Slashdot Mirror
Most In US Have False Sense of Online Security
BaCa sends along a link from Net-Security on a study of attitudes among Americans about the security of their PCs, versus their actual vulnerability. "More than half of computer users who think they are protected against online threats like spyware, viruses, and hackers actually have inadequate or no online protection, according to an independent research study conducted for Verizon... While 92 percent of participants thought they were safe, the scans revealed that 59 percent were actually vulnerable to a variety of online dangers. Ninety-four percent of those surveyed said they would find it helpful to be able to diagnose or check their online security status on a regular basis to make sure their PCs were safe."
Even after meeting online criminals in person, they still tried to rip me off. Fortunately, I tracked them down and got them. Stolen and Recovered 1949 Chevy Saga
Look, my Windows machines auto-update themselves, and I have AVG running, which also updates itself. I have a firewall downstream of my modem and upstream of every other machine on the network.
What else can I do?
My wife is constantly playing and downloading games from the internet. No doubt she is polluting machines on our network.
Basically my approach to security on my home machines is I wipe them and rebuild them every 6 months or so, in case there is some hidden malware on there that has turned my machine into a zombie.
What I would really like is a "smart firewall" I could buy and put in place of my current firewall. This device would monitor all network traffic going in and out of my house, and it would stop the bad things from going through. It could even be a service whereby the device is managed by some security firm and I pay them to protect my network through this device.
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
But then you have the problems of
(a) who do they trust to do it. Part of the reason for this problem is that the user is too trusting, and will download/run anything properly "padded" with the right context. What's to keep them from trusting Joes Bot Shop for their security?
(b) when they do need something setup/installed quickly, it could be problematic for them to wait for the person/people in charge of security.
(c) the extra cost if they don't have family/friends who are sufficiently competant and have the time?
While taking it out of their hands might be a good idea, it might also not be feasable.
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
*GASP* I thought AOL was keeping us all safe online!
The game.
Spyware removal is flawed, the focus should be on preventing it getting there in the first place.
Same with viruses.
The big problem is that people believe the hype..
"Windows $version is the most secure windows ever!"
"$program makes your machine secure"
Rather than being vigilant, they believe the hype around some product claiming to take away all the security risks.
End users really need managed workstations, managed by people who know what they're doing.
Or perhaps kiosk style systems for browsing, booted from non writable media, perhaps with a writable memory card to store your personal settings (with no ability to execute anything on the memory card).
Someone should do that, create a standard for a bootable CD/DVD, which loads settings from a removable media device (usb stick, memory card etc) but strictly prevents any code being executed (mount the removable device noexec?).
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
False Sense of Security Day
It would be on the anniversary of the signing of the patriot act.
So many political jokes to make about this...so little time to post them all
What?
That's my point. Security should be something that is taken out of the hands of the average user. They shouldn't be expected to become security experts. They should be taught how to be a little more web-savvy. I hear a commercial all the time on the radio in NYC for CyberStreetSmart.org, which is run by the New York Public Interest Research Group (NYPIRG), trying to do just that. The commercial is compelling because they say (paraphrasing) "If someone came up to you on the street and said they had a million dollars to give you and all you had to do is give them $1000 to get it, you'd laugh at them, but on-line, most people don't think twice." That's why security has to be built-in rather than added-on: the average user has been sold the idea that the Internet is magic. They don't apply the same rules to information there that they would to things that happen to them directly.
GetOuttaMySpace - The Anti-Social Network
I have kids who use my systems. They run under normal accounts (The biggest security advantage of Vista is that normal accounts run well, unlike XP) and hence can mess up their own accounts, but are not so likely to mess up my account.
User accounts can perform DOS's and network attacks against other systems every bit as easily as administrator accounts, but it is easier for administrative tools to monitor the behavior of user accounts than it is for these tools to monitor the action of things running as system.