Slashdot Mirror
Older Means Wiser To Computer Security
An anonymous reader writes "Growing up in the digital age, 18 – 25s may appear to be a more tech-savvy generation, but that does not translate into safer computing and online practices. A new study reveals that they are the most at-risk group, and prone to cyber-attacks. That makes this group even more vulnerable to online security threats. Younger users tend to prioritize entertainment and community over security, perhaps due to overconfidence in their security knowledge. For example, they're more concerned about gaming or other social activities than their online security. They also have less sophisticated security software, and hence, have reported more security problems than other groups."
18-25 year olds don't think bad things could happen to them.
On the bright side an 18-25 year old probably doesn't have much worth stealing.
This seems like a good place to ask: What is the best firewall and antivirus software available for Windows? For Linux? I've been a Mcafee customer by default but suspect there's something better for Windows. I also use linux a lot more now and, beyond a custom hosts file, don't have any active antivirus software beyond what comes with Ubuntu. Advice?
Anyone here surprised that the youth are not really tech savvy? No? Didn't think so.
Give it to anyone under 25.
When I was 18 I knew everything. Now that I'm older I know better. :)
The best firewall for Windows IS Linux!
The last statement is a false positive. Reporting more issues is not the same as having more.
Maybe just maybe the older generation fails to report their issues and continue to have them.
This would fall in line with the older, "wiser" generation being less savvy, so much less that they don't even recognize a security issue that needs reporting.
A fool throws a stone into a well and a thousand sages can not remove it.
Windows: Microsoft Security Essentials. It's free, non-obnoxious, and works well. The Windows Firewall is fine. No need for extra stuff.
Linux: There aren't really any noteworthy Linux-specific viruses that affect desktop systems. Keep things up to date. For server systems, things like tripwire are handy to see if things are getting modified. The built-in firewall is again excellent.
Hosts File: DO NOT SUMMON APK.
Microsoft Security Essentials + Windows Firewall is a good choice for windows.
Us old folk had:
* No home computers to start with, because they didn't exist until we were about 35
* 8 bit computers when those arrived
* etc up through the present day
Younger folks were dumped right into a world were "using" a computer means being far, far away from the actual machine, above a huge number of software abstraction layers and interacting with it like it was a glorified television. The younger folks who "get" security are the ones who have taken the initiative to learn how their machines work, but those folks are rare-ish. Most of them are quite happy to treat the machine like a "magic" device, or at best, learn some simple scripting language and figure they have "leaned computers!". Us old folk, on the other hand, did not have that choice. We had to know how the machine worked, because that KIM-1 didn't program itself. We had to learn from the CPU on up. Lots of young folks don't even understand how protection rings work, or the difference between an executable and a text file: to them, it's all just "icons you click on and stuff happens". There's also very little understanding of things like the concept of a virtual machine, and what it's limitations to encapsulation might be. It's no surprise to me that they get jacked on a routine basis, with the way I see most of them operating their devices. They'll click on anything they're told to without any apparent thought.
Lawn.
This seems like a good place to ask: What is the best firewall and antivirus software available for Windows?
For home users, there's little reason not to go with Microsoft Security Essentials as your antivirus: it does a good job of detecting most malware, it's free, and it's faster and less intrusive than most third-party solutions.
Regarding firewalls, I've heard good things about the Comodo firewall, but personally I've never had a problem just using the standard Windows firewall in conjunction with a NAT device.
Make sure to keep Windows Update set to automatic, and install the security updates when they become available. More importantly, be sure to update Flash and Adobe Reader, since these are actually a bigger vector for infection now than Windows and IE. Don't install Java unless you really need it, and even if you do need it for a desktop app, make sure the browser plugin is disabled, and that you keep the VM up to date at all times. It's a big attack surface.
Do these sorts of "adults are computer illiterate" stories bother anyone else? It can't just be me. I've been hearing them since the 1970s, when I was kid. Back then, I was apparently a computer genius. In the 1980s, when I was a teenager, I suddenly became a dangerous computer hacker. In the 1990s, my computer skills were apparently starting to falter, as I had hit my 20s, and I was no longer hot shit. Still, I was a dot com millionaire, and that's got to count for something. In the 2000s and 2010s, I've become a doddering old fool who can't even click his mouse on an icon. Wait, "icon" might be a bit too complex. Let's just call it "the little picture on the TV part of the computer".
