I don't use IE or Chrome or Opera or any other browser because Firefox is the only one that works the way I want to work. Remember the days when software worked for you instead of you working for it? FF lets me customize every last bit and piece and as long as it is comparable (ie 3 seconds instead of 1) then I am more than happy and will be unlikely to switch.
I am sure there are plenty of users who take all the defaults and learn to work within the constraints of IE or etc. but I betcha a majority of \. readers like to set things just so.
There is a limitation of that analysis. I've run XP since it was released without AV or AS or A anything and I have NEVER gotten infected (I came close once when one of my kids downloaded some *.mp3.vbs files and as I clicked on it I realized what I had done and yanked the cord).
If my mom and your mom and everyone's mom and dads and sisters and brothers starting running ubuntu where do you think all the viruses would be then? (and no Viri is NOT the plural of virus!).
Viruses go where they can easily infect many people. That's not Ubuntu today... I would recommend we all get off our high horses and stop worrying about the OS and start getting our moms and dads and everyone to practice safe computing. My father-in-law, who owns a gun and trusts no one, blindly clicks on every link and opens every mail regardless of the sender. We have to redirect our mistrust from our physical neighbors and turn it on our digital friends (get off my virtual lawn!).
I always love this one. I was at Symantec for almost 7 years. I never even saw Norton products. Yes they use to be crap (have gotten aLOT better recently but I still don't run them) but Symantec has a huge stake in the Enterprise networks. I guess most people who bother to respond think their network of 500 users is big. This past year as a consultant working with Symantec products the average network I was in was 70,000+ seats.
John Thompson was smart. 9 years ago he realized the consumer AV space was going to get crowded. The merger with Veritas took longer than was hoped for but now things are going gang busters and most of the Symantec partners have more work than they now what to do with. Sym has dozens of key pieces of software all over the security spectrum. You may not like Norton but don't count them out.
After 16 years in IT I finally accepted a management position in a large company. Yes it is more money and more responsibility but what it isn't is hands on. If you like the techy stuff then stay away from management. In just a few months I already feel like the guys I use to make fun of. If your goal is more money pick up some more certification and then start tossing your resume at the large IT consulting firms. I worked for six years traveling the country as an security consultant. Tough, difficult stuff but I was never bored.
Creationism what's that? I am more concerned about your math thinking (not your math skills). Why would you give her $21.01? Using my trusty windows ME calculator (I used MS Works to spell check that word!) I find that your change would be $14.95 instead of $13.94 from a $20 bill.
If you wanted to confuse/annoy the poor girl why not give her $6.05 and watch the fit that ensues. Or, worse yet, bring an expired coupon next time...
That statement may be true of the users you have seen but since Symantec has the largest number of deployed av clients worldwide the vast majority of whom seem to be satisified judging by new sales I would say YOU are in the minority.
Keep in mind, "tech people" make up just a tiny portion of the computer users population. This is why Dell, Microsoft, Symantec, etc will usually win. They may not have the best product but they have a decent bundle for a perceived reasonable price and good marketing.
Excellent, glad to hear you have no memory leaks running FF without extensions. The primary reason why I choose to use FF is because of the extensions. If I didn't like/need the FF extensions I would run Opera. Opera beats a plain jane FF install on pretty much every count.
Not sure how I feel about this one. On the one hand anyone still using NAV should probably NOT be hanging out in IRC channels. On the other hand, what the heck is IRC? Isn't that kinda like rotary phones? Who still uses IRC besides warez groups and pron seekers?
Anyone currently using Norton is most likely receiving weekly or daily updates. How many companies do you know who try to update their AV software more than once a day? I work in many corporate and enterprise networks where they are pulling updates directly from Symantec's FTP server instead of waiting for LU in the hopes of avoiding the next big attack.
With that in mind, how hard will it be for Symantec to release a fix?
Any one who is not pulling updates at least weekly is completely vulnerable to a host of viruses that will make a "potential" exploit meaningless. Why write new code when I can infect an out of date system with slammer or zotob?
Say what you will but Symantec has perfected the inline automated update mechanism better than anyone.
I finally bit the bullet and replaced my crappy Dell with a custom built AMD. I did weeks of research to make sure I got as quiet a computer as possible. After all the reading I ending up buying a antec sonata case (no extra crap, just roomy and quiet), an AMD CPU with a Zalman Copper cooler.
I already had a 9800 radeon pro with the zalman heat sink and the sonata came with rubber mount cages for my hard drives.
