As a further note, here's my security settings on my systems. No doubt I could probably use some IE settings to lockdown further:
-DEP is enabled system-wide with the "OptOut" setting for DEP (allows me to add exceptions for apps that just don't play nicely.) -SEHOP protection is enabled system-wide. -ASLR is Opt-In (Apparently there are problems with mandatory ASLR with some applications) -I've used the EMET 2.1 tool to configure Java, Adobe products (Flash/Reader), IE, FF, Chrome for as many protections as possible (Heap Spray protection, ASLR even in instances where they don't use it) -Fully updated system with the latest updates for pretty much everything. -Microsoft Security Essentials 2.0 using realtime monitoring. -Utilizing IE9 to browse the web (though Chrome would suffice) -UAC kicked all the way to the maximum setting.
Further security:
-Work laptop is encrypted with AES-256 Bitlocker (7200 RPM drive, CPU with AES-NI instructions) -Bitlocker configured with TPM/Pin.
None of this is perfect, but it's far more than most have:P
If you really think your system is secure, I've got a few vulnerabilities to show you. You should not be allowed access to a computer--ever. It's not *JUST* about "not downloading bad stuff and running it." With the massive amount of IFRAME and XSS attacks that go on your system is EXTREMELY vulnerable without even the most basic protections installed. You could have downloaded something and never have known you did it.
Granted, keeping 100% updated on all applications that you use (This includes browsers, browser-based plugins, Windows, even browsers you don't use because you use something else) is a REALLY good way to protect your system from MOST of the problems out there, it is not full proof. There are attacks that use 0-day exploits that you, I, and others don't know about.
The protections put in place with Vista/7, and some extra protections you can get *on top of those* with the Enhanced Mitigation Experience Toolkit goes MUCH FURTHER to providing a more secure host for surfing the net.
But again, it's not perfect. and a multi-tiered approach involving anti-phishing (built in IE8, enhanced in IE9, included in FF4 and Chrome as well; also provided by various AV vendor toolbars, like Symantec), anti-virus/malware, and these protections go MUCH further.
Do they? Competition arises as a result of abuse of natural monopolies? I haven't seen any example of this. Why? Because people are very easily swayed by the most basic of points.
As an example, no local producer of goods could ever compete with the likes of Walmart as Walmart, system-wide, could adjust pricing to make up for reduced pricing in a given area. There's no such thing as "competition" when going up against mega corps such as that.
But what policies were put in place that made AT&T a government protected monopoly? As far as wireless is concerned, with limited spectrum, how exactly would you enforce spectrum interference policies so devices wouldn't overlap? How's that Wireless B/G work for you when you turn on a microwave or a cordless phone?
In the absence of a federalized, representative government, explain how the average citizen/common man would be able to have a say on the direction of their environment. Explain in detail how, for example, you could prevent upstream pollution of rivers and runoff.
Explain in detail where we would get an army to combat a corporation's privately contracted militia (See: Xe/Blackwater).
If you took "government" out of the equation, how exactly would the "free market" have changed things? By all means, please cite examples where the "free market" has helped any major economic power. In addition to this, cite details on where the government legislation hinders competition by preventing small businesses from flourishing. Also state how legislation has helped to create and protect monopolies rather than dissolve them.
Explain the meaning of "natural monopoly" and how it applies to water, electricity, and data services. Explain how the government creates natural monopolies and which policies prevent competition in these areas.
Explain how reducing the power of a federal government would increase competition amongst say, data providers (this is slashdot, right?). List examples where consumers have a choice of comparable data services in individual apartment buildings. Comparable data services are wired vs. wired connections versus wired vs. wireless.
I've been driving for the better part of the past 10 years, have had no at-fault accidents and drive very safely. I do a mix of city driving and long range highway driving. I spend a majority of the time of driving in the left lane with cruise control on (I live in a state where we don't have a keep right law).
I can assure you that I have almost *never* encountered a person in the "fast lane" going beneath the speed limit except in the cases of congestion.
What I can tell you, however, is that no matter how "fast" I am going in the "fast lane" (60mph, 70mph, 80mph, even 90mph at times)--there is always at least *someone* that wants to go faster.
So your claims of "people going 10 under" in the "fast" lane are unfounded and coming from someone that is likely one of the people above.
There's a strong chance that user won't even give a damn. They're not going to curb their usage because of a minor increase in the bill. They just pay it.
