Slashdot Mirror
PEBKAC Still Plagues PC Security
Billosaur writes "ARS Technica is reporting on a study release by McAfee and the National Cyber Security Alliance (as part of the beginning of National Cyber Security Awareness Month) that suggests when it comes to PC security, the problem between the keyboard and the chair is even worse. PEBKAC has always been a problem, but the study highlights just how prevalent it has become. 87 percent of the users contacted said they used anti-virus software, while 70 percent use anti-spyware software. Fewer (64 percent) reported having their firewalls turned on, and only 27 percent use software designed to stop phishing attempts. Researchers were allowed to scan the computers of a subset of the users, and while 70 percent claimed to be using anti-spyware software, only 55 percent of the machines of those users scanned showed evidence of the software."
I use Avast free home edition anti-virus program and that's it. No firewall (and I turn off the "firewall" that comes with XP) and no anti-spyware programs. And in more than 3 years I have had zero malware of any sort on my computers running XP.
The secret of my success is that I also don't use Internet Explorer (except for the Windows Update website, cause Microsoft makes me). That one step protects me from >95% of the malware. The other 5% is handled by Avast and Firefox. And I don't download and install "free" programs and games.
Boycott Internet Explorer (and all of the loss of security, privacy, and control of your own computer that goes with it), use Firefox and a good anti-virus program, and don't do stupid things on the net and you're golden.
The NSA: The only part of the US government that actually listens.
Nothing is ever, EVER going to be idiot-proof.
Because idiots are both highly prolific and highly creative.
Unless the world standardizes on a single platform, and never, EVER changes it again, this is always going to happen.
It's a matter of "that's not how I learned it" or "I never learned it", and they wind up making the systems do things they aren't supposed to.
It does, however, go to show you that even hordes of security professionals can't be collectively omniscient.
As always, "security" is a PROCESS, not an endpoint, not a product.
Chas - The one, the only.
THANK GOD!!!
So let's see, it's not software that is broken and buggy, but rather the problem is the users that 'inadequately' act as an insanely complex added layer of security, managing a bunch of brain-numbingly-unrewarding security layers.
/etc/selinux/....)
This article reeks to me of a security industry that is proactively trying to cover its ass, primarily because of the fact that the only reason they thrive is because microsoft 'needs' to keep it's source closed, and the public 'needs' an illusion of security.
Sorry, but I've recently gone through about my 5th runaround of giving selinux-Enforcing an honest try, and realizing yet again what an utter pile of useless shit it is (for the vast majority of Fedora users at least). (review my past comments which I won't argue over again... or just laugh as setroubleshootd tells you how the solution to your problem is to reboot and force a relabel... pulling in hardcoded path state from
Wake up and smell the insecurity folks and get used to it. Don't say anything within earshot of a mobile phone's mic that you wouldn't feel comfortable with any telecom employee overhearing... or anyone those employees might give network access to...
It's a brave new world. Don't give me this shit that the users are to blame.
Yeah, and there could be a huge Linux virus epidemic. Its just stealthy enough that its not being detected! Seriously, its become standard to retort to claims of malware free with Windows with "Nuh uh! You probably just don't know you have it!" which is stupid if only for the reason that such a claim isn't reasonably falsifiable. I know that a lot of malware is designed to be stealthy, but a lot of computer professionals know how to root this stuff out, and theres no reason to think that the grandparent is not capable of detecting it.
I've never been infected by malware. And I have confirmed this every time I've been challenged on that point. Doesn't stop people comming out and saying that I really am infected, I just can't detect it.
This Slashvertisement rates a 4.2 out of 5.
It caused many readers to wonder, "if McAfee has an all-in-one package that can handle all my anti-spyware, firewall, anti-virus and phishing needs?". However, McAfee was unable to get the actual product it was trying to pitch in its press release on Slashdot.
Well done (though not perfect) - another high-five to my those PR pros!
Problem in Chair, Not In Computer. PICNIC.
That's the phrase I heard used to describe this condition.
Here here.
In WWII, they had frequent aircraft crashes caused by pilots landing with the gear up.
They consistently attributed these accidents to "pilot error".
Then somebody took a look at the design of the cockpit, and realized that it wasn't designed in a way that would make it immediately obvious to a pilot whether or not the gear was up or down. When the cockpit was re-designed, the high rate of 'gear up' landings evaporated.
In other words, the designers were blaming the users for a design flaw. Happens all the time in the software industry these days.
I'm not saying that PEBKAC errors don't happen, or that idiots don't do stupid things. But I suspect that a large slice of the cases we classify as "user error" should really be called design error.
The plural form of "anecdote" is "anecdotes", not "evidence".