Is Obsolescence Good Computer Security?

caesar-auf-nihil asks: "I was recently considering a switch from dial-up to something faster (either cable or DSL) but my friend recommended against it since he said I was more secure staying with Dial-Up. His argument was that my connection's slowness and 'not always on' connection gave me better security since I was less of a target for many security threats. Now, I have never gotten infected, nor do I believe my machine is infested with spyware and/or controlling programs as it runs fine, but I wonder if the obsolescence argument is really good or not. Does Dial-Up really protect you or is this a false sense of security and I should just go ahead and pick a faster service and make sure my firewall is a good one and my virus definitions are always up to date?"

Dial-up does not make you more secure

[darkpurpleblob]

It sounds like your friend is advocating a type of security through obscurity to me. Being on dial-up won't protect you. You should be using a firewall and have up to date virus definitions regardless of your type of connection to the internet.

Re:Dial-up does not make you more secure

[stevey]

Being on dial-up won't protect you

Being on dial-up might even be worse for your security, since most people who have only dial-up will ignore security updates. (Predictably enough, downloading large patches is more troublesome when you have a slow and infrequent network connection)

Re:Dial-up does not make you more secure

[rideaurocks]

You really have to think about the vectors of infection. With dial up you're less likely to be infected by a probe of your computer that's scanning for a vulnerability since, as you said, it's not an always-on connection.

But is that really how you get virii & spyware? I think not. The same access points are still there. A website that installs spyware thu activex doesn't care that you're on dial up. The trojan in the warez you (patiently) downloaded doesn't care either. Accessing the Internet puts you at risk. Thinking that a slow connection is the sole determinant of your value is naieve.

Re:Dial-up does not make you more secure

[CosmeticLobotamy]

It's not security through obscurity, it's security through inconsistent availability. But it only reduces your exposure to 20% or so, so it will just take you around 5 times longer to catch something, and we all know the stats on how long you can be connected with an unpatched system before you're screwed. 5 times that still ain't much.

So yes, it's a good idea to not be connected when you don't need to be connected, but it's a terrible idea to rely on it to protect you.

Re:Dial-up does not make you more secure

[eco2geek]

Exactly. A couple years ago, my brother, who had Win2K, who was on dialup, and wasn't running a firewall, somehow ended up with the Sasser worm on his computer.

It didn't matter that he's the kind of guy who's got cookies and scripting disabled in his browser, who never downloads warez or music, who's always careful of the software he puts on his computer, etc. In fact, about all he uses his dialup connection for is email. But that was enough.

These days, you need to install a software firewall -- one that can block both incoming and outgoing connections -- before you connect to the Internet.

Another point: With each new version of Windows, Microsoft implements more Un*x-like security features. (They have to be "turned on," though. Most people still log in with Administrator rights, which defeats the purpose.) Also, Windows XP SP2 even includes a half-assed firewall. But in Windows 98, your entire filesystem is open to anyone who hacks in.

Point is, using an older version of Windows is probably going to make you more vulnerable, not less.

Re:Dial-up does not make you more secure

[JeffSh]

i work for a software company that develops software for windows and the gui is tuned to people who only use the keyboard... and tabbing isn't necessary.

soo, windows software doesn't have to be that way; just bad windows software does.

Re:Dial-up does not make you more secure

[Chandon+Seldon]

The trick is that consumer NAT boxes open zero incoming ports by default. That's a signficant security increase for any unpatched Windows boxes involved (i.e. a fresh Windows XP sp1 is likely to survive the automatic updates to current security patches unhacked if behind a NAT, whereas unpached sp1 tends to get cracked in less than 10 minutes when connected directly to the internet in a broadband IP range)

Yikes

[denissmith]

Not connecting to the Internet at all is even safer than dial up, and not even having a computer practically guarantees that you won't get spyware and malware. And what good is that? Your friend's advice is ludicrous. Use proper security. Don't cruise the net as root, or the admin user on a windows box. If you have to use Windows as your OS get a real firewall product, hardware even better than software, don't run unnecessary services, don't use IE unless its for the MS site itself. Don't use Outlook. Keep your system patched. Avoid sites like the free game and pr0n sites that are forever infesting computers. Get a useful book on security. Keep proper backups so that you can recover if all else fails, then relax and enjoy the experience. The time you'll save will pay for most of your outlays.

Errr no

Being on the internet by itself is not a security hazard. Doing something stupid or using an insecure operating system/browser (cue IE/Windows jokes here) is insecure.

I use my router on my broadband connection as a firewall - works great. Even in Windows I have no problems.

BS

[dcapel]

That's equivalent to saying if you never leave your house you won't get mugged. Sure, its probably true, but if you take the proper cautions, you will probably avoid getting mugged, and, more importantly, you don't let fear control your life.

How can you not have spyware?

[mldkfa]

Do you know for a fact that you don't have spyware? I have seen many dialup connected computer with spyware and they didn't even know it. Broadband is better. Everyone can be secure if they just follow a few simple rules to surfing the web.

1) Don't download things unless you know what they do.
2) Get rid of IE
3) have a good virus scanner/spyware scanner

Staying on dialup is like saying that a bike is more reliable and therefore better than a car. Cars might break down every once in a while but if you need to get somewhere they're much better than bikes.

