Slashdot Mirror
Are the Days of Individual Security Over?
angry tapir writes "People solely relying on patching and upgrades are lulling themselves into a false sense of security, and individual protection is no longer sufficient in the age of multi-vector attacks, according to the president of the Australian Internet Industry Association. According to AIIA's Peter Coroneos, vendors need to intervene at the network level and provide security tools at multiple levels to help secure people from the variety of threats that are emerging."
"After you secure your network Mr. ISP, remember to filter out these websites." (hands over blacklist including playboy.com, domai.com, etc)
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
Rule for the modern world.
1. Assume malice. Once you determine there's no malice, you can go back to your normal discussion.
"need to intervene at the network level and provide security tools at multiple levels to help secure people from the variety of threats that are emerging". That's one of the better ones lately. Ask yourself: what are these security tools capable of doing *besides* stopping viruses?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
It's early in the thread, so I'll get the astroturfing over with post-haste.
The only corporation that has any clue as to what constitutes effective security is Microsoft. Everything Microsoft does is great. The iPad isn't anywhere near as great as the yet-to-be-released tablet that Microsoft is planning.
Have I mentioned, yet, how great Microsoft is? Google is actually evil, despite what they say.
If Microsoft wasn't great, they would have 0% market share.
And even though I have a 7 year old cellphone, which I use sparingly (prepaid ftw), if I were to bother with a smartphone, it would definitely be something with Microsoft Windows Phone 7.
OK, MIcrosoft: where's my moola?
cheers,
ps - afaict, there are no ms-related products in my life, and there *probably* never will be. Slackware 13.37 RC 3.14159265358979323846264338327950288419716 ftw!
pss - I still want my money.
I'm pretty sure we all know the score here. We know who the bad guys are and what they are after. We know who the vendors of the platforms being exploited are and why they aren't or can't be patched. We know why end users continue to pretend they don't know or understand what is happening or what they can do to prevent it.
I just wonder what things would have to happen to overcome all of this crap? Will there have to be a cyber 9-11 attack somewhere to wake everyone up?
The other day, a person I went to some classes with called me and told me she "got a virus... or several viruses." I invited her over and she brought her laptop with her for me to examine and clean if possible. She was afraid to turn it off. But what was refreshing to me was the fact that she did everything right.
1. She went to another computer and changed all of her on-line passwords -- banking, insurance, bill paying, email, everything.
2. She ceased all work and use of her computer immediately.
3. She was using a browser that wasn't MSIE.
What I saw what just about what I expected to see. A window that was decorated to look like a Windows window "running a scan" and reporting several infections all over her computer. Problem was, since she was using something other than MSIE, the window wasn't manipulated to hide the URL this was supposed to be coming from... showed to be somewhere in eastern europe. A dialogue box was up with two buttons -- both of which lead to downloading an EXE file. And had this been MSIE, I had no doubt that the machine would have already been compromised -- seen that too many times. And oh yeah, all of this continued to work despite that she wasn't connected to the internet at all. Fascinating stuff and kinda pretty.
Still, I booted one of my machines over to Windows, updated everything and AV signatures too. I pulled her hard drive and connected it to a USB adapter and connected it to my computer to perform a scan. After a very long time, nothing showed up leaving me 98% certain that all was well and that nothing had happened to her machine.
Still, she doesn't fully understand the technologies but she at least listened to advise to not run MSIE on the WWW and to stop using her computer and to change her passwords from a different computer. How many people do you know would do that? I don't know too many... in fact, she was the first. I had another classmate who had a similar problem and she was terrified but she KEPT USING HER COMPUTER. I was like "uh.... okay... these are the risks... it's on you now."
Motivations and desires push people to do things, often stupid things, in spite of their knowledge of the risks involved. AIDS is still alive and killing for that very reason and so is drug-pushing spam. (Though lately, I have seen a LOT less of that... actually, none... either my filters are learning way good or there is simply less of it out there and what is out there is being caught.)
In a perfect world, Microsoft would abandon its Win32 and create a new OS based on BSD like Apple did. We would still have reasons to "hate" on Microsoft and they would still find ways to screw things up I am sure, but a better OS is definitely needed for the world and if it ain't going to come from Microsoft, I find it hard to imagine where it would come from in the near future.