinement.
RSA maximized their profits up $10 million by selling their customers out to the NSA, and that cost them some serious long term goodwill and reputation. Were their shareholders happy about that piece of financial calculus?
Ignoring for the moment that you are wrong about them having to maximise shareholder value, and ignoring that just taking any money doesn't maximse value anyway, you are still wrong.
Google has a dual class stock. The only shareholders with any power are Larry and Sergy. That was done to avoid short term thinking (precisely like you are proposing). Investors know this when they buy on.
A long time ago, I started treating downvotes as a critique of my writing. My first response is always to edit the post to express my ideas more clearly, my second is to consider if the comment is doing little more than inflaming passions for no benefit to the community. In the latter case, I tend to delete the post.
This is a case where I posted in a rush. The basic idea that Google's ranking algorithm is optimized to serve Google's interests first and those of its customers second is the only possible way for Google's officers to fulfill their legal obligations to the shareholders they serve.
The key to understanding this idea of the best search ranking algorithm is that people who query Google's search engine are not Google's paying customers. Google Search's paying customers are almost exclusively advertisers.
The best search results Google can produce are those which maximize their revenue. Not enough traffic directed to ad buying customers and advertising dollars may go somewhere else. Sure too much obvious selling might drive queries elsewhere but the threshold for tolerating advertising keeps going up. So many people take tracking across sites for granted that Google can push a "weather" search onto an advertising affiliate's site and still meet the expectations of the data point making the query. There is no objective reason other than income for ranking secondary sources above the primary source, "weather.gov".
This is a bit simplistic, and I'm not saying that to be rude.
It's true that searchers don't pay Google money, and advertisers do. But Google is running a platform. In the past I've compared it to an information marketplace. And the goal for Google is to make the market run as efficiently as possible, otherwise they risk losing one side.
Searchers don't pay Google, but they do (presumably) pay Google's advertisers, who pay Google. If you lose the searchers, you lose the advertisers.
Now of course there is a balancing act, which you allude to in your last paragraph. But there are plenty of easy examples where Google returns no ads even though they could. A search for "how old is barack obama" just returns the number (or Wikipedia), without ads, even though I'm sure there are advertisers out there who would pay for an ad to be shown.
So obviously it's not universally true that "the best search results Google can produce are those which maximize their revenue." Perhaps adding some subtlety to your argument would help me understand exactly what you're saying.
All abstractions are simplified. That's what makes them both abstractions and useful.
For example Google Search might be considered a marketplace, but such an abstraction might lead a person to lump buyers and sellers into amorphous blobs and ignore the heterogeneity within each group. Ford and overstock.com are different sorts of advertisers and thus Google's business comes down to segmenting end users.
Plain and simple the most valuable end user segments are people who not just tolerate tracking and targeted advertising but who actually derive value from it. They are valuable not only because they click through and buy stuff but because they validate Google's claims that its business of tracking users and pushing ads and tailoring search results toward commercial interests and away from the long tail is objective.
Long tail results are not revenue generating and Google has simply removed bit by bit the end user's ability to specify them. Sure spelling correction is useful, until Google search refuses to respect quotation marks and simply renders some terms unreachable. Local search is useful, until a person wants to search across borders or outside their local language.
This is also a problem for search queries like, "yahoo phone support" or "apple phone support", both of which have bitten some of our customers in the past, directing them to call-in scams: "oh no ma'am, according to Microsoft your computer is infected with viruses, I need remote access to your system right now, we can clean it up for $89..."
Google's malicious advertising is the number one reason that we're able to justify installing AdBlock Plus on every client's system (we talk to them about it first) and disabling ABP's new "feature" to "allow non-intrusive advertising".
Sites that depend on ad revenue should be screaming at Google to fix this.
Google does care, and will take action to disable malicious advertising. For many of these sites, there is no obvious badness on either the ad or the landing page, so a manual report will help us fix malicious advertising.
I work on some small portion of Google's systems related to automatic malware scanning (albeit, not anything that would show up on the search results page), and I want to make sure that we don't direct people to malicious advertising.
Thanks! I've bookmarked this and will try it in the future.
But: as an experiment, I just turned off ABP and Google'd (heh) "yahoo support". One of the ads at the top was for http://www.aurasupport.com/email_service; at a quick glance, I see a website template from http://pixel-industry.com/website/, lots of broken English, and a domain that was registered just last Summer to a house address in a suburban development in Texas. Not exactly a smoking gun, but also probably not what somebody's looking for when they search for "Yahoo support"...