The case is NOT silent but the only sound you hear is a quiet whisper of wind. The only whine comes when A cd/dvd is burning. The Hard drives only a quiet gurgle under heavy load.
Don't waste your time reading about this crap. Antec/Zalman/Newegg. Done.
What I don't get is the costs. These same kids who balk at paying 99 cents for the full song from ITunes will gladly run out and dump $10, $20 a month on snippets of songs with the lowest possible fidelity.
Man do I feel old.
I had to get a new phone a few months ago and then spent the better part of a day turning this crap off. No "ring tone" no wall paper. It's a phone. I don't feel any particular need to "express" myself with some corporations definition of who I am.
Re:Guess you should've spent more than 2 secs read
on
Blink
·
· Score: 1
The quote you gave is a perfect illustration of my point. This book will give validation to instant gratification because people can figure out good from bad instant desicions. The whole idea of an instant desicion is as classic as "judging a book by its cover". We don't like it but if we wrap it in technical terms and provide "studies" to support it and, of course, always use PC responses (at least publically) than we no longer have to give it a second thought.
For you next arguement please share some of your own words. I already read his.
I have to believe this is not the author's intent but the impression I came away with from reading his own words was this books makes it OK to follow our first instincts.
Should I play the lottery? I got a hunch that tonight is the night I am going to win so yes I should play.
Should I buy a new car? Yes, I can figure out how to pay for it later.
Reminds me of the scence from the "Matrix" when Neo asked his girl if she knew how to fly a heliocopter. She replies "not yet" and ten seconds later, after a quick upload, she does.
Instant gratification needs validation and now here is a book to validate not having to give anything more than a quick thought. Another step forward for our instant, microwave society.
Dollars speak louder than complaints
on
Steam Users Steamed
·
· Score: 2, Insightful
according to Vavle they have sold over 1.7 MILLION copies of HL2. Whine all you want as long as everyone buys the games they will keep adding more crap like steam.
Speak with your dollars and stop buying this crap. Find another game or make one of your own.
Since most home users have no desire to even think about computer security you have to started with the absolute basics.
For security I try to get everyone to run Norton Internet Security and a hardware firewall. I don't really care if Norton is the best/worst or somewhere in between but this combination will stop MOST attacks. Spyware/Adware and directed attacks? Well trying to stop those right now for the home user would be like trying to protect your house against a tank. There is only so much you can do with the limited time, resources and brain power that an end user is willing to give to the problem
For parents this is my one essential rule.
The computer MUST be in a public area of the house. No exception. Even if the kid bought it with their own money and they are the only person that uses the computers it will still be in a public area.
And what if you choose to drive on the left hand side of the road? Is that the state limiting your freedoms in not allowing you to make that choice as well?
A free society is a compromise with its citizens. We give a little we get a little. We all agree to drive on the right hand side and we get plenty of roads and fewer accidents.
Social Security is that type of compromise. FDR watched as the eldery, disabled and unemployed were dying in the streets. Completely destitue. Social Security was designed to help those less fortunate. If you are one of the more fortunates, blessed with good health, good education and a good job count yourself lucky. And now consider the millions of elderly, blind, deaf, orphaned citizens that share the land of the free with you and how well you would sleep at night knowing some of them lay dying in the streets while you enjoyed being able to afford that 50" HDTV instead of having to settle for only 35"
As others have noted using one source, a comedian at that, for news is arguably worse than not reading the news at all.
I find Mr. Stewart entertaining, sometimes insightful and always timely but he is just one small source of information in an ever expanding array of mediums./., google, cnn, harpers, christian science monitor, etc are just some of the sources of information available.
Calling Mr. Stewart a hero would be equilavent to worhsipping beevus and butthead. Mr. Stewart may be funny and, more importantly, he may be right but that his is luxury, not yours. Just because you listen to a smart man doesn't make you smart. Wisdom is gained not from one master but from many.
What Mr. Stewart was commenting on was the whole system. As an outsider to polticial news he has a unique position. Popular enough to say what he feels but knowing he must always tap dance for the kids. Kinda like having a clown at the birthday party deliver an anti-drug message. The kiddies are not there to hear the antidrug message they are there to see the clown.