I can only imagine what doddering old fools my parents must be. I mean, they're almost retirement age. I bet they can't even figure out how to turn on their computer. Nevermind that they've been using Linux exclusively for over ten years now, without any tech support from me.
Use a hardware firewall, and MSE on Windows boxen.
I am John Hurt.
Wouldn't it be terrible if 18-25 year olds behaved the same way in other aspects of their life? Like sex, studies, personal security...
Oh, wait...
Just throwing in my vote for Microsoft Security Essentials and built in firewall, as well. As long as you couple it with a decent adblock/script blocking program on your browser of choice, and use a modicum of common sense, you should be fine...
I'm a gamer and even when I was in that age group I was very security conscious even more-se than today. If my computer took a hit from a virus or malware it meant no gaming.
I am Bennett Haselton! I am Bennett Haselton!
For windows.
McAfee I'd not select. It's an absolute pig on resources.
Norton is ok, but also rather piggish.
AVG is actually not bad, or Avast I hear is pretty good.
Windows 7 antivirus that they include also isn't too bad.
kaspersky isn't bad either.
You'd also want an anti-spyware/adware. My suggestions:
spybot search & destroy
malware bytes
ad-aware
For manual checking/removal:
hijack this!
wireshark
For firewalls:
I'd honestly set up a linux box as a firewall proxy for your windows system. But if you must have a windows firewall:
zonealarm - free, and it 'works', but not the best
Comodo is actually pretty nice and I believe their firewall is free
For Linux:
Generally, you don't need to worry much about viruses, but I won't be so arrogant to say Linux can't get them. A PEBCAK error makes Linux vulnerable like any other OS, so with that in mind, my suggestion:
samhain -- this is very nice protection against rootkits as it does md5 checksums of all your binaries/libraries and alerts you of any system changes.
clamav -- antivirus for linux/unix
iptables -- this is your built in linux firewall. Very very powerful.
fail2ban -- this (or other software like denyhosts, blockhosts, etc) good for brute force attacks on your services (like ssh, httpd, etc)
ACL -- check into setting up acl restriction on binaries as well as mounting partitions nosuid or noexec.
You can find various graphical/web frontends for iptable configuration. It's pretty complex so if you're a newbie to Linux or unix in general you may want to search around for a good front end. Otherwise, I suggest just doing it by hand and set up your own iptable rule sets as it gives you more flexability.
Make sure to also apply all the recent patches, disable any services/daemons you don't need running, and for any remote access you enable to your system, lock it down to the specific set of users you want to connect to your system.
Hope that helps.
Let me be the first to say that old age and treachery overcomes youth and skill.
That's not to say a thing about dumbing down of the newer generations, bla bla bla get off my lawn!
Stupidity is an equal opportunity striker.
Fellow slashdotter Bill Dog
Hosts File: DO NOT SUMMON APK.
It is too LATE for that because he has already been SUMMONED. It is too late for you to stop the POWER of the ETC/HOSTS file which I have used for the past fifteen years to protect my COMPUTER by linking to
0.0.0.0 instead of 127.0.0.1 which is faster for resolution times
A
P
K
+------ P.S. /etc/hosts FILES ARE SECURE AND CHECK OUT MY links
|
|
+------>
Furthermore, studies have shown that one sentence per line is more effective than listing 127.0.0.1 because last time I brought this up you ran from me like a coward .
OK, here's my 54-year old doddering answer.
For important things you can sign up for an instance of Linux on Amazon, connect, do whatever you need to do, and throw the instance away. For stuff that requires only minimal security, cough up some bucks, put on your big boy pants, slap 16 Gig of EE3 RAM into a new HP laptop and run a Linux VM web appliance on VMWare's free player or Virtual Box. Throw a keystroke encryptor on your windows host too. Sure, it's not perfect, but a dang good cheap firewall. Make sure you add Ghostery, first thing, or you'll be tracked by hundreds of different sites. The government/corporations may not come to track you down today, but your comments, even the innocent ones that mention your name, address, friends or family members may come back to haunt you in a few years.
Or maybe next year. Because maybe you're just not paranoid enough yet.
Now, (and it feels good to say this), "GET OFF MY LAWN!"
Please do not read this sig. Thank you.
And here I was thinking the post was going to be marked as flame bait and vanish.. :D
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
"They also have less sophisticated security software, and hence, have reported more security problems than other groups."
