Slashdot Mirror
Is Obsolescence Good Computer Security?
caesar-auf-nihil asks: "I was recently considering a switch from dial-up to something faster (either cable or DSL) but my friend recommended against it since he said I was more secure staying with Dial-Up. His argument was that my connection's slowness and 'not always on' connection gave me better security since I was less of a target for many security threats. Now, I have never gotten infected, nor do I believe my machine is infested with spyware and/or controlling programs as it runs fine, but I wonder if the obsolescence argument is really good or not. Does Dial-Up really protect you or is this a false sense of security and I should just go ahead and pick a faster service and make sure my firewall is a good one and my virus definitions are always up to date?"
Not connecting to the Internet at all is even safer than dial up, and not even having a computer practically guarantees that you won't get spyware and malware. And what good is that? Your friend's advice is ludicrous. Use proper security. Don't cruise the net as root, or the admin user on a windows box. If you have to use Windows as your OS get a real firewall product, hardware even better than software, don't run unnecessary services, don't use IE unless its for the MS site itself. Don't use Outlook. Keep your system patched. Avoid sites like the free game and pr0n sites that are forever infesting computers. Get a useful book on security. Keep proper backups so that you can recover if all else fails, then relax and enjoy the experience. The time you'll save will pay for most of your outlays.
I have nothing to hide. So, why are you spying on me?
Its only true in the way that you will be mugged less if you walk naked down one back alley every night instead of twenty. Go ahead and get the faster connection, and get a hardware device (nat box at least, a real firewall would be better though) between you and your uplink line, and you'll be better off than you were before. You can't do that (using common hardware) with your modem in the first place.
Not quite sure how this question made its way to slashdot, since it seems sort of self-explanatory, but I suppose we can elaborate.
In short, I suppose you would be more secure on dial-up. Less data moving around, less access to situations which may be a threat, less up-time, etc.
That being said, most of the world is already using an always-on connection, and the vast majority of them manage just fine. It's not a daunting task to configure a setup that will secure your home computer to a suitable degree. Just your ordinary broadband router should include a firewall that should be sufficient, and the Windows firewall is also likely sufficient.
If you aren't an expert on setting up your network, then just find one of your more tech-savvy friends (not the one that told you to stay on dialup!) and have them check your router/firewall configuration. There are also websites you can visit (Symantec?) that will perform a check on various ports for basic vulnerabilities.
Big ones, small ones, some as big as yer 'ead!
Give 'em a twist, a flick o' the wrist...
Being on dial-up might even be worse for your security, since most people who have only dial-up will ignore security updates. (Predictably enough, downloading large patches is more troublesome when you have a slow and infrequent network connection)
You really have to think about the vectors of infection. With dial up you're less likely to be infected by a probe of your computer that's scanning for a vulnerability since, as you said, it's not an always-on connection.
But is that really how you get virii & spyware? I think not. The same access points are still there. A website that installs spyware thu activex doesn't care that you're on dial up. The trojan in the warez you (patiently) downloaded doesn't care either. Accessing the Internet puts you at risk. Thinking that a slow connection is the sole determinant of your value is naieve.
You do have a risk that none of us on broadband have: Dial-up Hijacking. Malware on your computer changes your dial-up settings in Windows, and you end up dialing to a pay number in another country, and VERY expensive. Many people don't notice it, until you get your phone bill. You don't hear about dialers as much now, but they're still out there. Am I just showing my age? http://www.internetbasedmoms.com/articles2/modem-h ijacking.htm
Not to mention you can't exactly throw a Linksys router (hardware firewall) inbetween you and the wall when you are on dialup.
Perhaps you've never seen one of these.
We used to sell them to customers too far out in the sticks to get anything but dialup but whom wanted extra security or the ability to network multiple machines. We even had an entire office once that did all of their billing to an AS/400 via a dialup. It was all terminal based so the dialup worked just fine. At peak hours they had 11 people all doing billing at the same time. And you know what's really sad? They could do it faster on that terminal system then any GUI that has come since.
Ditto when I worked in the insurance field. We absoletely hated the new version of our agency management system when they moved to Windows. When will interface designers learn that it's faster if you don't have to take your hands off the keyboard every three seconds?
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
In a home environment, this is likely not a real problem. In a business environment, anything beyond about 15 active users is usually too much for a Linksys-type router, since the processor and memory capabilities of these are usually pretty low. I think Netgear has a few for small/medium businesses, but if all you want is a NAT box, Linux/*BSD work quite well on some pretty low-end hardware. 100 users on a DSL/Cable circuit could be handled by an old Pentium 133 picked up on eBay for $25. At work, we have a FreeBSD box (though on a much faster Opteron 244) doing NAT, firewalling, monitoring, load balancing, and intrusion detection for 2 Gigabit segments, 3 T1s, and a Frame Relay circuit. On average, this box is at 0.4% CPU utilization when you aren't actively monitoring something.
--That's the point of being root, you can do anything you want, even if it's stupid.