Slashdot Mirror
Always Use Protection
Dan Appleman knows how to talk to teenagers. He's made the presentation very logical, he keeps the chapters a reasonable length so a teenager won't feel overwhelmed, and he had a crew of teenagers review this book before it was published so that he knew they would understand it. Those adults who aren't technically adept will find it an easy read, too.
Always Use Protection is broken up into three main parts: Protecting Your Machine, Protecting Your Privacy, and Protecting Yourself. There is a fourth part with useful appendixes, also.
Protecting Your Machine goes through all of the gremlins that can bother your computer, how to get rid of them and how to prevent them from coming back. Viruses, Trojan horse programs, and worms are covered clearly. Not too much depth involved, but not too little either. Dan covers the ins and outs of the three main preventive measures: anti-virus programs, firewalls, and system configuration and updates. He makes sure that his discussions relate to the types of programs that teenagers are likely to run: P2P software, online games, Instant Message clients, e-mail programs, and web browsers. He's careful to include other avenues of attack besides the Internet, such as infected floppies and CDs cut by well-meaning friends.
Always Use Protection explains how to determine which type of anti-virus programs are available and how to run them (using McAfee's VirusScan as an example), but puts the responsibility for deciding which one to use squarely in the reader's lap. Dan has made sure that he's not pushing any particular product over another. In fact, there were one or two places where I wished he'd just come right out and say I'd recommend blah-blah software, but he always said the reader should check the pros and cons of the possibilities and make their own decision.
Firewalls are discussed in detail, as well as their possibly unintended consequences (an online game refuses to run because a critical port is being blocked by the firewall, for example). He does state that if you're on a network behind a router, you may not need a firewall. This is my only disagreement with Dan. I believe a personal firewall should be on each and every machine, regardless of how it connects. It will protect not only the machine itself, but make it harder for the machine to attack others.
Software updates are probably one of the most under-utilized options in the home. News items in papers and on the web speak frequently about how such-and-such a virus got into machines mainly because security updates available from the manufacturer for months were simply not installed. Dan makes sure that the reader understands how shortsighted that approach really is. The updates are usually free, and just take a little time to download and install. Always Use Protection explains exactly how to do that and why it's a good thing.
The configuration chapter describes many little tweaks available to harden your browser and e-mail reader. Many people are not aware of the number of 'dials' they can play with (and if they were, they'd probably be overwhelmed), but this chapter zeroes in on the most important ones.
If this book was only chapter 9 - What to Do When You've Been Hit - it would still be worth the cover price. In this chapter, Dan gives a careful, step-by-step menu of what you can and should do to recover as much as you possibly can, eradicate the malware that is causing the problem, and get your system back to a usable state. It's the one chapter he says you shouldn't read front-to-back, but follow the links (if you see this, go to this section) like one of those make-your-own-ending books. I have this one bookmarked for future reference.
The next four chapters form Part II - Protecting Your Privacy. In here, Dan explains the various ways your personal information can be gleaned, mostly from a user innocently filling in a form supplied by a con artist. He talks about identity theft and what it means to a teenager. The need for good passwords is clearly discussed, but he acknowledges that most people won't use strong enough ones. Therefore, he promotes a simple plan with three passwords (high, medium, and low-security) that will work in most cases. He ends off this part with a good treatise on cookies of all forms, and how to turn off the worst ones.
Finally, he talks about protecting yourself in chat rooms and from common scams. While there is a lot of press about teenagers being lured by scoundrels in chat rooms, Dan notices that the actual statistics are very low. Regardless of the statistics, he gives extremely good advice about how to use a chat room safely (mostly involving lying about almost any bit of personal information you might be asked for).
The appendixes have good summary information for teens and adults, and have a special appendix just for the parents. It give good advice to make sure your teenager is willing to come to you for question without worrying about losing online privileges.