Strangely, my copy of Foocom Antifail Pro flagged that sentence as 99% full of fail.
Awesome post. I've used all those linux tools except ACL. Will look into that. Given that I'm using Ubuntu and browsing the web a lot, I'm mostly concerned about infection via web browser -- clicking on a funny link or something.
I'm not sure how to set up a linux box as a firewall proxy for windows, but I suspect my router (running DD-WRT) may accomplish more or less the same thing. My LAN connects to my router which connect to my cable modem.
Dr Web and Kaspersky seem to be the two best choices. Both'll run under Linux and Windows, which is good. I am unsure of the value of personal firewalls on Windows, as it is unclear as to what they're supposed to stop. There ARE Windows versions of AIDE (which will tell you if any file has been modified) and Snort (which will tell you if there is any suspect network traffic, especially any that fits known malware patterns), but it's unclear whether they'd do what you'd want.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Thank you for that timely demonstration of young people's willful ignorance.
A very simple way of doing this is with Putty/SSH. Basically, you open a SSH connection with a tunnel. Then you use something like FoxyProxy, point it at the SSH tunnel you opened. I'm sure there are better solutions for opening the SSH tunnel or Proxy. This works as a quick & dirty solution. And it's a great way to get around certain firewalls, if your proxy lies outside the firewall(ie home server while @ work).
I don't care so much if they want to walk on my lawn. I just wished they'd get off my wife.
They can take my LifeAlert pendant when they pry it from my cold dead fingers.
Security Essentials detects a lot of malware that you really don't care about and misses the really nasty stuff. It's considerably slower than either of the anti-virus toolkits I've mentioned elsewhere (Dr Web, Kaspersky). The most recent Flash is broken for Firefox, no date set for the fix, so keeping it up to date depends on what you use. Java isn't a big deal, provided it is only enabled for trusted sites. Java applications only have the same power as regular applications if signed, unsigned Java code is heavily restricted. If you restrict inbound and outbound connections to only authorized app/port combinations, there's nothing of significance Java can do.
Since most applications of any worth (Libre Office, for example, but well over 70% of what I run overall) has at least one Java component, you need Java. Using Jrockit is better than using the regular Java engines.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
So long as you charge them for rent and price the videos sensibly, you should be able to afford a new wife fairly quickly.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
People seem to forget that learning continues after a person has reached adulthood. Among other things, this means that they will learn to appreciate and implement security measures as they get older. It isn't an odd generational thing.
Replace computing with driving and you have an old problem that just carried over from one area to another. I'm sorry, but with age comes experience and those of us that got our hard knocks in the 1990s when the Internet was new (and honestly a lot less scary) know better because we *KNOW* what can happen. Why does it surprise anyone that inexperience and hubris would lead to problems like lax security? Wow!
OpenVPN is another option, and that works quite well. It can also be configured to route all traffic, not just things which support proxies.
Setting it up the first time is not the most trivial thing in the world, but it's not hard. Just be sure to change the RSA and DH-parameter scripts to generate 2048-bit keys (or higher, if you feel the need) rather than the default 1024.
I have used the AVG free suite for years with the more obtrusive stuff turned off and have had no problems...
love is just extroverted narcissism
There are so many problems with this story. It should never have been posted.
1. It's sponsored in part by ZoneAlarm, and it repeatedly says people should use more security software without discussing the efficacy of that software.
2. The opening sentence is stupid on two fronts:
[A new] report found that 18 – 25s are more confident in their security knowledge than 56 – 65s, but have experienced more security issues in the past two years compared to older users.
People's subjective measure of their confidence in security knowledge is a worthless statistic, and younger people use technology far, far more than older people so of course you'd expect them to experience more security issues.
3. "In comparison, 56 – 65s are more concerned about security and privacy and are twice as likely to protect their computers with additional security software."
The implication being more security software = good. Like if you have MSE already you should really get Norton or maybe buy ZoneAlarm.
4. "Computer security increases in priority with age"
This is completely irrelevant without further discussion (that's not provided). Older people might overprioritize just as younger people might underprioritize, but they jump to the second conclusion since it suits their advertisement.
5. "respondents aged 18 – 25 are less likely to use paid antivirus, 3rd-party firewalls, or integrated security suites than 56 – 65s. 45% of 18 – 25s view security software as too expensive in comparison to 37% of 56 – 65s."
