Slashdot Mirror
Older Means Wiser To Computer Security
An anonymous reader writes "Growing up in the digital age, 18 – 25s may appear to be a more tech-savvy generation, but that does not translate into safer computing and online practices. A new study reveals that they are the most at-risk group, and prone to cyber-attacks. That makes this group even more vulnerable to online security threats. Younger users tend to prioritize entertainment and community over security, perhaps due to overconfidence in their security knowledge. For example, they're more concerned about gaming or other social activities than their online security. They also have less sophisticated security software, and hence, have reported more security problems than other groups."
18-25 year olds don't think bad things could happen to them.
On the bright side an 18-25 year old probably doesn't have much worth stealing.
This seems like a good place to ask: What is the best firewall and antivirus software available for Windows? For Linux? I've been a Mcafee customer by default but suspect there's something better for Windows. I also use linux a lot more now and, beyond a custom hosts file, don't have any active antivirus software beyond what comes with Ubuntu. Advice?
When I was 18 I knew everything. Now that I'm older I know better. :)
The best firewall for Windows IS Linux!
The last statement is a false positive. Reporting more issues is not the same as having more.
Maybe just maybe the older generation fails to report their issues and continue to have them.
This would fall in line with the older, "wiser" generation being less savvy, so much less that they don't even recognize a security issue that needs reporting.
A fool throws a stone into a well and a thousand sages can not remove it.
Windows: Microsoft Security Essentials. It's free, non-obnoxious, and works well. The Windows Firewall is fine. No need for extra stuff.
Linux: There aren't really any noteworthy Linux-specific viruses that affect desktop systems. Keep things up to date. For server systems, things like tripwire are handy to see if things are getting modified. The built-in firewall is again excellent.
Hosts File: DO NOT SUMMON APK.
Being "tech savvy" has lost it's meaning these days. People are considered "tech savvy" by just being able to use a smartphone. And that is effectively increasing the pool of people called "tech savvy". But the number of people that genuinely understand security is not growing. If anything it is shrinking.
now we need to go OSS in diesel cars
Us old folk had:
* No home computers to start with, because they didn't exist until we were about 35
* 8 bit computers when those arrived
* etc up through the present day
Younger folks were dumped right into a world were "using" a computer means being far, far away from the actual machine, above a huge number of software abstraction layers and interacting with it like it was a glorified television. The younger folks who "get" security are the ones who have taken the initiative to learn how their machines work, but those folks are rare-ish. Most of them are quite happy to treat the machine like a "magic" device, or at best, learn some simple scripting language and figure they have "leaned computers!". Us old folk, on the other hand, did not have that choice. We had to know how the machine worked, because that KIM-1 didn't program itself. We had to learn from the CPU on up. Lots of young folks don't even understand how protection rings work, or the difference between an executable and a text file: to them, it's all just "icons you click on and stuff happens". There's also very little understanding of things like the concept of a virtual machine, and what it's limitations to encapsulation might be. It's no surprise to me that they get jacked on a routine basis, with the way I see most of them operating their devices. They'll click on anything they're told to without any apparent thought.
Lawn.
This seems like a good place to ask: What is the best firewall and antivirus software available for Windows?
For home users, there's little reason not to go with Microsoft Security Essentials as your antivirus: it does a good job of detecting most malware, it's free, and it's faster and less intrusive than most third-party solutions.
Regarding firewalls, I've heard good things about the Comodo firewall, but personally I've never had a problem just using the standard Windows firewall in conjunction with a NAT device.
Make sure to keep Windows Update set to automatic, and install the security updates when they become available. More importantly, be sure to update Flash and Adobe Reader, since these are actually a bigger vector for infection now than Windows and IE. Don't install Java unless you really need it, and even if you do need it for a desktop app, make sure the browser plugin is disabled, and that you keep the VM up to date at all times. It's a big attack surface.
Do these sorts of "adults are computer illiterate" stories bother anyone else? It can't just be me. I've been hearing them since the 1970s, when I was kid. Back then, I was apparently a computer genius. In the 1980s, when I was a teenager, I suddenly became a dangerous computer hacker. In the 1990s, my computer skills were apparently starting to falter, as I had hit my 20s, and I was no longer hot shit. Still, I was a dot com millionaire, and that's got to count for something. In the 2000s and 2010s, I've become a doddering old fool who can't even click his mouse on an icon. Wait, "icon" might be a bit too complex. Let's just call it "the little picture on the TV part of the computer".
