Where problems go beyond malware, and conclusions.
Let us step away from malware for a second.
For the last couple of years there has been a mass of concern about privacy with Facebook, Google, and others. If you think back: the hysteria was never about the services; the hysteria was about the sudden realization that your data was as valuable and as accessible as it was.
There was a quote from a couple of years ago:
“If you are not paying for it, you’re not the customer; you’re the product being sold.”
If you, and occasionally your peers, were never complacent about where and how your data was stored then there would have been no surprises. You always trust that the organization you give your data to will use it as you expect and also will keep it reasonably secure. Ensure that your trust aligns with the data you disclose.
Getting victims into a state of complacency is also directly intended by attackers.
Parents are very concerned about their children. Some parents have gone to the lengths of secretly recording online activities of their children such as instant messenger conversations. This concern for their children makes parents less likely to think about their actions.
As it turns out, a company called EchoMetrix allegedly took advantage of this complacency with their product Sentry Parental Controls powered by Family Safe. Parents paid a subscription fee to receive the online activity of their children. The service is promoted on their website with banners such as the following:
Sounds exactly like they wish to calm you into making a cool and rational decision…
Because if you believe you are protecting your child by doing something, you are less likely to think twice about it. As it turned out, EchoMetrix also owned a data-mining service called Pulse which "allegedly" also collected the online activity monitored by Sentry. Parents were paying a subscription fee to have their kids unknowingly spied upon by advertisers. They were sued for this practice in an FTC lawsuit a couple of years ago and settled.
That is something that antimalware cannot protect you from.
Security is and always has been up to the end user. Malware is not magic and your information is and always was yours to protect. You should never be complacent with your computer just like you should never be complacent on the phone or in public. Malware need not even be involved.
Promoting a blind fear of malware is the exact opposite of what should be done.
In fact — blindly fearing malware is exactly what some attackers hope for.