I would give serious consideration to re-evaluting your current world view. I would encourage your friends to do the same or someday we may all wake up and find that discourse, political and otherwise, has fallen to the lowest level. No longer will we care what the news is as long as it is told with a snide and a cynical smirk
1. SSL would effectively block this attack IF the user pays attention to invalid certs. Your browser contains certain CAs it trusts and, unless they had control of your PC which is certainly possible but was not done in this case, the CA they would use would be invalid and generate that pop-up box telling you so. If you ignore that box and click yes you do so at your own peril.
2. What about it? Once the data is on wifi than it is fair game for any type of manipulation. That is why they have 2 nics. The first nic "hears" your request for content "GET" and then responded much more quickly than the remote web server can with the corrupted "POST". When the correct information finally gets to your PC it is simply ignored as invalid TCP traffic and a RST packet is generated.
3. WEP would have stopped it in this instant. WEP is breakable but requires a good amount of data to be sent over the wire. Since your average user is not going to send GBs of data over HTTP and the processing power needed to break 100s of connection would be more than a couple of laptops could handle this attack would have been alot less fun. Still possible but would need to be much more dedicated. I run WEP at home, I know it will not stop the determined hacker but the casual war-drive will ignore me in favor of my many neighbors with open APs.
4. You are correct AS LONG AS you pay attention to the cert's trail. SSL really is two seperate pieces in my mind. 1 - encryption - End - To - End data encryption and 2 - Trust - I know the data I am receiving comes from the correct website. This is done with certificates. Since there is no God of the internet and we have to trust someone initially companies like verisign, etc have working with Microsoft, Mozilla, etc to get their root certs pre-installed in your browser. Anybody can generate a certificate but only companies that have passed the "Idenitifcation Test" with Verisgin or whoever can issue certs that will have the proper path back to a valid root cert. Please note Verisign has been duped before and even given out valid MS certs to non-microsoft organizations.
You may think it is lame but it is actually a harmless example of things to come. Why is wardriving so popular? Because 90% of the APs do NOT use WEP. If everyone used WEP that would stop casual attacks. Consider two fences. One a 3-ft high fence. This fence is only going to stop people who don't want to go in. The 2nd fence is 10' high with barbed wire. This can still be overcome but will require some dedication. That is the difference between open and WEP. The problem is nobody uses WEP so this attack will work most of the time with ease.
Slashdot Mirror
I don't use IE or Chrome or Opera or any other browser because Firefox is the only one that works the way I want to work. Remember the days when software worked for you instead of you working for it? FF lets me customize every last bit and piece and as long as it is comparable (ie 3 seconds instead of 1) then I am more than happy and will be unlikely to switch.
I am sure there are plenty of users who take all the defaults and learn to work within the constraints of IE or etc. but I betcha a majority of \. readers like to set things just so.
-Joe
I doubt it. Many people (including myself) run the same config and \. loads almost instantly for me every time.
There is a limitation of that analysis. I've run XP since it was released without AV or AS or A anything and I have NEVER gotten infected (I came close once when one of my kids downloaded some *.mp3.vbs files and as I clicked on it I realized what I had done and yanked the cord).
If my mom and your mom and everyone's mom and dads and sisters and brothers starting running ubuntu where do you think all the viruses would be then? (and no Viri is NOT the plural of virus!).
Viruses go where they can easily infect many people. That's not Ubuntu today... I would recommend we all get off our high horses and stop worrying about the OS and start getting our moms and dads and everyone to practice safe computing. My father-in-law, who owns a gun and trusts no one, blindly clicks on every link and opens every mail regardless of the sender. We have to redirect our mistrust from our physical neighbors and turn it on our digital friends (get off my virtual lawn!).
-Joe
bias: I use to work for Symantec 3 years ago.
I always love this one. I was at Symantec for almost 7 years. I never even saw Norton products. Yes they use to be crap (have gotten aLOT better recently but I still don't run them) but Symantec has a huge stake in the Enterprise networks. I guess most people who bother to respond think their network of 500 users is big. This past year as a consultant working with Symantec products the average network I was in was 70,000+ seats.
John Thompson was smart. 9 years ago he realized the consumer AV space was going to get crowded. The merger with Veritas took longer than was hoped for but now things are going gang busters and most of the Symantec partners have more work than they now what to do with. Sym has dozens of key pieces of software all over the security spectrum. You may not like Norton but don't count them out.
As usual and excellent analysis by Ars. Here's my takeway
The taskbar? That's it? That's why I should go to Vista/Windows 7? Ooof! All these wasted years with my inferior taskbar.