I can only imagine what doddering old fools my parents must be. I mean, they're almost retirement age. I bet they can't even figure out how to turn on their computer. Nevermind that they've been using Linux exclusively for over ten years now, without any tech support from me.
Use a hardware firewall, and MSE on Windows boxen.
I am John Hurt.
Wouldn't it be terrible if 18-25 year olds behaved the same way in other aspects of their life? Like sex, studies, personal security...
Oh, wait...
Indeed. Technological education is, IMHO, somewhat 'sick' these days.
I am John Hurt.
For windows.
McAfee I'd not select. It's an absolute pig on resources.
Norton is ok, but also rather piggish.
AVG is actually not bad, or Avast I hear is pretty good.
Windows 7 antivirus that they include also isn't too bad.
kaspersky isn't bad either.
You'd also want an anti-spyware/adware. My suggestions:
spybot search & destroy
malware bytes
ad-aware
For manual checking/removal:
hijack this!
wireshark
For firewalls:
I'd honestly set up a linux box as a firewall proxy for your windows system. But if you must have a windows firewall:
zonealarm - free, and it 'works', but not the best
Comodo is actually pretty nice and I believe their firewall is free
For Linux:
Generally, you don't need to worry much about viruses, but I won't be so arrogant to say Linux can't get them. A PEBCAK error makes Linux vulnerable like any other OS, so with that in mind, my suggestion:
samhain -- this is very nice protection against rootkits as it does md5 checksums of all your binaries/libraries and alerts you of any system changes.
clamav -- antivirus for linux/unix
iptables -- this is your built in linux firewall. Very very powerful.
fail2ban -- this (or other software like denyhosts, blockhosts, etc) good for brute force attacks on your services (like ssh, httpd, etc)
ACL -- check into setting up acl restriction on binaries as well as mounting partitions nosuid or noexec.
You can find various graphical/web frontends for iptable configuration. It's pretty complex so if you're a newbie to Linux or unix in general you may want to search around for a good front end. Otherwise, I suggest just doing it by hand and set up your own iptable rule sets as it gives you more flexability.
Make sure to also apply all the recent patches, disable any services/daemons you don't need running, and for any remote access you enable to your system, lock it down to the specific set of users you want to connect to your system.
Hope that helps.
Let me be the first to say that old age and treachery overcomes youth and skill.
That's not to say a thing about dumbing down of the newer generations, bla bla bla get off my lawn!
Stupidity is an equal opportunity striker.
Fellow slashdotter Bill Dog
Hosts File: DO NOT SUMMON APK.
It is too LATE for that because he has already been SUMMONED. It is too late for you to stop the POWER of the ETC/HOSTS file which I have used for the past fifteen years to protect my COMPUTER by linking to
0.0.0.0 instead of 127.0.0.1 which is faster for resolution times
A
P
K
+------ P.S. /etc/hosts FILES ARE SECURE AND CHECK OUT MY links
|
|
+------>
Furthermore, studies have shown that one sentence per line is more effective than listing 127.0.0.1 because last time I brought this up you ran from me like a coward .
OK, here's my 54-year old doddering answer.
For important things you can sign up for an instance of Linux on Amazon, connect, do whatever you need to do, and throw the instance away. For stuff that requires only minimal security, cough up some bucks, put on your big boy pants, slap 16 Gig of EE3 RAM into a new HP laptop and run a Linux VM web appliance on VMWare's free player or Virtual Box. Throw a keystroke encryptor on your windows host too. Sure, it's not perfect, but a dang good cheap firewall. Make sure you add Ghostery, first thing, or you'll be tracked by hundreds of different sites. The government/corporations may not come to track you down today, but your comments, even the innocent ones that mention your name, address, friends or family members may come back to haunt you in a few years.
Or maybe next year. Because maybe you're just not paranoid enough yet.
Now, (and it feels good to say this), "GET OFF MY LAWN!"
Please do not read this sig. Thank you.
I disagree. I'm old enough to remember when "tech savy" was someone that could set the clock on a VCR. It's always been this way.
