Is Obsolescence Good Computer Security?

caesar-auf-nihil asks: "I was recently considering a switch from dial-up to something faster (either cable or DSL) but my friend recommended against it since he said I was more secure staying with Dial-Up. His argument was that my connection's slowness and 'not always on' connection gave me better security since I was less of a target for many security threats. Now, I have never gotten infected, nor do I believe my machine is infested with spyware and/or controlling programs as it runs fine, but I wonder if the obsolescence argument is really good or not. Does Dial-Up really protect you or is this a false sense of security and I should just go ahead and pick a faster service and make sure my firewall is a good one and my virus definitions are always up to date?"

Dial-up does not make you more secure

[darkpurpleblob]

It sounds like your friend is advocating a type of security through obscurity to me. Being on dial-up won't protect you. You should be using a firewall and have up to date virus definitions regardless of your type of connection to the internet.

Re:Dial-up does not make you more secure

[stevey]

Being on dial-up won't protect you

Being on dial-up might even be worse for your security, since most people who have only dial-up will ignore security updates. (Predictably enough, downloading large patches is more troublesome when you have a slow and infrequent network connection)

Re:Dial-up does not make you more secure

[rideaurocks]

You really have to think about the vectors of infection. With dial up you're less likely to be infected by a probe of your computer that's scanning for a vulnerability since, as you said, it's not an always-on connection.

But is that really how you get virii & spyware? I think not. The same access points are still there. A website that installs spyware thu activex doesn't care that you're on dial up. The trojan in the warez you (patiently) downloaded doesn't care either. Accessing the Internet puts you at risk. Thinking that a slow connection is the sole determinant of your value is naieve.

Re:Dial-up does not make you more secure

[Glonoinha]

Not to mention you can't exactly throw a Linksys router (hardware firewall) inbetween you and the wall when you are on dialup.
This is about like having sex without a condom and thinking 'well she is a little slow, so she probably doesn't have any diseases.'

Re:Dial-up does not make you more secure

[Shakrai]

Not to mention you can't exactly throw a Linksys router (hardware firewall) inbetween you and the wall when you are on dialup.

Perhaps you've never seen one of these.

We used to sell them to customers too far out in the sticks to get anything but dialup but whom wanted extra security or the ability to network multiple machines. We even had an entire office once that did all of their billing to an AS/400 via a dialup. It was all terminal based so the dialup worked just fine. At peak hours they had 11 people all doing billing at the same time. And you know what's really sad? They could do it faster on that terminal system then any GUI that has come since.

Ditto when I worked in the insurance field. We absoletely hated the new version of our agency management system when they moved to Windows. When will interface designers learn that it's faster if you don't have to take your hands off the keyboard every three seconds?

Re:Dial-up does not make you more secure

[Shakrai]

Generally speaking, sharing any connection is best achieved with an external router and not via a computer. That way if your Gentoo machine falls over or you need to reboot, it won't take out the connection for everyone else. YMMV.

Generally speaking, sharing a connection with Linux will give you useful hands on experience with iptables and it's a million times more flexable then any hardware router and about $60 cheaper.

Re:Dial-up does not make you more secure

[JeffSh]

i work for a software company that develops software for windows and the gui is tuned to people who only use the keyboard... and tabbing isn't necessary.

soo, windows software doesn't have to be that way; just bad windows software does.

Re:Dial-up does not make you more secure

[innosent]

In a home environment, this is likely not a real problem. In a business environment, anything beyond about 15 active users is usually too much for a Linksys-type router, since the processor and memory capabilities of these are usually pretty low. I think Netgear has a few for small/medium businesses, but if all you want is a NAT box, Linux/*BSD work quite well on some pretty low-end hardware. 100 users on a DSL/Cable circuit could be handled by an old Pentium 133 picked up on eBay for $25. At work, we have a FreeBSD box (though on a much faster Opteron 244) doing NAT, firewalling, monitoring, load balancing, and intrusion detection for 2 Gigabit segments, 3 T1s, and a Frame Relay circuit. On average, this box is at 0.4% CPU utilization when you aren't actively monitoring something.