Re:How can you not have spyware?

[pyrotic]

A bike is "better" than a car. I'm not just counting reliability here, speed in my city for 4 wheeled traffic average is about 12 miles/hour, on a bike you can easily sustain 15, take shortcuts, etc. And don't get me started on parking, insurance and congestion charges in this crazy city (London). The one thing cars are good for is carrying heavy stuff. And navigating brain-dead highway interchanges. And running over pedestrians. And safe drink driving. OK, maybe cars are good for something.

Re:Oh dear god what a stupid idea/concept

[heavy+snowfall]

Let's take the question seriously for a moment, for fun.

Is there an argument for this? No.

You can simply unplug your net cable at night. So why be stuck with an expensive slow connection?

I think this ask slashdot question was a trolling experiment. :)

Broadband Plus OS X

[MadMacSkillz]

Broadband + OS X = Problem Solved. Oh NO, someone will mod my post DOWN and it will hurt my KARMA! Oh dear! Now I'll need to sleep with a nightlight.

Re:Broadband Plus OS X

[ninja_assault_kitten]

Broadband + = Problem Solved

Speaking as a Mac user and security researcher, your post is completely retarded.

1) OSX is no more or less inherently secure than Windows.
2) It's currently far more profitable for me to discover a flaw in MS than it is in OSX. Almost 10x more actually.

Buy a Mac

[MBCook]

Buy a Macintosh. You won't be a target for most of the threats out there, but you can still have dial-up. Same logic.

I agree with everyone else here. That may be technically true, but it's stupid. All you need is a firewall and a little common sense and you are practically invulnerable to most of the attacks out there.

Get broadband. Get a firewall. Enjoy.

Bin the dial-up

[Jaknet]

I fully agree with all the above advice and my 2p's (uk) worth is that at times you can be safer on broadband instead of dial-up. For example if you have a cable modem (dont know how it works on adsl so keeping quiet)then you have NO risk of some dodgy dialler software getting in and changing your dial-up number to a premium rate number because it's not connected to the phone line at all !!!

Enjoy the speed and "almost" always on. broadband

Pretty dumb infosec tips, time for a list?

[twigles]

Ok, I'm sick of seeing crappy advice confusing newcomers and normies. Here are some stupid tips to avoid taking seriously. I'll start it with this one.

1 - dumb. Use dial-up instead of Cable or DSL because being connected to the internet all the time is a security risk.
1 - smart. Go get Cable or DSL, your life will improve (barring bad service). If you want to nullify the increased threat from being constantly online, buy a router that does NAT for you. Now you aren't always connected, your router is, and it's providing statefull firewalling for you.

2 - dumb. Never run anything you want secure on Windows. Use Linux, or even better OpenBSD.
2 - smart. OpenBSD rocks on security, but if you have no bloody idea how to use it you'll do something dumb that will compromise security or, more likely, uptime. Use the OS you know how to configure, and learn how to configure is securely and properly. You can research new OSs from your now-secure platform.

Please, kind readers, add to this list.

Re:Pretty dumb infosec tips, time for a list?

[Cytlid]

3 - dumb. I'm totally secure because I have the latest patches, a firewall (two even!) and updated antivirus. And instead of using [IE|Windows], I use [Mac|Linux|*BSD|Firefox]
3 - smart. Modifying your habits, educating and empowering yourself (even just a little) will help. Having the right tools is only half of it.

    I've seen all too often people get confused by the fact they have tons of spyware/viruses/trojans on their system, yet have *no idea* how they got there. Yet when you dig deeper, you see twelve different filesharing programs, virus software updated (but disabled) and 258 porn sites in their history (from yesterday alone) where they clicked the banner that said "click here to get naked bodies for free!".

    People will often do on the internet what they won't do "in real life" because there's this false sense of obscurity, anonymnity and privacy. This equates to poor habits and poor security. There are places to get the things you're looking for without having to install viruses to get them. In reality, you wouldn't buy a car from a dealership none of your friends has ever heard of, out in the middle of nowhere, that you came across by chance, and had to give your singature fifty times... why is the Internet any different?

Dial up hijacking

[Mr.Ziggy]

You do have a risk that none of us on broadband have: Dial-up Hijacking. Malware on your computer changes your dial-up settings in Windows, and you end up dialing to a pay number in another country, and VERY expensive. Many people don't notice it, until you get your phone bill. You don't hear about dialers as much now, but they're still out there. Am I just showing my age? http://www.internetbasedmoms.com/articles2/modem-h ijacking.htm

That's a flawed argument

[DavidinAla]

That's like saying that if you don't drive a car, you won't have as many accidents as you would if you just ride a horse-drawn wagon and stay off of any road where cars might be. It's true that you're much less likely to be hurt that way, but you miss out on the benefits that make having a car (or some form of faster transportation) worthwhile. In the same way, you might not be "always on" to be attacked through your broadband connection, but you lose all of the benefits that come with having a high-speed connection. So unless you do nothing except text e-mail, the benefits of broadband should outweigh the risks, especially if you're smart enough to take simple precautions. Just nothing except my Mac's built-in firewall, I've never had any issues, and I've been on broadband for years.