And, farther down the first page of the actual search results is http://www.yahoosupport.org/, which has a toll-free phone number in the title, 1-888-551-2881. Googling that phone number takes you down a rabbit hole of lots of dirty SEO (e.g. https://www.youtube.com/watch?v=AEO5-2RpYvo), no actual customer reviews anywhere, and offers for support for lots of services -- including, uhm, Gmail (http://www.password-recovery.us/contact-us, look at the page title).
So, I'll be happy to use the link you gave, but this seems to be a fairly serious problem, and I'm a little surprised that Google doesn't have a better handle on this.
It should be reasonably simple to add a "report malware" button next to banners when the search includes the word "download". It would be less simple to review flags every malware provider would make on every competitor, but the beauty is, you wouldn't need to - when someone asks for "download firefox" I'm pretty sure all banners advertising Firefox will include some form of malware.
I wonder why Mozilla doesn't go after these sites for trademark infringement. Mozilla made Debian change the name of their Firefox package to Iceweasel because they made modifications; surely bundling in adware also violates Mozilla's trademark policy?
It does. Google goes after them as well. However, there is generally a large delay before they manage to take them down and verification is always done post-display and not pre-display. You can report bad adverts at https://support.google.com/adwords/contact/feedback?hl=en and Google will eventually get to them, usually after their account balances have run down a bit. There's definitely no sign of any urgency on that front.
Iceweasel actually modified Firefox, this sounds more like bundling Firefox with other stuff in the same installer package. Vaguely reminiscent of distributing a Linux ISO that installs Firefox, along with other stuff...
Except that the Linux ISO is not called "Firefox." It would be OK for the Linux distribution to use the Firefox trademark descriptively to say that it includes Firefox, but that's not what these adware vendors are doing. They're calling their "Firefox bundled with some adware" Firefox.
It's like that on purpose though. You can't be rude to your customer after all. In this case, advertisers are paying Google a lot of money so they don't have to go through things they wouldn't like, such as harsh verification. Users of Google search aren't really important in the same way. If you lose a couple search users to malware, who cares? At least you got the advert money up front.
I don't think this is their mentality, I think this is more like a myth that gets perpetuated ad nauseaum.
The problem with a search engine is that there's no lock-in other than brand recognition. Google won over AltaVista and Yahoo by being superior. I still remember the first time I tried it, it was so much better that it made an instant convert out of me, even though typing "altavista.com" was rooted in my nervous system and this was in the days before they were big, before AdSense/AdWords/AdX. And I could see it at Internet Cafes catching like fire, within mixtures of technically oriented and unsophisticated users alike.
And it can happen again. What pains do normal users have when using Google lately? Malware, content farms, "aggregators", too many ads. The only reason for why Google is still number 1 with a near monopoly is because there is no better alternative. DuckDuck Go is awful for me. Bing too. You may not notice how awful they are, unless you're living outside the US.
And I'm pretty sure they know that they can lose users fast. And once a significant chunk of users are gone, advertisers will be gone too. That's why Android exists in the first place, though distributing Bing as the default doesn't really help Microsoft, so having your own platform only protects you against walled gardens. And there's even a bigger danger therein. Google doesn't even have to lose users for advertisers to leave - Google already knows that the majority of clicks on all served ads are done by a minority and advertisers are increasingly aware of this fact too, as quality conversions are going down. This is because targeting is not so good after all and because users are increasingly fed up with spamy results and annoying ads that aren't targeted well.
I think their problem is that they are trying to solve this through algorithms only. The problem with algorithms is that algorithms can be gamed, you only need to find the ranking formula, which can of course be done through trial and error. It's a whac-a-mole game basically.
But for popular searches, like Firefox, they could have exceptions in there to propel those as first results. Is it not obvious that users searching for Firefox actually want Firefox, the browser from Mozilla.com, in spite of Mozilla.com's ranking? Is this against their policy or something? And now that they have Google+ accounts, why don't they add a "Report Result" button? If flagging email as Spam in GMail works so well, why didn't they do the same thing for their search engine?
"The problem with a search engine is that there's no lock-in other than brand recognition."
This is not quite true. The 'lock in' are the advertising channels. If you want to replace Google you need replace their lock on advertisers. I have direct visibility into the effectiveness of Google's, Yahoo's, Microsoft's and third party advertising networks, I can state with certainty that if Microsoft was able to show Google advertising feeds on their search property, even with Google taking 20 - 30% off the top, it would be Microsoft's most profitable division, swamping the profits from either the Windows licensing stream or the Office licensing stream.
Your point about _advertiser_ lock-in is true in the short term.
However, the limited _user_ lock-in means that a 'better' search engine could take user share, which would then make it more attractive to advertisers.
