Slashdot Mirror
Older Means Wiser To Computer Security
An anonymous reader writes "Growing up in the digital age, 18 – 25s may appear to be a more tech-savvy generation, but that does not translate into safer computing and online practices. A new study reveals that they are the most at-risk group, and prone to cyber-attacks. That makes this group even more vulnerable to online security threats. Younger users tend to prioritize entertainment and community over security, perhaps due to overconfidence in their security knowledge. For example, they're more concerned about gaming or other social activities than their online security. They also have less sophisticated security software, and hence, have reported more security problems than other groups."
18-25 year olds don't think bad things could happen to them.
On the bright side an 18-25 year old probably doesn't have much worth stealing.
When I was 18 I knew everything. Now that I'm older I know better. :)
The best firewall for Windows IS Linux!
Windows: Microsoft Security Essentials. It's free, non-obnoxious, and works well. The Windows Firewall is fine. No need for extra stuff.
Linux: There aren't really any noteworthy Linux-specific viruses that affect desktop systems. Keep things up to date. For server systems, things like tripwire are handy to see if things are getting modified. The built-in firewall is again excellent.
Hosts File: DO NOT SUMMON APK.
Being "tech savvy" has lost it's meaning these days. People are considered "tech savvy" by just being able to use a smartphone. And that is effectively increasing the pool of people called "tech savvy". But the number of people that genuinely understand security is not growing. If anything it is shrinking.
now we need to go OSS in diesel cars
Us old folk had:
* No home computers to start with, because they didn't exist until we were about 35
* 8 bit computers when those arrived
* etc up through the present day
Younger folks were dumped right into a world were "using" a computer means being far, far away from the actual machine, above a huge number of software abstraction layers and interacting with it like it was a glorified television. The younger folks who "get" security are the ones who have taken the initiative to learn how their machines work, but those folks are rare-ish. Most of them are quite happy to treat the machine like a "magic" device, or at best, learn some simple scripting language and figure they have "leaned computers!". Us old folk, on the other hand, did not have that choice. We had to know how the machine worked, because that KIM-1 didn't program itself. We had to learn from the CPU on up. Lots of young folks don't even understand how protection rings work, or the difference between an executable and a text file: to them, it's all just "icons you click on and stuff happens". There's also very little understanding of things like the concept of a virtual machine, and what it's limitations to encapsulation might be. It's no surprise to me that they get jacked on a routine basis, with the way I see most of them operating their devices. They'll click on anything they're told to without any apparent thought.
Lawn.
This seems like a good place to ask: What is the best firewall and antivirus software available for Windows?
For home users, there's little reason not to go with Microsoft Security Essentials as your antivirus: it does a good job of detecting most malware, it's free, and it's faster and less intrusive than most third-party solutions.
Regarding firewalls, I've heard good things about the Comodo firewall, but personally I've never had a problem just using the standard Windows firewall in conjunction with a NAT device.
Make sure to keep Windows Update set to automatic, and install the security updates when they become available. More importantly, be sure to update Flash and Adobe Reader, since these are actually a bigger vector for infection now than Windows and IE. Don't install Java unless you really need it, and even if you do need it for a desktop app, make sure the browser plugin is disabled, and that you keep the VM up to date at all times. It's a big attack surface.
Do these sorts of "adults are computer illiterate" stories bother anyone else? It can't just be me. I've been hearing them since the 1970s, when I was kid. Back then, I was apparently a computer genius. In the 1980s, when I was a teenager, I suddenly became a dangerous computer hacker. In the 1990s, my computer skills were apparently starting to falter, as I had hit my 20s, and I was no longer hot shit. Still, I was a dot com millionaire, and that's got to count for something. In the 2000s and 2010s, I've become a doddering old fool who can't even click his mouse on an icon. Wait, "icon" might be a bit too complex. Let's just call it "the little picture on the TV part of the computer".