So in the REAL world, this does nothing.
FYI: I'm a pretty "light" user of my iPhone. I have an "unlimited" plan grandfathered in but I keep up with my usage occasionally to see where I sit at. I don't really use it all that often. That is, any sort of heavy downloading I usually only do through wireless. I browse the occasional website on the phone, I use the GPS and e-mail more than I use anything else on the phone.
My current usage this month? 435MB. AT&T's data plans? 250MB and 2GB. Now think about that for a minute there, long and hard. There is no possible way that any person humanly possible uses less than 250MB of data on their iPhone unless they don't have an iPhone. I only on any really rare occasion actually use my phone for more than GPS or e-mail, and I'm blazing past 250MB. But according to their "research", "MOST USERS USE BELOW THIS." How is that possible?
I can only imagine that "poorer" people use much more of their phone than I do, the average person listening to music over youtube while driving in the car, etc. Downloading songs all of the time.
Oh come on, you gotta look at it from their side! Why drop the price of the game to $20 when they can make selling 2nd-hand copies illegal and sell it for $60!?
That's because Apple only targets one market, and the cost is usually rolled into Apple's hardware products rather than the OS.
Microsoft on the other hand creates a product that is used by children, old people, basic users, corporate desktops, etc. Given the amount of vertical spread Microsoft's products have they do a damn good job and do a better job in that arena than any other OS vendor.
Security problems exist everywhere. If you're too naive to assume that you don't need some sort of active filtering/scanning on your Linux PC, you're wrong.
And yes, you can get rootkits on a *nix operating system.
For some reason there is a subset of people that believe they need to do this to "keep their Windows clean", though there's really no need to.
It's the same camp of people that think Registry Cleaners are a good idea, and shutting off services they don't understand will massively help speed up their computer.
That said, applications on any OS can leave junk libraries sitting around doing nothing, old versions of libraries that exist, etc--and I think that's the primary reason for doing this, but that's not purely a Windows problem. I've seen aptitude on Ubuntu really not do some uninstalls cleanly before.
These problems won't affect 95% of users. Running these sorts of attacks on end users is a bit of a waste, and something this complicated would be saved for more important targets.
A vast majority of infections out there are things that you're already guarded against if you keep your system updated.
can only see what's already been put onto your system and is either there or executing. By then it's too late and your machine is compromised and needs to be re-imaged.
This is kind of the point. You wouldn't even know it was there unless you had some sort of antivirus detection in place.
I fail to see how anything you've stated has contradicted me. And just because a virus gets on your system doesn't mean all is lost--it could be as simple as clearing out a website directory, or cleaning up a user profile. It vastly depends on the types of vulnerabilities used by that particular piece of malware and what their end goal is.
I think you're mistakenly assuming that the goal of all trojan/malware authors is to root the system, which while is the case in a lot of instances, it doesn't have to be. I've seen plenty of trojans live within a user's download/temporary internet cache directory and do just that. The only time the viruses want root privileges is because they *can* get it relatively easily, or they want to have better hiding techniques.
But in the world of "LOL ANTIVIRUSES ARE USELESS!", they really wouldn't need root access.
This scene on Slashdot is sad. It's funny how people on here say "Antiviruses are useless." and "Linux does't need an antivirus."
Antiviruses are but one part of a defense-in-depth system and while aren't the be-all-end-all of security for a user, it is indeed a very useful item. Patching security vulnerabilities doesn't get rid of the trojans/viruses after the fact.
And it's entirely possible a piece of malware could get on to your system through a zero-day, unless I assume you're running a fully managed SELinux distribution on your desktop, which I doubt.
Slashdot Mirror
As a further note, here's my security settings on my systems. No doubt I could probably use some IE settings to lockdown further:
:P
-DEP is enabled system-wide with the "OptOut" setting for DEP (allows me to add exceptions for apps that just don't play nicely.)
-SEHOP protection is enabled system-wide.
-ASLR is Opt-In (Apparently there are problems with mandatory ASLR with some applications)
-I've used the EMET 2.1 tool to configure Java, Adobe products (Flash/Reader), IE, FF, Chrome for as many protections as possible (Heap Spray protection, ASLR even in instances where they don't use it)
-Fully updated system with the latest updates for pretty much everything.
-Microsoft Security Essentials 2.0 using realtime monitoring.