Yet again, conflict of interest, and even then the percentages they do list are not terribly dissimilar and with smallish sample sizes could be statistically indistinguishable. Of course no error bars were reported.
All in all, this is basically an advertisement for ZoneAlarm with irrelevant and questionable statistics (that to be fair are probably not technically wrong) that should never have been posted to /. Again! Bad editors.
I just installed Kaspersky Labs Internet Security Suit, and to be honest as good as it is at detecting, protecting, and cleaning, It takes 3 to 4 times longs than Security Essentials to do a full System inspection (3 to 4 days as opposed to 1 day) but that being said, for a pay system this is one of the best out there, and can be found on Amazon on average for ~ $25 USD. Learning curve can be a bit for some non technical users, but this being Slashdot I don't think that is as much a problem.
Security Essentials on the other hand is free and does a great job. Couple that with the build in Firewall for windows and if you are paranoid Spybot S&D, Malware-bytes and you are covered for most anything. This then leads to the question, do you trust Microsoft to protect their own code, or some third party that is dedicated to anti-virus/spy/mal/add ware detection prevention and removal.
One last thing to add is, make sure that you have all of your info backed up, and all your software patched and you should have no problems.
Remember: Knowing is half the battle.
A side note among all the others is to never ever under any circumstances run a web browser as someone that can have their privileges elevated to root, or more obviously a root user.
That one simple thing is the reason you will be hard pressed to find any viruses for Linux in the wild. Conceptually possible of course, and that should not discount the threat of brute force attacks or buffer over flow attacks. Root is the only thing that can mess with system level functions.
If you are using Ubuntu, it's important to think about removing your account from sudoers if browsing. Ubuntu (last I checked) by default asks you for a user name and password for non-root activities, but then creates a no-password entry in sudo for that same account.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Personally, I fall into the "almost digital age" generation. Hearing "You've got mail!" over broadband at home while being a high schooler was mind blowing. But, in contrast with the younger generation, I did not grow up with computing for idiots. I starting programming at 12 yrs old, because their was basically nothing else as powerful and consuming back then. Today, 12yr olds can play 1 million facebook games and read all the people they hate's twitter. The fallacy being that the evolution of simple computing and the influx of babies born with tablets as diapers doesn't necessarily mean that these kids are going to have a better understanding of technology, really they are just exposed to a digital world where it is not important to learn to become a power user. Even all the new program languages dumb down the entire process to the point where the "programmer" no longer ever needs to develop a programmers mind. This new world just creates technological ignorance, where the feeling of power and ability has become the affect of simplification.
..and you should deinstall it as soon as possible. All the theoretical security advantags of Java pale in the face of the shoddy VM and infrastructure (Java Webstart and so on implementation. Next to Adove products, Java is the biggest security risk on the average PC.
The Linux machine runs the squid proxy and the client machine can't get into the internet except through the proxy. This also means you can monitor all the nasty spy traffic from facebook, google and a bazillion of "trackers". Very interesting.
NOD32 from ESET is cheap and works without crushing your computer.
[RIAA] says its concern is artists. That's true, in just the sense that a cattle rancher is concerned about its cattle.
When they come for you... you either need a gun, because they have fully mutated into the KGB, or they just want to intimidate you by spreading nasty lies. You will get accustomed to your neighbours being unfriendly to you. You will know what "free world" really means. False Flag warmakers and people who toy with "mad nuclear strategies" will be respected persons, while you will be labelled a communist, terrorist or something. But you will get over it. You will say "lalalala" to all the media whores who cooperate with this nasty stuff.
This entire article reeks of "Our fear and marketing department tells us that neither us our or competition are capturing the high-disposable-income multi-device-having 18-25 year old demographic so we need to start targeting these guys. "
The feeling I got is that old people are terrified of the internet which seems capable of biting them back at any moment. "Most concerned about security", it's also implied that young people encounter security problems more. The young people who I most encounter with security problems are fairly predictable (Very much in line with those who I would describe as less intelligent) , the old people I encounter who are likely to have security problems are almost any of them. Extremely young people who are under 18 also seem susceptible to security problems regardless of intelligence (Mostly due to recklessness "I don't run programs off the internet my common sense protects me".)
The article further goes on that young people are less likely to have "sophisticated" paid for security solutions, the article seems to imply it's because they can't afford these things. Of course the reason young people don't run them is because almost everything that costs money is really crappy, not that young people don't spend their money, they're a highly sought after demographic due to their uncommitted income and willingness to part with it.