I can only imagine what doddering old fools my parents must be. I mean, they're almost retirement age. I bet they can't even figure out how to turn on their computer. Nevermind that they've been using Linux exclusively for over ten years now, without any tech support from me.
Wouldn't it be terrible if 18-25 year olds behaved the same way in other aspects of their life? Like sex, studies, personal security...
Oh, wait...
For windows.
McAfee I'd not select. It's an absolute pig on resources.
Norton is ok, but also rather piggish.
AVG is actually not bad, or Avast I hear is pretty good.
Windows 7 antivirus that they include also isn't too bad.
kaspersky isn't bad either.
You'd also want an anti-spyware/adware. My suggestions:
spybot search & destroy
malware bytes
ad-aware
For manual checking/removal:
hijack this!
wireshark
For firewalls:
I'd honestly set up a linux box as a firewall proxy for your windows system. But if you must have a windows firewall:
zonealarm - free, and it 'works', but not the best
Comodo is actually pretty nice and I believe their firewall is free
For Linux:
Generally, you don't need to worry much about viruses, but I won't be so arrogant to say Linux can't get them. A PEBCAK error makes Linux vulnerable like any other OS, so with that in mind, my suggestion:
samhain -- this is very nice protection against rootkits as it does md5 checksums of all your binaries/libraries and alerts you of any system changes.
clamav -- antivirus for linux/unix
iptables -- this is your built in linux firewall. Very very powerful.
fail2ban -- this (or other software like denyhosts, blockhosts, etc) good for brute force attacks on your services (like ssh, httpd, etc)
ACL -- check into setting up acl restriction on binaries as well as mounting partitions nosuid or noexec.
You can find various graphical/web frontends for iptable configuration. It's pretty complex so if you're a newbie to Linux or unix in general you may want to search around for a good front end. Otherwise, I suggest just doing it by hand and set up your own iptable rule sets as it gives you more flexability.
Make sure to also apply all the recent patches, disable any services/daemons you don't need running, and for any remote access you enable to your system, lock it down to the specific set of users you want to connect to your system.
Hope that helps.
OK, here's my 54-year old doddering answer.
For important things you can sign up for an instance of Linux on Amazon, connect, do whatever you need to do, and throw the instance away. For stuff that requires only minimal security, cough up some bucks, put on your big boy pants, slap 16 Gig of EE3 RAM into a new HP laptop and run a Linux VM web appliance on VMWare's free player or Virtual Box. Throw a keystroke encryptor on your windows host too. Sure, it's not perfect, but a dang good cheap firewall. Make sure you add Ghostery, first thing, or you'll be tracked by hundreds of different sites. The government/corporations may not come to track you down today, but your comments, even the innocent ones that mention your name, address, friends or family members may come back to haunt you in a few years.
Or maybe next year. Because maybe you're just not paranoid enough yet.
Now, (and it feels good to say this), "GET OFF MY LAWN!"
Please do not read this sig. Thank you.
I disagree. I'm old enough to remember when "tech savy" was someone that could set the clock on a VCR. It's always been this way.
This website is older than a lot of the people who visit it now. I've been here since the very beginning. This site, like many others, began catering to larger populations by dumbing down the content. This of course ups page views and ad clicks. Then the "tech savy" folks move on to other "tech savy" sites and the cycle continues.
I'm just the old guy that kept coming back every few months to check on things and feeling nostalgic.
But I digress. People in the 18-25 age group feel immortal. I know because I was one of them not too long ago. This feeling of youth and being impervious seeps into everything they do, including computer usage. Who needs an AV program? Software updates? Nah I don't need them. It's just how it goes.
They get a little older, a little wiser, life takes a few chunks out of their asses and the cycle continues. It's all just a big joke as the Comedian would say.
This cannot be a surprise to anyone familiar with either the Dunning-Kruger effect, or the tendency of adolescents/young adults to act in denial of their own mortality.