-Utilizing IE9 to browse the web (though Chrome would suffice)
-UAC kicked all the way to the maximum setting.
Further security:
-Work laptop is encrypted with AES-256 Bitlocker (7200 RPM drive, CPU with AES-NI instructions)
-Bitlocker configured with TPM/Pin.
None of this is perfect, but it's far more than most have
If you really think your system is secure, I've got a few vulnerabilities to show you. You should not be allowed access to a computer--ever. It's not *JUST* about "not downloading bad stuff and running it." With the massive amount of IFRAME and XSS attacks that go on your system is EXTREMELY vulnerable without even the most basic protections installed. You could have downloaded something and never have known you did it.
Granted, keeping 100% updated on all applications that you use (This includes browsers, browser-based plugins, Windows, even browsers you don't use because you use something else) is a REALLY good way to protect your system from MOST of the problems out there, it is not full proof. There are attacks that use 0-day exploits that you, I, and others don't know about.
The protections put in place with Vista/7, and some extra protections you can get *on top of those* with the Enhanced Mitigation Experience Toolkit goes MUCH FURTHER to providing a more secure host for surfing the net.
But again, it's not perfect. and a multi-tiered approach involving anti-phishing (built in IE8, enhanced in IE9, included in FF4 and Chrome as well; also provided by various AV vendor toolbars, like Symantec), anti-virus/malware, and these protections go MUCH further.
Of course, the egg-heads have figured it out.
It's called IPv6 Privacy Extensions. Look it up.
You are speaking in IPv4 terms, in what "already happens" and not "what could be".
Do they? Competition arises as a result of abuse of natural monopolies? I haven't seen any example of this. Why? Because people are very easily swayed by the most basic of points.
As an example, no local producer of goods could ever compete with the likes of Walmart as Walmart, system-wide, could adjust pricing to make up for reduced pricing in a given area. There's no such thing as "competition" when going up against mega corps such as that.
But what policies were put in place that made AT&T a government protected monopoly? As far as wireless is concerned, with limited spectrum, how exactly would you enforce spectrum interference policies so devices wouldn't overlap? How's that Wireless B/G work for you when you turn on a microwave or a cordless phone?
Furthermore:
In the absence of a federalized, representative government, explain how the average citizen/common man would be able to have a say on the direction of their environment. Explain in detail how, for example, you could prevent upstream pollution of rivers and runoff.
Explain in detail where we would get an army to combat a corporation's privately contracted militia (See: Xe/Blackwater).
If you took "government" out of the equation, how exactly would the "free market" have changed things? By all means, please cite examples where the "free market" has helped any major economic power. In addition to this, cite details on where the government legislation hinders competition by preventing small businesses from flourishing. Also state how legislation has helped to create and protect monopolies rather than dissolve them.
Explain the meaning of "natural monopoly" and how it applies to water, electricity, and data services. Explain how the government creates natural monopolies and which policies prevent competition in these areas.
Explain how reducing the power of a federal government would increase competition amongst say, data providers (this is slashdot, right?). List examples where consumers have a choice of comparable data services in individual apartment buildings. Comparable data services are wired vs. wired connections versus wired vs. wireless.
Go!
@AC
I've been driving for the better part of the past 10 years, have had no at-fault accidents and drive very safely. I do a mix of city driving and long range highway driving. I spend a majority of the time of driving in the left lane with cruise control on (I live in a state where we don't have a keep right law).
I can assure you that I have almost *never* encountered a person in the "fast lane" going beneath the speed limit except in the cases of congestion.
What I can tell you, however, is that no matter how "fast" I am going in the "fast lane" (60mph, 70mph, 80mph, even 90mph at times)--there is always at least *someone* that wants to go faster.
So your claims of "people going 10 under" in the "fast" lane are unfounded and coming from someone that is likely one of the people above.
Here's a tip for you: slow the fuck down.
If (customers_who_want_movies > customers_who_want_rooted_phones) then
phone.lock();
movies.play();
end
Oh, and another fact:
There's a strong chance that user won't even give a damn. They're not going to curb their usage because of a minor increase in the bill. They just pay it.
So in the REAL world, this does nothing.
FYI: I'm a pretty "light" user of my iPhone. I have an "unlimited" plan grandfathered in but I keep up with my usage occasionally to see where I sit at. I don't really use it all that often. That is, any sort of heavy downloading I usually only do through wireless. I browse the occasional website on the phone, I use the GPS and e-mail more than I use anything else on the phone.