All in all, Always Use Protection should be read by every parent and, hopefully, by their kids. I'm going to try to get my 15- and 13-year old to read it (Good luck to me! You should have seen the arguments to get them to finish their summer reading!) I liked the approach, the content, and the presentation so well, I had to rate this a 10.
You can purchase Always use Protection: A Teen's Guide to Safe Computing from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.
it feels so much better without!
oh yeah, first post.
amazing in how they foul up thier computer, then go upstairs and foul up mine, and break the ibooks given them by the school, I will say this book is long overdue
http://www.geocities.com/sethseekstruth/great_out
Most teenagers are more interested in a)how they are going to get laid, b)how they are going to get drunk. Those who care about computer security are almost certainly way above this book. It's trying to sell to a market that just isn't there. It looks like it's just another wannabe security book, offering very little in terms of actual understanding. This makes it to Slashdot???
Unfortunately, this advice comes a few years too late for people like Libby Hoeler...
Protection doesn't work.... we must preach abstinence to our children...
:)
Just stay off the internet until you're 18, kids... (and you have your own damn computer/network to infect)
Check out the best P2P sharing website: MEDIACHEST.COM
I'm sorry, but I read this review and instantly thought of the imfamous "Is your son a computer hacker?" thing that we all know and love.
That's not to say that it's a bad book or the review is flawed, though some of the comments would tend to tell me that the reviewer isn't as "computer savvy" as I might like in a person reviewing a book. A properly configured border firewall, for example, will protect systems behind it. That says nothing of the duties of many of those "personal firewall" applications that are actually much more than firewalls (spam filters, scumware/spyware/adware scanner/filters, etc).
I just found it amusing that the adequacy.org article was the first thing I thought of when reading this review...
Ya wouldn't have teenagers
Can I just cover my computer with a rubber sheet? I could even use cherry flavored.
Is there a reason that this information is being aimed specifically at teenagers? I know an awful lot of adults that could use a good straighforward explaination of this material.
Comment removed based on user account deletion
90% of slashdotters immediately think of firewalls?
There should be a chapter in every computer book made all about backups.
People don't bother to backup data..
People forget to back up data.
People need to verify backups..
SyOps symlink backup data directories and cause $40,000 losses due to data not being backed up.
That is one of the best ways to "protect yourself"..
"jesus saves" and all that..
anime+manga together at last.. in real time.
I'm sorry but regardless of how good the book is and how relevant it is, it will never achieve its intended goal. A kid is never going to read anything like this. You wouldnt expect a kid to read a book about the perils of not eating their vegetables, so why this? Especially as stubborn as kids are nowadays, I think this author might have a case of bad timing. :-/
Protecting Your Machine
Why, yes, it is a machine. Thank you.
The coolest voice ever.
The best way to protect your children and your PC is to spend quality time with them, teaching them the basics of PC protection and chat room safety.
IMHO, these things are better taught in person than with a book. The reviewer did not mention actually spending any time with your kids. I hope the book does, because too many people are using books and products like these as a substitute for teaching thier kids in person about computer safety.
my dad got me this product called "The Keyboard Condom" and said "son, always remember -- No Glove, No Love".
What no comments on abstinence?
Or condoms?
El Presidente Bush will be muchly displeased!
Is it really that useful given that I run Linux, don't use chatrooms, don't use P2P software, don't play games and have no friends who both run Linux and give me floppies or CDs (when it comes to it, none of my friends do either)?
I think that the net would be a lot better place if we all talked to our parents about safe computing.
The Tools Of Ignorance wanna be a tool?
The year was 1994 -- I had a 14.4 fax/modem, and was the only person in the house who knew how to use commands in MS-DOS, much less use the net, do some mild hacking, etc.
I learned more about computer security by trial and error on a piece of crap 486SX than I think I could learn from a book. Why don't more of these parents spend $100 on a crappy old machine than $100 on the best in virus protection and let the kids go nuts? They'd probably learn a whole lot more...
is that it uses the assumption that teenagers - a group that have grown with modern technology - do not understand the basic concepts of computing, privacy etc. I would argue this isn't actually true.