This website is older than a lot of the people who visit it now. I've been here since the very beginning. This site, like many others, began catering to larger populations by dumbing down the content. This of course ups page views and ad clicks. Then the "tech savy" folks move on to other "tech savy" sites and the cycle continues.
I'm just the old guy that kept coming back every few months to check on things and feeling nostalgic.
But I digress. People in the 18-25 age group feel immortal. I know because I was one of them not too long ago. This feeling of youth and being impervious seeps into everything they do, including computer usage. Who needs an AV program? Software updates? Nah I don't need them. It's just how it goes.
They get a little older, a little wiser, life takes a few chunks out of their asses and the cycle continues. It's all just a big joke as the Comedian would say.
Yes really, I'm not surprised at all. Taken as a group, gamers are not knowledgeable about the machine they run. They don't really understand it any more then someone who just checks their e-mail from time to time. They are squarely in the users group. This is the group who will tell you that you have to reinstall Windows every 3-6 moths or you're going to have lower frame rates. They really don't care about some downtime not playing because they've convinced themselves that it is the best way to get maximum performance. These are not people that know how to maintain a system.
"I use a Mac because I'm just better than you are."
This cannot be a surprise to anyone familiar with either the Dunning-Kruger effect, or the tendency of adolescents/young adults to act in denial of their own mortality.
Young people (as a group) do not understand technology better than older people (as a group) do; they just aren't afraid of it. That makes them better at figuring out how to use it, but worse at figuring out how to use it wisely.
http://alternatives.rzero.com/
People are considered "tech savvy" by just being able to use a smartphone.
Reminds me of the News Co scandal where they "hacked" some phones by dialing the standard numbers for voicemail, which worked because the victims hadn't bothered to set a password...
Being "tech savvy" has lost it's meaning these days.
I suspect any type of savvy has been fairly meaningless when used by mass media for a while now.
Much of the reason for that is difficult to blame on the technical people. Companies no longer have budgets for training, let alone following best practices. Compound that with expectation that a technical person can handle any gawd awful technology you tell them they have to support.
5 years ago, I was much better with security than I am now. 5 years ago, I handled Solaris (2 versions), Redhat (2 versions), Sun and HP hardware, 2 vendors HBA cards, and 2 SAN vendors.
Today, 47 operating systems, 3 different PC hardware vendors (unfortunately much is from a home grown slap it together cheap shop), Sun (equipment dating back 12 years to present). OSes must include Windows, ESX, Citrix Xen*, Solaris 8-11, disparate versions of Ubuntu, CentOS, RHEL, Fedora, Gentoo, NetBSD, FreeBSD, plus many tasks that 5 years ago were the job of a staffed Network person. That's in addition to Netapp and some other cheap NAS vendored gear.
I generally laugh when I get recruiter postings for jobs demanding candidates be senior level SAN admin, Unix Admin, Windows Admin, VMWare admin, Cisco Admin, and what ever else they can stick on to a single person's job the sounds technical. I also cry because nobody can be an expert with anything in a market making those demands.
Security has to take a back seat. I just make it a point of telling people when they are demanding insecure solutions to cover my ass.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
A very simple way of doing this is with Putty/SSH. Basically, you open a SSH connection with a tunnel. Then you use something like FoxyProxy, point it at the SSH tunnel you opened. I'm sure there are better solutions for opening the SSH tunnel or Proxy. This works as a quick & dirty solution. And it's a great way to get around certain firewalls, if your proxy lies outside the firewall(ie home server while @ work).
Security Essentials detects a lot of malware that you really don't care about and misses the really nasty stuff. It's considerably slower than either of the anti-virus toolkits I've mentioned elsewhere (Dr Web, Kaspersky). The most recent Flash is broken for Firefox, no date set for the fix, so keeping it up to date depends on what you use. Java isn't a big deal, provided it is only enabled for trusted sites. Java applications only have the same power as regular applications if signed, unsigned Java code is heavily restricted. If you restrict inbound and outbound connections to only authorized app/port combinations, there's nothing of significance Java can do.
Since most applications of any worth (Libre Office, for example, but well over 70% of what I run overall) has at least one Java component, you need Java. Using Jrockit is better than using the regular Java engines.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
So long as you charge them for rent and price the videos sensibly, you should be able to afford a new wife fairly quickly.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
People seem to forget that learning continues after a person has reached adulthood. Among other things, this means that they will learn to appreciate and implement security measures as they get older. It isn't an odd generational thing.