My current usage this month? 435MB. AT&T's data plans? 250MB and 2GB. Now think about that for a minute there, long and hard. There is no possible way that any person humanly possible uses less than 250MB of data on their iPhone unless they don't have an iPhone. I only on any really rare occasion actually use my phone for more than GPS or e-mail, and I'm blazing past 250MB. But according to their "research", "MOST USERS USE BELOW THIS." How is that possible?
I can only imagine that "poorer" people use much more of their phone than I do, the average person listening to music over youtube while driving in the car, etc. Downloading songs all of the time.
If you have 100 people downloading < 1GB each, and one person downloading 100GB, where's the problem?
No, the problem is over subscription. To even consider blaming the end user (no matter their usage) for this is obscene and disgusting.
But it's nice to see company shills taking over slashdot's comment boards. How much do they pay you to talk out of your ass?
Oh come on, you gotta look at it from their side! Why drop the price of the game to $20 when they can make selling 2nd-hand copies illegal and sell it for $60!?
I totally agree with you. Btw, flea markets rule--the only places left in America where bartering and haggling are still very valid.
That's because Apple only targets one market, and the cost is usually rolled into Apple's hardware products rather than the OS.
Microsoft on the other hand creates a product that is used by children, old people, basic users, corporate desktops, etc. Given the amount of vertical spread Microsoft's products have they do a damn good job and do a better job in that arena than any other OS vendor.
Security problems exist everywhere. If you're too naive to assume that you don't need some sort of active filtering/scanning on your Linux PC, you're wrong.
And yes, you can get rootkits on a *nix operating system.
For some reason there is a subset of people that believe they need to do this to "keep their Windows clean", though there's really no need to.
It's the same camp of people that think Registry Cleaners are a good idea, and shutting off services they don't understand will massively help speed up their computer.
That said, applications on any OS can leave junk libraries sitting around doing nothing, old versions of libraries that exist, etc--and I think that's the primary reason for doing this, but that's not purely a Windows problem. I've seen aptitude on Ubuntu really not do some uninstalls cleanly before.
Just throwing this out there:
These problems won't affect 95% of users. Running these sorts of attacks on end users is a bit of a waste, and something this complicated would be saved for more important targets.
A vast majority of infections out there are things that you're already guarded against if you keep your system updated.
Oh, and they also did things on the county level as well.
Pretty simple. Look up "Comcast Exclusivity Agreements"
This apparently changed in 2007, but 4 years is not enough time to undo the damage of decades.
http://en.wikipedia.org/wiki/Natural_monopoly
The residents of Fukushima I'm sure share your sentiments.
Adequate hardware?
You do know that the technology used there was powered by *miles* of fiber cable, right? With probably millions in contracting fees to get it all run.
Yes, let's break the laws of physics to make wifi work *exactly* like you want it to work.
can only see what's already been put onto your system and is either there or executing. By then it's too late and your machine is compromised and needs to be re-imaged.
This is kind of the point. You wouldn't even know it was there unless you had some sort of antivirus detection in place.
I fail to see how anything you've stated has contradicted me. And just because a virus gets on your system doesn't mean all is lost--it could be as simple as clearing out a website directory, or cleaning up a user profile. It vastly depends on the types of vulnerabilities used by that particular piece of malware and what their end goal is.
I think you're mistakenly assuming that the goal of all trojan/malware authors is to root the system, which while is the case in a lot of instances, it doesn't have to be. I've seen plenty of trojans live within a user's download/temporary internet cache directory and do just that. The only time the viruses want root privileges is because they *can* get it relatively easily, or they want to have better hiding techniques.
But in the world of "LOL ANTIVIRUSES ARE USELESS!", they really wouldn't need root access.
This scene on Slashdot is sad. It's funny how people on here say "Antiviruses are useless." and "Linux does't need an antivirus."
Antiviruses are but one part of a defense-in-depth system and while aren't the be-all-end-all of security for a user, it is indeed a very useful item. Patching security vulnerabilities doesn't get rid of the trojans/viruses after the fact.
And it's entirely possible a piece of malware could get on to your system through a zero-day, unless I assume you're running a fully managed SELinux distribution on your desktop, which I doubt.