/.-reading PC geek in their class. And, we can assume, any responsible parent who knows about scams, clichéd chatroom use, P2P virii etc would educate their children about this stuff anyway. It's not exactly complicated to explain to people who have grown up with this stuff.
A better audience for a similar book would be the average parent PC user who doesn't understand why their PC is giving him those stupid Messenger messages, why they should run Windows Update or the average 419 scam to make them better equipt for the world. In my admittedly limited travels, it's been a lot easier to explain technical stuff to the teenage generation, and I'm sure each teenager has a
I also assume the book includes a degree of uninformed scaremongering. Firewalls are not required - indeed, you can safely use the internet without a software firewall simply because they can be easily bypassed by anyone caring enough to bypass them - ie trojan writes. Viruschecking software is not essential if you are smart enough to know what you're running and don't run the average VBS file or P2P fraud (PHOTOSHOP 7.0.REAL.EXE). 4 years with yearly virus checks confirms this.
And I'm sure that parents treat children like idiots regarding the average "chatroom" use. No doubt the fools who previously gave their names and telephone numbers to random people on the 'net must have got the message by now, and that assumes that there are large amounts of people gullible to be taken in by it.
Has anybody ever gotten a virus from an infected CD?
Have you read my blog lately?
Lets force everyone to know DOS commands before using a computer. That way, they would know enough to maintain their own system.
One of the BBSs that I used to use, would allow us to drop into an MPM shell, but you would have to answer a questions, "what is the name of the debugger?"
Fight Spammers!
As a 15 year old, I resent the implication that teenagers aren't knowlegable. Even as I sit here, dist-upgrading my server farm through a dancer's shell, I can feel the network shuddering as spam is relayed through my parents two computers, out onto the internet. It would take me less than 30 seconds to find a windows box at school that is thoroughly compromised, and spamming / DDoS'ing something. It's not like we write the code that gets exploited..
I am a teenager, and it's *my* job to secure the network, install Firefox and an anti-virus on computers used by my family, and basically be the IT department around here, because nobody else knows how.
It should be the other way around. If my parents and sisters read such a book, maybe I'd get less tech support requests.
void*x=(*((void*(*)())&(x=(void*)0xfdeb58)))();
Funny, my 16 year-old stepson is using the Mandrake Linux installation I set up for him -- he can boot to Windows 98 to play games, but that's a vanilla installation, and not configured for networking. My LAN is protected by a dynamite router by NetGear -- the only port that responds is 22, and that goes to my Linux box. So really the only part of this book that's relevant is the part about identity theft.
Is this really a perfect technical book? or is the reviewer a close friend of the author? Nothing is dated, nothing is misunderstood?
I've never read a technical book I'd rate 10/10 ... 9/10 is reserved for the greats like Tannenbaum on networking, K&R on C - and books only get that rating in retrospect. (Usually when I buy the second copy, either because I wore one out or to have one at home and one at work.)
Firewalls are discussed in detail, as well as their possibly unintended consequences (an online game refuses to run because a critical port is being blocked by the firewall, for example)
This reminded me of a recent disturbing incidedent at a LAN party I was hosting. We were playing Halo, behind my router, configured with a firewall and NAT; DMZ was off, one of my guests was hosting the server so no unintentional rule in the firewall would've been forwarding him traffic from the outside (he was also DHCPed, further reducing the likelyhood, AND I checked the rules later), we had set up no additional firewall rules to allow people on the internet to connect to the Halo server, to our surprize and my chagrin, people outside my router were able to connect to the server apparently being run inside my LAN, somehow bypassing my firewall. Everyone at my LAN party has a good bit of network and computer experience, but this left us scratching our heads. We had always assumed Halo did the standard client-server thing and waited for clients to connect to it on some port. To this day I'm still not quite sure how it happens; my best guess is Halo connects to some master server which instructs to connect to the client machines, or (more likely) clients connect to the master server and data flows through it on its way to the game server. Anyone know for sure how Halo's doing this?