Re:Dial-up does not make you more secure

[Shakrai]

Now THAT is good advice! Best buddy stole my router forcing me to turn my under used linux machine into a router/firewall.... I am twice the tech I was (now i canplay minesweeper AND manipulate text based routing tables)

Well, if you can play minesweeper you are well on your way to a MCSE certification :)

*duck*

Re:Dial-up does not make you more secure

[mkosmo]

Downloading the tools to correct a worm or virus you get also take longer, leaving your machine more vulnerable while you are online longer retrieving the tool to fix the worm. Also as mentioned, dial up users are natively discouraged from updating their systems since updates (win-doze, anti-virus, up2date, yum, etc..) are larger files designed for broadband users, meaning they are much wider open, and will be wider open for a longer period while they are online.

Yikes

[denissmith]

Not connecting to the Internet at all is even safer than dial up, and not even having a computer practically guarantees that you won't get spyware and malware. And what good is that? Your friend's advice is ludicrous. Use proper security. Don't cruise the net as root, or the admin user on a windows box. If you have to use Windows as your OS get a real firewall product, hardware even better than software, don't run unnecessary services, don't use IE unless its for the MS site itself. Don't use Outlook. Keep your system patched. Avoid sites like the free game and pr0n sites that are forever infesting computers. Get a useful book on security. Keep proper backups so that you can recover if all else fails, then relax and enjoy the experience. The time you'll save will pay for most of your outlays.

Re:Yikes

[Stan+Vassilev]

"Don't cruise the net as root, or the admin user on a windows box. If you have to use Windows as your OS get a real firewall product, hardware even better than software, don't run unnecessary services, don't use IE unless its for the MS site itself. Don't use Outlook. Keep your system patched. Avoid sites like the free game and pr0n sites that are forever infesting computers. Get a useful book on security. Keep proper backups so that you can recover if all else fails"

Dude, wow, wow, wow... Is all this supposed to make him switch to broadband with an easier mind?

You don't need to freak him out. All this can be said in a much simpler fashion:

- Leave autoupdates on your windows ON, it'll take care of itself
- Download and install : ZoneAlarm for your firewall, and AVG Free for antivirus. Both free, user friendly and do their job.
- Download and install Firefox for your browsing needs.

And dial-up is indeed fake sense of security, so there.

That's

Not true

[republican+gourd]

Its only true in the way that you will be mugged less if you walk naked down one back alley every night instead of twenty. Go ahead and get the faster connection, and get a hardware device (nat box at least, a real firewall would be better though) between you and your uplink line, and you'll be better off than you were before. You can't do that (using common hardware) with your modem in the first place.

Re:Not true

[Planesdragon]

How exactly are you going ot be mugged if you're naked?

"Give me your wallet!"

"What wallet?"

Simple answer, no

[jolyonr]

No, is the simple answer.

You could get hit by a worm just as easily - they attack by IP address and are indescriminate about where they attack - they don't care how fast your connection is.

As for spyware and the rest, if you're using a slower net then probability is that you'll browse less and be subjected to less risk, but in general the argument used is complete and utter rubbish - there's no additional security to be gained by dialup.

Jolyon

You're not thinking big enough!

[hoggoth]

Why go for slightly better security when you can go all the way?!
Forget dial-up. Hand floppies to your friends with instructions on what web pages you'd like to browse. They will return the floppies to you with the pages. You will be extremely secure from viruses... much better than dial-up. Think of it like Netflix for the web.

Odd Question

[XMilkProject]

Not quite sure how this question made its way to slashdot, since it seems sort of self-explanatory, but I suppose we can elaborate.

In short, I suppose you would be more secure on dial-up. Less data moving around, less access to situations which may be a threat, less up-time, etc.