Truth is the most effective antivirus measures you can take are keeping your stock firewall on, running adblock of some sort, running noscript of some sort, and running an antivirus scan whenever you have a hunch or every 6 months.... and using whatever webbrowser you DON'T see old people using.
Just FYI: I am 32
makes me think you Ma is 100% rational. People doing sysadmin, database development and other operations roles for a major CC acquirer would run XP. Everybody would be Admin user 100% of time. They had direct access to Oracle databases, could edit Perl scripts, kill processes etc etc. Of course they would surf the web with the same user accounts. Not in Buttfuckistan, but in a major european economy, an economy so strong all the suckers next to it want a share of it's wealth.
Twice shy... The older users are just the younger users that have gone through some bad times.
You have experience failing... failing hardcore. Everything going wrong. You know things like "why to back up" because there was that time you didn't and it was a fairly traumatic experience.
That's all is...
What might be helpful is communicating to younger would be IT professionals what is really a real problem that they have to really take really seriously... really. Different organizations have different ways of communicating that sort of thing.
The army does it by hurting you. They put you in situations where if you do the wrong thing something hits you or you puke tear gas or you get hit with sticks... or you just get told repeatedly to run laps. They hurt you until you learn. Doctors have residency programs where they keep the training wheels on to say nothing of the dissections of cadavers.
There probably should be some sort of hazing ritual in IT. Something just to emphasis best practices. Maybe give them a harddrive that is failing on purpose just so they can lose everything. Maybe give them disks with auto executing malware. Whatever.
Just something to engender some healthy paranoia.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
They have become cynical people who essentially care about Money first, Money second and Money third. All what facilitates the nice inflow of money is being done. Security - it only costs money and it will never generate revenue. The cost of your corporate secrets being exfiltrated to an asian competitor - who cares. There is no way beancounters can properly account cost for that, so it is assumed to be zero, by means of ignorance. The western world has grown into a morally rotten bunch of muppets, pretty much like it was in the 1920s. Let's see what follows.
The original Windows Security Essentials was a well regarded AV program, but 2.0 has a very low detection rate and shouldn't be used.
Virus Bulletin rates programs by platform and has a top 100. I was surprised that a free version (Avira) is one of the best.
back when I used XP it was nod32 + ProcessGuard + tiny firewall. Would get 5 pop ups asking for permission just for pressing the start button.
Older people using computers have likely been doing so for much longer - meanwhile, nearly everyone below some certain age makes heavy use of computers and other devices. If the level of competence is the same among both the old and young (probable), then it stands to reason the narrowed down group will perform better. Nothing to do with age - just adoption of technology by increasingly incapable users.
Great Intellect...
I'm a big fan of ESET for Windows. It may not be bulletproof, but in terms of preventing infections without breaking the system, it seems to be the best out there. Kaspersky comes in a close second, being stronger on detection and removal than prevention. Same goes for Avira.
Semantic is worse than running the system while infected with credit card stealing trojans. McAfee isn't as bad, but I'd still rather run without either. They're like a fat, sleeping security guard. He's just in your way when you need to get through the door, and nothing more.
ESET is available for Linux. I suspect the product is good. I've used ClamAV but I've honestly never seen the motivation to run it full-time. Nothing out there is capable of being vigorous enough to take the system "down", from my experience. For linux, a better tool is something like rkhunter which will check and verify system binary checksum integrity...
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
For home users, there's little reason not to go with Microsoft Security Essentials as your antivirus: it does a good job of detecting most malware, it's free, and it's faster and less intrusive than most third-party solutions.
It's also the one which seems to most likely be "broken" at this point in time without bricking the system, so the user never notices unless tehy're security conscious. Little things don't work, but for the most part things keep working when it's been intentionally broken. In that regard, Symantec might actually be better: you at least know when someone's trying to take your banking info.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
"Experience is the name everyone gives to their mistakes." --Oscar
Casteism
Windows: Microsoft Security Essentials. It's free, non-obnoxious, and works well. The Windows Firewall is fine. No need for extra stuff.
I agree about Security Essentials, one of the best products that Microsoft have made in years. Small, compact, does the job well.
For more control over the in-built Windows Firewall I find the aptly-name Windows 7 Firewall Control program a handy tool to add outgoing connection alerting/control to the Windows firewall which has saved my bacon a few times.
You can find direct links to the free version(s) in the forum, here.