Gheez, Back in my day, the only hazard of using computers was getting your tie caught in the chain printer.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
That's why I only chat with my new friends who want to give me $10,000,000, as long as I give them my banking information.
It is not our abilities that show what we truly are... it is our choices.
"Dan gives a careful, step-by-step menu of what you can and should do to recover as much as you possibly can, eradicate the malware that is causing the problem, and get your system back to a usable state"
The only way to a secure system after being hit is recovering your data, formatting the drive and reinstalling. If your machine has been compromised, there can *always* be other malware installed through the backdoors it opened. If the chapter is only about the above, without the reinstall part, it's not doing the readers much good.
Who is General Failure and why is he reading my hard disk?
Audioscrobbler
Let's be a little more sensible and teach them BASH commands, far more useful.
They don't. No person the age of 11-18 cares about computer security...yet they come to me when their PCs "don't work right".
I'm 13. I know how these people work. I've seen cases that belong on Computer Stupidities, like attempting to reconnect a mouse+keyboard and electrocuting themselves (bent pins). They have no idea about keeping their computers free of spy/adware. ("viruses"...) They expect their computers to work perfectly, or assume everything included in Windows XP will keep them free of virii/spyware/adware. I look at my classmates' home computers and they are destroyed to the point where a format/reinstall would be a quicker fix. These people don't think they are going to encounter the things discussed in the book and therefore don't bother with anything.
ROMANES EUNT DOMUS
Kerio Personal Firewall
It still does the flash up thing if it detects an app it doesn't like, but I belive you can turn that off. In any case, it hasn't crashed a single full screen game for me--like ZA regularly did. It will either minimize the game, or pop a little window up infront of the game, and prompt you.
It will also alert you if a known good program has been replaced. In all, it's tons less intrusive than Zone Alarm, and MUCH less bloated, and you can create your own rulesets pretty intuitively...
Teen's don't care... Many don't. But they, like home users in general are have huge problems with regards to security. So what do we do? Just give up? We (and this includes all the knowledgeable teens) have to do what we can to improve the situation. This book is my contribution to the effort.
Better taught in person than from a book... I agree, but many parents don't know enough to teach security - their kids know more than they do. In those cases I actually suggest flipping it around: teens, teach your parents! I've met a number of teens who have thier security act together - more who just think they do:-)
Parents and grandparents are a better audience for the book... I've gotten some very nice emails from adults and seniors who find it very readable.
The title is a gimmick... Sure, but you'll remember it, right? Actually, the title was the idea of a group of teens. I never would have come up with it on my own.
For more info including the book's introductions visit http://www.alwaysuseprotection.com/
The standard user can't use a firewall. They will end up screwing things up; I've seen it many times. They inevitably create a bad policy that breaks something, and I've seen instances where this bluescreened the machine. The firewall needs to be at central node and run by someone qualified, not on workstations. Unfortunately for the instances in which there is no central node (i.e. plugging a workstation right into a broadband connection) then I still say screw the firewall: Just stay on top of updates, and hope for the best. It's how we run our department and the hacks are few, far between, very rarely on a workstation, and always because the system is out of date. Well that's my $.02 anyway.
Ignorance kills, complacency kills, hatred kills, but usually not the ones guilty of them.
You're right, of course, but the problem is that there are so many people out there for whom "computer" == "Microsoft(R) Windows(tm) running on Intel(R) Pentium(tm)" that this advice will usually fall on deaf ears. (Most of these people have no idea what the words actually mean, of course, but they know damn well that if it doesn't have Microsoft(R) Windows(tm) and and Intel(R) Pentium(tm), it's not a real COMPUTER -- they've seen the Dell ads!) For those folks, a guide like this might be helpful. If nothing else, in the process of trying to secure their Wintel boxes, they may learn something about how computers actually work, and therefore be a little more receptive to technically knowledgeable advice next time.
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.