That being said, most of the world is already using an always-on connection, and the vast majority of them manage just fine. It's not a daunting task to configure a setup that will secure your home computer to a suitable degree. Just your ordinary broadband router should include a firewall that should be sufficient, and the Windows firewall is also likely sufficient.

If you aren't an expert on setting up your network, then just find one of your more tech-savvy friends (not the one that told you to stay on dialup!) and have them check your router/firewall configuration. There are also websites you can visit (Symantec?) that will perform a check on various ports for basic vulnerabilities.

How can you not have spyware?

[mldkfa]

Do you know for a fact that you don't have spyware? I have seen many dialup connected computer with spyware and they didn't even know it. Broadband is better. Everyone can be secure if they just follow a few simple rules to surfing the web.

1) Don't download things unless you know what they do.
2) Get rid of IE
3) have a good virus scanner/spyware scanner

Staying on dialup is like saying that a bike is more reliable and therefore better than a car. Cars might break down every once in a while but if you need to get somewhere they're much better than bikes.

Re:How can you not have spyware?

[pyrotic]

A bike is "better" than a car. I'm not just counting reliability here, speed in my city for 4 wheeled traffic average is about 12 miles/hour, on a bike you can easily sustain 15, take shortcuts, etc. And don't get me started on parking, insurance and congestion charges in this crazy city (London). The one thing cars are good for is carrying heavy stuff. And navigating brain-dead highway interchanges. And running over pedestrians. And safe drink driving. OK, maybe cars are good for something.

Dial Up much more secure...

[MosesJones]

Its much more secure if you personally just dialup and squark and squeek at the handset processing all of the information yourself, you can't do this with DSL because its a digitial line so you can't hear what it is saying properly. Personally this form of internet communication, while a little slow (around 2 baud) has never resulted in any security problems.

In summary

Your friend is a muppet, probably Fozzy, potentially Gonzo.

Re:Oh dear god what a stupid idea/concept

[heavy+snowfall]

Let's take the question seriously for a moment, for fun.

Is there an argument for this? No.

You can simply unplug your net cable at night. So why be stuck with an expensive slow connection?

I think this ask slashdot question was a trolling experiment. :)

Broadband Plus OS X

[MadMacSkillz]

Broadband + OS X = Problem Solved. Oh NO, someone will mod my post DOWN and it will hurt my KARMA! Oh dear! Now I'll need to sleep with a nightlight.

Re:Broadband Plus OS X

[ninja_assault_kitten]

Broadband + = Problem Solved

Speaking as a Mac user and security researcher, your post is completely retarded.

1) OSX is no more or less inherently secure than Windows.
2) It's currently far more profitable for me to discover a flaw in MS than it is in OSX. Almost 10x more actually.

Bin the dial-up

[Jaknet]

I fully agree with all the above advice and my 2p's (uk) worth is that at times you can be safer on broadband instead of dial-up. For example if you have a cable modem (dont know how it works on adsl so keeping quiet)then you have NO risk of some dodgy dialler software getting in and changing your dial-up number to a premium rate number because it's not connected to the phone line at all !!!

Enjoy the speed and "almost" always on. broadband

Dial up hijacking

[Mr.Ziggy]

You do have a risk that none of us on broadband have: Dial-up Hijacking. Malware on your computer changes your dial-up settings in Windows, and you end up dialing to a pay number in another country, and VERY expensive. Many people don't notice it, until you get your phone bill. You don't hear about dialers as much now, but they're still out there. Am I just showing my age? http://www.internetbasedmoms.com/articles2/modem-h ijacking.htm

Yeah it totally works

[Feanturi]

But you can't stop with just dialup. You have to use MSDOS 2.0, and get yourself a good ansi term program to connect to a dialup that gives you telnet, ftp, nn, lynx, pine, etc. Use a 300 baud modem for maximum attack-throttling also.

Crack my CPC-464!

[ettlz]

No-one's gonna be able to hack into my old Amstrad, ha-ha-ha! Stick that in your pipe and smoke it, you OpenBSD pretenders!

Re:Crack my CPC-464!