David

Sound advice

[Hoturu]

This is sound advice, yes you increase your value to hackers by purchasing a high speed connection (valueable to them for the same reasons as to you) do some homework on computer security and you will be fine.

Re:You're not thinking big enough!

[Ididerus]

but your friend would download viruses and their ilk from the websites you are sending him to. virus corrupts the floppy and you install a trojan when you access the disk. this doesn't care what kind of connection you have, it contacts the creator who installs all you can eat malware.

Security through lack of reward.

[RingDev]

Why do people rob banks and not homeless people? Because there is money in the bank, but the homeless person is likely broke.

A dial up connections obviously can't put out the same load that a broad band connection can. So it would stand to reason that a zombie net creater would be less interested in the computer. But most zombie net creater's are trying to get a huge number of PCs over a wide region, so while your PC isn't is sweet as a Win 98 box on a 5 meg DSL line, it is still another zombie. and it would likely be harder for the creators to make a filter to ignore your machine.

Same for spy/adware. Your machine isn't the best, but it is another machine.

so this is not obscurity he was preaching, it was desirablility he was preaching, albeit incorrectly.

-Rick

Re:Security through lack of reward.

[Botty]

Yea but if I could click a button and rob 250,000+ homeless people in the span of an hour or two...

People forget most of this crap that infects PC's are automatic attacks. Some guy in a darkly lit basement doesnt connect to every IP manually to try to hack you, he writes scripts that blast out to tens of thousands of hosts.

You touched on this idea...but a lot of people seem to forget it.

Re:Crack my CPC-464!

[ettlz]

Ah 64k of RAM (48k of which was available to the user), that takes me back.

Remember Spindizzy, that isometric 3D game with all the different screens to explore? The whole map fit in 11 kiB.

They don't make them like they used to.

Re:Oh dear god what a stupid idea/concept

[ls+-la]

You could either switch to linux, or hibernate/shut down the computer whenever you're going to be gone for a while. The slow connection won't help much, if at all, since I think most viruses are relatively small.

Re:Oh dear god what a stupid idea/concept

[pablodiazgutierrez]

What happened to that good old technique I like to call "turning your computer off when not in use" (TM)? It surprising has some side benefits, like lowering your energy bill!!!

This is the dumbest thing evar

[gothzilla]

What kind of idiot thinks connection type has anything to do with infectability? A virus doesn't give a crap if it's traveling over fiber, dsl, cable, or phone lines. With broadband you can get 10 or 15 spyware programs and viruses and not see much of a dent in your overall speed. With dialup, just one or two infections will bring you down completely. If anything you'll be more likely to get infected since dialers can't affect broadband, only dialup. A nice $2,000 phone bill should be enough to convince anyone that dialup is not safer.
Maybe he thinks using dialup will protect him from cookies too.

Nothing about dialup is safer

[stuartkahler]

It's more difficult to get a hardware NAT router/firewall for your connection.
You're less likely to download the large security updates because of time it takes.
'Always on' isn't a requirement. You can turn off the router or modem just like you can disconnect on dialup. I know people who do this.
Most exploits are quite small, and won't take long at all to install on your machine, even on dialup.

I've had 3 machines on cable behind a $25 belkin NAT firewall/router for over 5 years. I run zone alarm on the machines while I'm web surfing. I use mozilla because they seem to be more responsive to security issues than microsoft. I'm pretty lazy about patching, and I still haven't gotten any viruses, worms or trojans.

That aint friendly advice

[mnmn]

Hope your friend is not your dial-up vendor too. If malware connections attempt to connect to your machine, your dial-up might be saturated with the crap being downloaded, while personal info is being uploaded. Dial-up does not make you secure simply because on the network level, its just machines with IPs out there, regardless of connection. I havent heard of a virus that depends on layer 1 or 2 vulnerabilities.

Don't Drive

[clambake]

If you drive a car, instead of walking, the chance of getting into a major road accident increases, and you'll never get carjacked when walking.

Basically, his advice is simply to stay behind, because these new-fangled new technologies require you to actually increase your realm of understanding to use properly. If you are on a high-speed line, you actually have to care a little bit more about security, oh my! By by that same token, if you just stuck with a manual typewriter, you could avoid the threat of viruses altogether.

Re:Oh dear god what a stupid idea/concept

[raduf]

      Ok, lots of people said this is a stupid ideea, that a net connection is a net connection and so on. Fact is, I worked at an ISP for about half of last year, and what happened to me happened to most ou out new clients: soon after getting connected, we were hit by baf stuff. Really hard. Why? Several reasons, as far as I can tell. First, the dial-up ISP usually tends to do a lot of firewalling on your behalf. Second, the connection (especially local one) beeing a lot faster, hits came a lot sooner and more often. And third there is a lot of bad stuff on the local ethernet connection which cannot be firewalled in any way by the ISP (us), even if they wanted to.

      Point is, I agree with what most people said: beeing on dial-up is not safe. However, getting a broadband connection is likely going to make things interesting in a very short time :)