Are the Days of Individual Security Over?

angry tapir writes "People solely relying on patching and upgrades are lulling themselves into a false sense of security, and individual protection is no longer sufficient in the age of multi-vector attacks, according to the president of the Australian Internet Industry Association. According to AIIA's Peter Coroneos, vendors need to intervene at the network level and provide security tools at multiple levels to help secure people from the variety of threats that are emerging."

Oh and by the way.....

[cpu6502]

"After you secure your network Mr. ISP, remember to filter out these websites." (hands over blacklist including playboy.com, domai.com, etc)

Re:Oh and by the way.....

[Excelcior]

Oh yeah, and don't forget www.somefringepoliticalview.com, and while we're at it, www.theopposingpoliticalparty.com, and hey, I've heard that religious teachings are bad for kids, so how about www.christianity.com and www.jewish.com....

"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." - one of the best quotes ever, from Benjamin Franklin, 1775.

Re:Oh and by the way.....

[GooberToo]

That's completely untrue despite being a common lie to justify modern alcohol taboos.

Wines were cut when served. The strength of the uncut wine was extremely dependent on the degree of delusion at the time of serving. The uncut wine was stronger than common table wines today. The cut wine was commonly stronger than your typical modern beer. Realistically, wine served then commonly had the alcohol content somewhere between modern beer and modern table wines.

Furthermore, as you can read in my post below, its believed one of the reasons Jesus was asked to create more wine is because they were not properly cutting the wine for the guests, making it extra potent.

Furthermore, it is well understood, the more drinks one had, traditionally, the less cut and therefore more potent the drink. This is because wines then had strong flavors of tar and pitch and cutting made it less offensive. But once had had become joyful, the need to cut the drink became substantially reduced. Such things don't happen, if as you suggest, intoxication is all but impossible.

There is what is commonly taught and widely believed from churches, and then there is the truth...

More weasel words?

[TaoPhoenix]

Rule for the modern world.
1. Assume malice. Once you determine there's no malice, you can go back to your normal discussion.

"need to intervene at the network level and provide security tools at multiple levels to help secure people from the variety of threats that are emerging". That's one of the better ones lately. Ask yourself: what are these security tools capable of doing *besides* stopping viruses?

Re:More weasel words?

[andrea.sartori]

Ask yourself: what are these security tools capable of doing *besides* stopping viruses?

Exactly. And yet they can give a user a false sense of security, so I dare say "security provided by ISPs" could even be part of the problem.
Have the days of individual security ever begun by the way? People "solely relying on patching and upgrades" were always lulling themselves etc., just not for the reasons suggested by Mr Moroneos: and not necessarily for Windows only (one word: rootkits), although it heroically stands as the most exploited target. Some of the worst threats are still represented by bad password policies -- or no password policies at all -- and vulnerability to social engineering. 15 years ago it was not called that, but there were examples in the wild back then. (What I recall on the fly is ILoveYou, but I'm sure somebody less lazy than me can come out with other examples from 1995-ish.) Some people will click the wrong link, open the wrong messages, etc.: ISPs cannot correct people's behaviour, unless in the horrific ways we can all imagine (see several of the comments here.)
Or is there something in TFA I didn't get? I confess the word "cloud" repeated every other line gave me a hard time understanding what the hell he was talking about.

Re:More weasel words?

[CastrTroy]

Individual security is the only way. That is, taking individual responsibility for your own security, of your own systems. I haven't had a virus in a very long time, and it's because I don't do stupid things. A vast majority of people who have problems with security have problems because of their own incompetence, and their own misunderstanding of the situation. And that not only goes for people, but for organizations as well.

Great Firewall v2

[Ltap]

Seems like another argument to take responsibility away from individual users. I'm sure it involves filtering domains that "may be virus vectors and may contain illegal content that the user is being protected from". Little "Great Firewalls" for each ISP? Considering that this is coming from Australia, it might be a part of yet another attempt to push for the creation of a Great Firewall at the ISP level, using "industry standards" to enforce it instead of a law that has to be approved and might be struck down.

Let's get the astroturfing out of the way

[mrclisdue]

It's early in the thread, so I'll get the astroturfing over with post-haste.

The only corporation that has any clue as to what constitutes effective security is Microsoft. Everything Microsoft does is great. The iPad isn't anywhere near as great as the yet-to-be-released tablet that Microsoft is planning.

Have I mentioned, yet, how great Microsoft is? Google is actually evil, despite what they say.

If Microsoft wasn't great, they would have 0% market share.

And even though I have a 7 year old cellphone, which I use sparingly (prepaid ftw), if I were to bother with a smartphone, it would definitely be something with Microsoft Windows Phone 7.

OK, MIcrosoft: where's my moola?

cheers,

ps - afaict, there are no ms-related products in my life, and there *probably* never will be. Slackware 13.37 RC 3.14159265358979323846264338327950288419716 ftw!

pss - I still want my money.

What a world

[erroneus]

I'm pretty sure we all know the score here. We know who the bad guys are and what they are after. We know who the vendors of the platforms being exploited are and why they aren't or can't be patched. We know why end users continue to pretend they don't know or understand what is happening or what they can do to prevent it.

I just wonder what things would have to happen to overcome all of this crap? Will there have to be a cyber 9-11 attack somewhere to wake everyone up?

The other day, a person I went to some classes with called me and told me she "got a virus... or several viruses." I invited her over and she brought her laptop with her for me to examine and clean if possible. She was afraid to turn it off. But what was refreshing to me was the fact that she did everything right.

1. She went to another computer and changed all of her on-line passwords -- banking, insurance, bill paying, email, everything.
2. She ceased all work and use of her computer immediately.
3. She was using a browser that wasn't MSIE.

What I saw what just about what I expected to see. A window that was decorated to look like a Windows window "running a scan" and reporting several infections all over her computer. Problem was, since she was using something other than MSIE, the window wasn't manipulated to hide the URL this was supposed to be coming from... showed to be somewhere in eastern europe. A dialogue box was up with two buttons -- both of which lead to downloading an EXE file. And had this been MSIE, I had no doubt that the machine would have already been compromised -- seen that too many times. And oh yeah, all of this continued to work despite that she wasn't connected to the internet at all. Fascinating stuff and kinda pretty.

Still, I booted one of my machines over to Windows, updated everything and AV signatures too. I pulled her hard drive and connected it to a USB adapter and connected it to my computer to perform a scan. After a very long time, nothing showed up leaving me 98% certain that all was well and that nothing had happened to her machine.

Still, she doesn't fully understand the technologies but she at least listened to advise to not run MSIE on the WWW and to stop using her computer and to change her passwords from a different computer. How many people do you know would do that? I don't know too many... in fact, she was the first. I had another classmate who had a similar problem and she was terrified but she KEPT USING HER COMPUTER. I was like "uh.... okay... these are the risks... it's on you now."

Motivations and desires push people to do things, often stupid things, in spite of their knowledge of the risks involved. AIDS is still alive and killing for that very reason and so is drug-pushing spam. (Though lately, I have seen a LOT less of that... actually, none... either my filters are learning way good or there is simply less of it out there and what is out there is being caught.)

In a perfect world, Microsoft would abandon its Win32 and create a new OS based on BSD like Apple did. We would still have reasons to "hate" on Microsoft and they would still find ways to screw things up I am sure, but a better OS is definitely needed for the world and if it ain't going to come from Microsoft, I find it hard to imagine where it would come from in the near future.