[ettlz]

Ah 64k of RAM (48k of which was available to the user), that takes me back.

Remember Spindizzy, that isometric 3D game with all the different screens to explore? The whole map fit in 11 kiB.

They don't make them like they used to.

Security through lack of reward.

[RingDev]

Why do people rob banks and not homeless people? Because there is money in the bank, but the homeless person is likely broke.

A dial up connections obviously can't put out the same load that a broad band connection can. So it would stand to reason that a zombie net creater would be less interested in the computer. But most zombie net creater's are trying to get a huge number of PCs over a wide region, so while your PC isn't is sweet as a Win 98 box on a 5 meg DSL line, it is still another zombie. and it would likely be harder for the creators to make a filter to ignore your machine.

Same for spy/adware. Your machine isn't the best, but it is another machine.

so this is not obscurity he was preaching, it was desirablility he was preaching, albeit incorrectly.

-Rick

Re:Security through lack of reward.

[lobsterGun]

That is some dangerous and irresponsible advice. Do not allow yourself to believe for an instant that you are below the radar of a zombie master.

The zombie masters don't give two shits about the size of your connection. They do is to release their infections into the wild and will add any and all to their zombie horde. Whether you are blessed with a 5 meg DSL, or have the misfortune of sitting on a 26k dialup connction is unimportant to them. The infection of you machine will be accomplished through an automated process that doesn't care about how you are connected to the internet.

I speak from personal experience. I thought exactly as you did, and my box was infected within a week of getting a dialup connection. I didn't think I'd need that firewall for a piddly 28.8k dialup line that was only going to be used to check email until the broadband was installed. When I finally got the box cleaned and back on line with a firewall, I logged over 300 intrusion attempts in the first hour.

Re:Oh dear god what a stupid idea/concept

[Jezza]

I've heard this argument before (no really). On the face of it, it has something going for it - OK, now why is it wrong?

Well if the PC isn't connected, it can't download updates to Windows (patches) and its Anti-Virus/Firewall/Anti-Spam etc. So when it is connected it will probably be a poor position security wise. From a practical perspective has anyone tryed to keep a PC "all patched up" over dial-up? Takes forever to download the patches, it isn't actually practical. So no, getting proper security utilities in place (and setting them up correctly) then connecting via ADSL (or similar) will probably improve the security. One tip though - don't get your friend to set it up. ;-)

Not any safer

[sqlrob]

After I switched my father to Linux, I kept an eye on the logs.

Time from dial up connection to blaster hit: 8 seconds
Time from dial up connection to Nimda Hit: Two and a half minutes

So no, it's not safer.

Obscurity through Wikipedia

[fm6]

Lately, we've seen a lot of people employing catch phrases and jargon incorrectly, and I'm convinced that these people base their misunderstanding on muddled explanations in Wikipedia. The article you point to is technically correct, but it's full of convoluted arguments and trivia. No wonder you got the concept wrong.

(The one I'm getting pretty tired of is "ad hominem", which many people seem to think is Latin for "You hurt my feelings!")

Briefly put, Security Through Obscurity is the assumption that your security holes will not be found because they're in a place few people will think to look. That strategy was never a good one, but it used to be more effective than it is now. Back in the 50s, when few computers were online the effectiveness of STO was merely unacceptable. Nowadays, the effectiveness of STO is pretty much non-existant — as long as the computer is online.

Now a computer using dialup is less hackable than one using DSL, because it's not always available, and because it's harder to probe when it is. The difference has nothing to do with "obscurity" — there's just less bandwidth for a hacker to play with.

Of course, a dialup connection when no security measures is still pretty fucking dangerous. But you're wrong to claim that there's no difference at all.

Re:Oh dear god what a stupid idea/concept

[pablodiazgutierrez]

What happened to that good old technique I like to call "turning your computer off when not in use" (TM)? It surprising has some side benefits, like lowering your energy bill!!!

Re:Oh dear god what a stupid idea/concept

So you're the fucker who turned the net off last night.