Well in my case (@Blekko) I'm a startup that has worked at taking market share from Google organically. We actually crawl the web and index it, and that takes hardware and network bandwidth. I recently had the opportunity to look again at what a 'small' cluster would cost to run in EC2 (about $2M/month so $24M/year). We don't do that, since it would be impossible to make any money if we did, but even just break even on that sort of investment is hard to achieve without advertising support. Trust me when I say that the search advertising business is very much a sausage factory.
You're just a startup so you're money strangled, but $24 million is pocket change for other companies - so what stops a bigger company that already have their own data-centers and enough talent, such as Microsoft, or Apple, or Facebook, or Twitter, or whatever, to create a better search-engine? I think that's simply because it's a very hard problem to solve.
Thanks. Is the point that it's chicken-and-egg? You need users to get ad revenue, but you need ad revenue to improve search quality and thereby attract users?
Many people, especially older ones and people with bad or old monitors don't even realize they are ads. There's purposefully no border and a light background is used to confuse people into clicking ads.
I'm pretty sure this isn't intentional. No one at Google is going to be using a crap monitor. I've used similar colors in business software before. It wasn't until I was at a conference and saw our software on a crappy screen that I realized the required field color was white on some monitors.
Dealing with Windows nowadays is akin to cleaning a septic tank. I wish I was kidding
I'm thinking someone should build a (Linux or other *IX) that scans the HD of an infected machine (booted with this distro or the HD was removed and put on another machine) to scan and remove everything. Working directly on Windows is impossible
> I'm thinking someone should build a (Linux or other *IX) that scans the HD of an infected machine (booted with this distro or the HD was removed and put on another machine) to scan and remove everything. Working directly on Windows is impossible
I don't think that would be all that useful. If you have a malware-infected system then your focus should be rescuing user data, and not cleaning the infection (which is pretty much impossible to do reliably).
Good luck figuring out if the user data is the cause of further infections. Add some infected pdf, tif, jpg files and it could come right back. In the terms of less common applications there are likely thousands of libraries used by these programs with data interpretation exploits waiting to be be found.
>I'm thinking someone should build a (Linux or other *IX) that scans the HD of an infected machine (booted with this distro or the HD was removed and put on another machine) to scan and remove everything.
They are. I've used the kaspersky and AGV live disks. It's nice because you boot up and you can download new definitions without something hogging your bandwidth and clicking through a bunch of popups or what ever.
I was going to suggest Chocolate -- it's like Homebrew for PowerShell, but it doesn't always install things where you want it to. And as it turns out, PuTTY might not be maintained as much as it once was -- or that's the rumour.
Many recommend KiTTY but with an ad supported site that complains about adblock when you go SSL (after a warning) and includes hidden features -- well, that's not something I'd trust either.
My day-to-day dealing with Windows being very limited, I find this interesting. Is it your impression that the security features introduced since Vista have been ineffective and only taught naive users to always click the "yes" button?
1. The user clicks yes. They might read what they clicked yes to.
2. The user doesn't usually read prompts
3. The user will not read error messages, even if they are to their benefit.
4. The user doesn't know how to "google" problems
5. The user will sometimes even ignore IT professional help even when they call us. This is usually a "bitch session" with no clear resolution.
6. You will tell the user what to do, and they will also say yes. They still don't understand.
7. Users will install software and not understand how to remove said software (control panel<remove software).
8. Users are not curious. What would be obvious to simple reading they will ignore.
9. Only when the computing environment is unbearable, will they call in. Or it will be the simpleton user who wants you to do their work for them.
Linux doesn't have a tradition of downloading and installing random software, though, so there would be a bigger behavioral hurdle to get users to install the malware.
I think the behavioral differences are almost entirely because current Linux userbase is mostly people who have self-selected Linux over the default OS their laptop came with.
(And I still see a fair number of Linux install scripts that look like "curl ... | sh")
Linux has a nice repository, with nearly all the software you need available, signed with known good keys.
Linux does not have "your mouse pointer moved. Are you sure you want to proceed?" dialogs.
Linux has a manageable set of file permissions, including the "execute" permission being set by the users, not by any random server from where you download your file. (Yep, there was some regression here lately.)
And, of course, Linux is actually hard to compromise without user intervention. Differently from Windows.
If you really believe it's the users fault, you have your head deep buried on the sand.
Hunting the Internet to track down random dependencies, watching freshmeat.net every day for new releases, and fighting with all of the different build systems was what I did every day ca. 1997.
In other words, installing (and upgrading!) software in Windows has not made much progress since 1997. I blame MS's decision "oh sure, you can integrate your program into Windows Update, it will only cost you $BigBucks per year."
No, you just have to install from source if you want something that your package manager doesn't provide and then hope you can actually get all the dependencies compiled.
Windows is such an open door (NPI) its incredible. Stupidly trivial malware can rewrite desktop icon shortcuts to append some url so the browser will start on it. I spent hours trying to help a neighbor before stumbling on this 'hack'.
