Well there are loads of AVs that not only alert you of some threats but also provide online security. Securing your computer/OS to some extent(No machine is completely secure, never) is easy but what about the OS that is installed on our brain? The biggest vulnerability of the Human OS (HOS) is "trust". So we can define Social Engg as "The clever manipulation of the natural human tendency to trust".

Well the biggest questions over here are:
1) Though AVs, firewalls and IDSs keep the networks perimetere secure, how can we train the HOS to identify any mischief?

2) People who are naive to the internet will never know that they are becoming a victim of a phishing attack. Even after warning the population to check the URL, the SSL favicon, the padlock symbol to ensure the authencity of a websit, how many bother to check that?

3) Techniques like email spoofing add to the nuisance. Who bothers to check the headers of an email to verify the origin if the message?

4) Can there never be a security solution to Social Engg?

I as a script-kiddie had launched quite a few phishing attacks. But being a White Hat I only grabbed email a/cs, no bank accs. Though I never misused them, but merely accessing those accounts gave enormous information about that person including bank & credit card details.

Will we ever have a solution??

j0hnn3k4r
http://techkranti.blogspot.com

security awareness trainings should be standard within every organization atleast once a year. there are many do's and dont's for giving these trainings, but the fact should be that people think before they act. If the budget doesnt let you perform a simple phising scam (with authorization from your manager) and calculate the results to a simple chart showing how many people "clicked the wrong button". even this is effective in educating people for such attacks.