Slashdot Mirror
Unsticking Yourself From Your Security Application
Ant writes "In Scott Dunn's Windows Secrets, he describes his informal tests of well-known computer security vendors when it comes to subscriptions and renewals. These days, most antivirus and other security products come with a subscription to update your virus definitions. He also explains ways to opt-out, users' comments, etc.
Seen in EGeezer's Broadband/DSL Reports security forum thread. Always read those end user license agreements (EULAs)."
Nice work staying consistent by installing ZoneAlarm!
It's a fine policy, but let's just say I wouldn't recommend it to my parents...
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
He also explains ways to opt-out
This is quite sad if he has to explain it. And those are the same companies that wine that Vista may make their products unnecessary, so how about leaving a hole here and there.
I would think blindly following a "install no security software" rule would be just as bad as blindly running all of it.
--- Justin Dearing http://www.justaprogrammer.net/ We're just programmers.
But perhaps most importantly, I'm really, really careful about opening email attachments and what web sites I go to.
So abstinence works for you. But that's certainly not for everyone. If you fuck around, you better use rubbers and do regular health checks.
That might work for you, but you're a minority in that.
The majority of people aren't that tech-savvy, and just click on every button, link, and attachment they can get their hands on. Installing a system like that for my folks would get them infected before they can say "wha?". The last time I reinstalled their pc, they had been infected with about 20 virusses, on 1000+ files, with updated symantec virusscanner and firewall installed.
Never underestimate the ingenuity of human stupidity. Most of the people still don't understand crap of computers. My neighbur upstairs hadn't even heard about virusscanning when I asked her while fixing a problem.
If all people would follow your advice, we'd be in our necks with botnets before _we_ can say "wha?"
Manuals are your last resort only
I wouldn't consider myself mis-led by any of these products, and actually would have assumed that when I purchase a "subscription" it will be renewed annually using my credit card information.
Most absurd though was the author's complaint that he wasn't immediately offered an option to suspend the use of his credit card info for renewals, but still have the service remain live.
Lord folks, do we really need to go this far to find something to complain about?
Three Squirrels
I use Ubuntu. Most of that stuff (or equivalent) is installed by default or a quick apt-get install (I actually use Synaptic, but whatever) away.
I also don't have to worry about a virus scanner or anti-adware stuff (well, I do get Adblock Plus and NoScript). Thus, I don't have to worry about subscriptions or similar.
Even if I do sometimes have problems, it still takes less time then downloading and installing all those individual components and getting them in the correct place, and fixing the "Start" menu placings and so on.
On the topic of virus checkers, I read a while ago (and can't find again...) about one of the first. It didn't have any of this subscription crap, when installed, it simply took a snapshot of the file system and complained if anything changed. How fucking hard is it to do that now?
To maintain backwards compatibility, MS Windows could have "fake" C:\Windows directories for each program that required it (or run them all in a Win9X jail or something).
Bah, even I could design a secure operating system. Programs shouldn't be able to modify other programs.
I wank in the shower.
I bought my parents a pair of mountain bikes. They ride the paved trails in my town and have never had any problems. Not even a flat tire. No bent rims, skinned knees at all. The bikes I got them were low end $300 models with no shocks or anything. They do, after encouragement, wear there helmets.
My nephew, on the hand, spent $2200 on his fully loaded rider complete with front and rear shocks. He also invested in a high end helment, gloves and other top notch equipment. He has bent at least 3 rims and broken a shock. He even dislocated his shoulder last October. Flat tires are such a common theme that he brings extra tubes and a pump with him on his rides!
Just like your analogy, someone who actually uses a toy with reckless abandon has problem. Someone who "rides the paved path" does so safely. This works with computers too. You ride the downhill dirt trails and execute jumps you may have more problems. Simple really.
If you need additional software to deny your applications socket connections to the internet, you've got a compromised system on your hands. Running at the software level, these "firewalls" are susceptible to being subverted by the same software you're trying to stop.
I mostly use software licensed under the GNU General Public License, so I don't have to read EULA's and stuff.
It is 2007.
Virtually every company out there has a website, some means of emailing its staff, and where they provide a service to the general public, a published telephone number to contact them. These "automatic subscription" security services are a prime example.
Why, then, is it quicker and easier to write a letter to the head office to get something done?
I can dash out a letter saying "thanks for the service, now please cancel it" in 10 minutes. I can get it stamped and posted in another 10-15 minutes. That's 25 minutes, after which I don't have to worry any more. If I really think the company I'm sending the letter to is going to try and screw me, I send it recorded delivery and I then have proof of receipt once they get it.
Compare this with spending 20 minutes on hold being told that "my call is important", 10 minutes explaining that I want to cancel to some call centre drone who's not allowed to deviate from their script (and whose script doesn't include a "Customer wishes to cancel" section), another 10 minutes on hold after my call is transferred to the "right department", the line being cut off as soon as it's answered, then calling up again to spend another 20 minutes on hold before finally giving up.
Alternatively, email them (or use the form on the website). Of course, the form offers a drop-down to select which department to send the message to, but it's not clear which department you need to cancel so you send it and hope for the best - much the same as you did when you pressed 3 for customer services with the call centre. Only instead of waiting on hold for 20 minutes you wait for 3 days only to get a reply saying "you've emailed the wrong department". If you're lucky, they have the good grace to forward your email to the right department, which then completely ignores your email. You're pretty certain the right person's got it, but you've got no hard receipt and blaming the technology is so easy these days that nobody will bat an eyelid if someone claims "not to have received" your email. Certainly pointing out that emails seldom just disappear into computer land never to be seen again won't help you.
Of course antivirus software keeps us safe. You must be one of those conspiracy theorists that doesn't understand how the current incumbent keeps us safe from terrorism.