Replace computing with driving and you have an old problem that just carried over from one area to another. I'm sorry, but with age comes experience and those of us that got our hard knocks in the 1990s when the Internet was new (and honestly a lot less scary) know better because we *KNOW* what can happen. Why does it surprise anyone that inexperience and hubris would lead to problems like lax security? Wow!
The idea that older people are more afraid of technology than young people is a stereo type that once was true, and really isn't anymore. It makes sense though. back in the 70/80/90's the old people had grown up in a time when pushing the wrong button could take your arm off. When they were kids, you either approached new technology with caution, or you didn't survive to be old. Today, the old people grew up in an environment where pushing the wrong button meant you had to reinstall.
I'm old enough to remember when "tech savy" was someone that could set the clock on a VCR. It's always been this way.
What's a VCR? (just kidding)... Every generation has their "tech savy" litmus test, it's always been this way, but today it's not setting a VCR clock. Maybe today it's setting a non-default password for your wireless router or something like that...
There are so many problems with this story. It should never have been posted.
1. It's sponsored in part by ZoneAlarm, and it repeatedly says people should use more security software without discussing the efficacy of that software.
2. The opening sentence is stupid on two fronts:
[A new] report found that 18 – 25s are more confident in their security knowledge than 56 – 65s, but have experienced more security issues in the past two years compared to older users.
People's subjective measure of their confidence in security knowledge is a worthless statistic, and younger people use technology far, far more than older people so of course you'd expect them to experience more security issues.
3. "In comparison, 56 – 65s are more concerned about security and privacy and are twice as likely to protect their computers with additional security software."
The implication being more security software = good. Like if you have MSE already you should really get Norton or maybe buy ZoneAlarm.
4. "Computer security increases in priority with age"
This is completely irrelevant without further discussion (that's not provided). Older people might overprioritize just as younger people might underprioritize, but they jump to the second conclusion since it suits their advertisement.
5. "respondents aged 18 – 25 are less likely to use paid antivirus, 3rd-party firewalls, or integrated security suites than 56 – 65s. 45% of 18 – 25s view security software as too expensive in comparison to 37% of 56 – 65s."
Yet again, conflict of interest, and even then the percentages they do list are not terribly dissimilar and with smallish sample sizes could be statistically indistinguishable. Of course no error bars were reported.
All in all, this is basically an advertisement for ZoneAlarm with irrelevant and questionable statistics (that to be fair are probably not technically wrong) that should never have been posted to /. Again! Bad editors.
NOD32 from ESET is cheap and works without crushing your computer.
[RIAA] says its concern is artists. That's true, in just the sense that a cattle rancher is concerned about its cattle.
They have become cynical people who essentially care about Money first, Money second and Money third. All what facilitates the nice inflow of money is being done. Security - it only costs money and it will never generate revenue. The cost of your corporate secrets being exfiltrated to an asian competitor - who cares. There is no way beancounters can properly account cost for that, so it is assumed to be zero, by means of ignorance. The western world has grown into a morally rotten bunch of muppets, pretty much like it was in the 1920s. Let's see what follows.
Most recruiters will go through the long list of expertise you are looking for, and stick your resume in the circular file as soon as you say "I'm not an expert with that one". From experience, you can get interviews if you bullshit them and say "Fu*$ Yeah!, I'm an expert with any technology!". This is why you have companies training people on the list of 80,000 acronyms one must have in order to get a job in the US, and how to quickly Google answers. Of course I have yet to see someone come from one of those training places and be worth more than a turd in the trashcan when it came to actual knowledge and skills.
I started replying back to people stating that they are not looking for a single person, since no single person could possibly be an expert with what they were asking. I try to do so in a professional manner so they get the point, but at the same time they will receive lots of replies to that same job posting from people that claim to be experts in everything.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Older people using computers have likely been doing so for much longer - meanwhile, nearly everyone below some certain age makes heavy use of computers and other devices. If the level of competence is the same among both the old and young (probable), then it stands to reason the narrowed down group will perform better. Nothing to do with age - just adoption of technology by increasingly incapable users.
Great Intellect...
"Experience is the name everyone gives to their mistakes." --Oscar
Casteism