Young people (as a group) do not understand technology better than older people (as a group) do; they just aren't afraid of it. That makes them better at figuring out how to use it, but worse at figuring out how to use it wisely.
http://alternatives.rzero.com/
Much of the reason for that is difficult to blame on the technical people. Companies no longer have budgets for training, let alone following best practices. Compound that with expectation that a technical person can handle any gawd awful technology you tell them they have to support.
5 years ago, I was much better with security than I am now. 5 years ago, I handled Solaris (2 versions), Redhat (2 versions), Sun and HP hardware, 2 vendors HBA cards, and 2 SAN vendors.
Today, 47 operating systems, 3 different PC hardware vendors (unfortunately much is from a home grown slap it together cheap shop), Sun (equipment dating back 12 years to present). OSes must include Windows, ESX, Citrix Xen*, Solaris 8-11, disparate versions of Ubuntu, CentOS, RHEL, Fedora, Gentoo, NetBSD, FreeBSD, plus many tasks that 5 years ago were the job of a staffed Network person. That's in addition to Netapp and some other cheap NAS vendored gear.
I generally laugh when I get recruiter postings for jobs demanding candidates be senior level SAN admin, Unix Admin, Windows Admin, VMWare admin, Cisco Admin, and what ever else they can stick on to a single person's job the sounds technical. I also cry because nobody can be an expert with anything in a market making those demands.
Security has to take a back seat. I just make it a point of telling people when they are demanding insecure solutions to cover my ass.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Replace computing with driving and you have an old problem that just carried over from one area to another. I'm sorry, but with age comes experience and those of us that got our hard knocks in the 1990s when the Internet was new (and honestly a lot less scary) know better because we *KNOW* what can happen. Why does it surprise anyone that inexperience and hubris would lead to problems like lax security? Wow!
There are so many problems with this story. It should never have been posted.
1. It's sponsored in part by ZoneAlarm, and it repeatedly says people should use more security software without discussing the efficacy of that software.
2. The opening sentence is stupid on two fronts:
[A new] report found that 18 – 25s are more confident in their security knowledge than 56 – 65s, but have experienced more security issues in the past two years compared to older users.
People's subjective measure of their confidence in security knowledge is a worthless statistic, and younger people use technology far, far more than older people so of course you'd expect them to experience more security issues.
3. "In comparison, 56 – 65s are more concerned about security and privacy and are twice as likely to protect their computers with additional security software."
The implication being more security software = good. Like if you have MSE already you should really get Norton or maybe buy ZoneAlarm.
4. "Computer security increases in priority with age"
This is completely irrelevant without further discussion (that's not provided). Older people might overprioritize just as younger people might underprioritize, but they jump to the second conclusion since it suits their advertisement.
5. "respondents aged 18 – 25 are less likely to use paid antivirus, 3rd-party firewalls, or integrated security suites than 56 – 65s. 45% of 18 – 25s view security software as too expensive in comparison to 37% of 56 – 65s."
Yet again, conflict of interest, and even then the percentages they do list are not terribly dissimilar and with smallish sample sizes could be statistically indistinguishable. Of course no error bars were reported.
All in all, this is basically an advertisement for ZoneAlarm with irrelevant and questionable statistics (that to be fair are probably not technically wrong) that should never have been posted to /. Again! Bad editors.
Most recruiters will go through the long list of expertise you are looking for, and stick your resume in the circular file as soon as you say "I'm not an expert with that one". From experience, you can get interviews if you bullshit them and say "Fu*$ Yeah!, I'm an expert with any technology!". This is why you have companies training people on the list of 80,000 acronyms one must have in order to get a job in the US, and how to quickly Google answers. Of course I have yet to see someone come from one of those training places and be worth more than a turd in the trashcan when it came to actual knowledge and skills.
I started replying back to people stating that they are not looking for a single person, since no single person could possibly be an expert with what they were asking. I try to do so in a professional manner so they get the point, but at the same time they will receive lots of replies to that same job posting from people that claim to be experts in everything.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
"Experience is the name everyone gives to their mistakes." --Oscar
Casteism