(April 27, 2016 at 2:58 am)Aractus Wrote: Now - this is actually a serious flaw of the PayPal design. When you go to sign up for a website or make an online payment it automatically redirects you to their website. The problem with this is that I could clone any popular merchant site - let's say Amazon - or create a fake one, and then have it re-direct to a fake PayPal sign-in page and everyone would think it's legit unless they look at the address bar, and enter their information. What should happen is that you are redirected to a page that instructs you to manually type in https://paypal.com to continue. The way that it currently works makes it much more difficult for people to identify a phishing site.
That's not a flaw in PayPal's design, that's a flaw in Amazon's design. Amazon is the one doing the redirecting, not PayPal. Your fix would only work if every single retailer implemented it, and it became the norm to type the PayPal URL rather than be redirected to it, and only if people actually noticed it. Since people don't tend to notice phishing sites anyway, I doubt this would actually work as a fix.
There's nothing stopping your fake Amazon site from just redirecting someone to fake PayPal anyway.
Quote:Oh yeah, that'll go down real well with people that aren't even using free antivirus software to begin with! You need realistic expectations of what people are willing to do. Even I wouldn't pay 50 bucks for anti-virus at home. Sure, it might be worth that money - but the gap between Avast and it is not worth $50.
I'm not in the business of appeasing cheap people. I'm in the business of making accurate security recommendations. Go look at AV Comparatives research. The gap between AVAST and paid Anti-Virus products is real, and it is growing. Viruses are getting more complex, and AVAST can't keep up when you have companies like BitDefender and Kaspersky investing millions into research.
Quote:Especially biennially -WTF? Anything could happing in the next two years to make another paid antivirus program better value, and giving people a two year contract essentially locks them in and will stop them thinking about competition!That appears to be an Australian thing. On the US site you can buy a year of AntiVirus just fine. Works on 3 computers as well.
Quote:Yes it might be good business sense, but it's not good for security....but using free AntiVirus from a known bundle-ware infested site, that makes perfect security sense.