I don't believe the original example was contrived. It sounded like a real series of steps that this guy went through. But you're right, it's even worse if you don't have any idea what you're doing.
This is somewhat mitigated with the Android Play store and the iTunes app store. I haven't used the Win8 store thing yet, but it should resolve these issues for most users. That's why even though I prefer an open ecosystem for my own devices I do appreciate the need for semi-closed ecosystems for non tech savvy users.
> Turns out, the user's computer was infested with spyware and garbageware
You're recovering from a system compromise, an unrelated problem from downloading Firefox. Hints to get started: unplug net, image the HD for later forensics, reformat & reinstall OS, carefully restore non-executable data files from backup.
Like I said, we are a tier 1 tech support. What I do is work for a university. We also do tech support for another university (contacted out to us), and that other university is a 2 year trade school in Indiana.
Our service is mainly troubleshooting simple and mild problems, and escalating difficult issues to the relevant departments. A problem like spyware is a constant in our job, causing problems ranging from system instability to mal-rendering web pages.
Ideally, a backup/wipe/reinstall is the idea solution here, BUT these are regular non-tech-savy users. The computer is a means to an end here. "It goes beep-blip-boop that my teacher wants" is the kind of thought. Explaining that a reinstall is ideal is ignoring the fact that this operation would cost ~200$ at Best Buy or similar place.
Frankly, I use what tools I can. If that means manually uninstalling what I know is spyware, rebooting in safe mode and running Malware Bytes, I'll do exactly that. At least it triages the problem until next week when the user goes and downloads something Adfly or Softonic... again.
Unfortunately, they would just search that as well. And if the machine is already infested, it's a conduit search at that.
The problem is Windows. IE is too easy to hack and break. Drive-by exploits are routine with IE and Windows-Firefox. There is little security and process limitation in Windows to prevent an active expoit. Worse yet, I cant even delete an "open file" without special tools. In any other OS, that's not a problem. File gets removed. Windows acts like a toddler.
BTW, Xubuntu works well here for friends and family whom I support. It just works, they're nigh invulnerable to exploits and problems are a kill and rm away.
EDIT: For the user whom penalized my comment score, why?
Probably because you claimed that the example was contrived when it is actually very real, and is something many visitors to HN have specifically faced, and is a particularly ironic case given that the target software is critical security software, given essentially the keys to the lands.
Ultimately many of us simply have to assume that Google's pagerank is the surest sign of the credibility of a link, but of course we know that can be gamed. And even had this site been on an appropriate domain with HTTPS, even that shows little given the completely lack of vigilance by most SSL cert firms now (partly at the behest of the tech community who find the cert process annoying and expensive).
I have a few arguments about the way the article took his/her argument down.
1. There was no mention of http://putty.en.softonic.com/
2. If you are looking for an SSH client, you are not a normal user and should know that CYGWin or Putty are freely available.
3. Using whois is considered more advanced end-user techniques.
4. Continual complaints that the download server doesn't have SSL. It's annoying and bad. Trying it again and again is kind of pointless. You made your point.
5. Tries to get the author's key via the MIT PGP server. This is NOT end-user stuff here.
You seem to be arguing that the article wasn't an entirely different article. As __david__ rightly mentioned, he doesn't say "this is what the average person encounters". Indeed, I think the situation is even more profound given that it is, quite specifically, talking about security software that fairly adept practitioners use.
I hate to be _that_ guy, but for someone who values the opinion of others as you apparently, do, using 'whom' on the internet isn't likely to win you over any friends. Let alone using it incorrectly...
Eh, fair enough. He just struck three nerves on a Monday morning.
1. proselytism
2. grammatical solecism
3. inflating the value of a "downvote"
In hindsight, I should have kept my mouth shut. But hit those three before my caffeine deficiency has been addressed, and I'll likely find myself in _that_ role.
* Goal: "Download Firefox"
First, the user was using IE. And the user is not a tech savvy user (as in, cannot read words on the screen). Turns out, the user's computer was infested with spyware and garbageware. Mainly Conduit and others.
Evidently, user "searched" for firefox rather than follow my directions to type in the address bar https://www.mozilla.org . This behavior lead him here: http://firefox.en.softonic.com/
Normally, I would use a remote support tool and just do the cleaning for the user. However, this client comes from another area in which we are not allowed to use the remote support tool.
In the end, I tried to have user uninstall the bad-firefox, and attempt to install the good, but the softonic installer installs a ton of crap everywhere. User got very frustrated and hung up when having him read the uninstall programs installed list. *
That is the danger to most users, running Windows.
EDIT: For the user whom penalized my comment score, why?