It's like lasy year when the new BMW's came out and they had an improved cup-holder. Man I traded in my old one that day!
What gives? I have been remote waking my computers for 2 years and I was late to the game.
http://www.depicus.com/wake-on-lan/woli.aspx
If you got a router that forwards broadcast traffic & you know the MAC of your WOL enabled NIC it's easy to do.
-Joe
After 16 years in IT I finally accepted a management position in a large company. Yes it is more money and more responsibility but what it isn't is hands on. If you like the techy stuff then stay away from management. In just a few months I already feel like the guys I use to make fun of. If your goal is more money pick up some more certification and then start tossing your resume at the large IT consulting firms. I worked for six years traveling the country as an security consultant. Tough, difficult stuff but I was never bored.
Creationism what's that? I am more concerned about your math thinking (not your math skills). Why would you give her $21.01? Using my trusty windows ME calculator (I used MS Works to spell check that word!) I find that your change would be $14.95 instead of $13.94 from a $20 bill.
If you wanted to confuse/annoy the poor girl why not give her $6.05 and watch the fit that ensues. Or, worse yet, bring an expired coupon next time...
Point of fact:
"Then you're a minority."
That statement may be true of the users you have seen but since Symantec has the largest number of deployed av clients worldwide the vast majority of whom seem to be satisified judging by new sales I would say YOU are in the minority.
Keep in mind, "tech people" make up just a tiny portion of the computer users population. This is why Dell, Microsoft, Symantec, etc will usually win. They may not have the best product but they have a decent bundle for a perceived reasonable price and good marketing.
Warmest regards
Mr. Smooth
Excellent, glad to hear you have no memory leaks running FF without extensions. The primary reason why I choose to use FF is because of the extensions. If I didn't like/need the FF extensions I would run Opera. Opera beats a plain jane FF install on pretty much every count.
Not sure how I feel about this one. On the one hand anyone still using NAV should probably NOT be hanging out in IRC channels. On the other hand, what the heck is IRC? Isn't that kinda like rotary phones? Who still uses IRC besides warez groups and pron seekers?
This movie would have been hysterical 15 years ago when Revenge of the Nerds was out but now it just seems dated and sterotyped.
Anyone currently using Norton is most likely receiving weekly or daily updates. How many companies do you know who try to update their AV software more than once a day? I work in many corporate and enterprise networks where they are pulling updates directly from Symantec's FTP server instead of waiting for LU in the hopes of avoiding the next big attack.
With that in mind, how hard will it be for Symantec to release a fix?
Any one who is not pulling updates at least weekly is completely vulnerable to a host of viruses that will make a "potential" exploit meaningless. Why write new code when I can infect an out of date system with slammer or zotob?
Say what you will but Symantec has perfected the inline automated update mechanism better than anyone.
www.ewiz.com
about 10% cheaper than new egg and they accept returns on motherboards (unlike NewEgg). I WAS a big newegg fan until I found this site.
I finally bit the bullet and replaced my crappy Dell with a custom built AMD. I did weeks of research to make sure I got as quiet a computer as possible. After all the reading I ending up buying a antec sonata case (no extra crap, just roomy and quiet), an AMD CPU with a Zalman Copper cooler.
I already had a 9800 radeon pro with the zalman heat sink and the sonata came with rubber mount cages for my hard drives.
The case is NOT silent but the only sound you hear is a quiet whisper of wind. The only whine comes when A cd/dvd is burning. The Hard drives only a quiet gurgle under heavy load.
Don't waste your time reading about this crap. Antec/Zalman/Newegg. Done.
What I don't get is the costs. These same kids who balk at paying 99 cents for the full song from ITunes will gladly run out and dump $10, $20 a month on snippets of songs with the lowest possible fidelity.
Man do I feel old.
I had to get a new phone a few months ago and then spent the better part of a day turning this crap off. No "ring tone" no wall paper. It's a phone. I don't feel any particular need to "express" myself with some corporations definition of who I am.
Sorry... http://www.symantec.com/avcenter/security/Content/ 2005.02.08.html
http://www.symantec.com/avcenter/security/Content/ 2005.02.08.html
The quote you gave is a perfect illustration of my point. This book will give validation to instant gratification because people can figure out good from bad instant desicions. The whole idea of an instant desicion is as classic as "judging a book by its cover". We don't like it but if we wrap it in technical terms and provide "studies" to support it and, of course, always use PC responses (at least publically) than we no longer have to give it a second thought.
For you next arguement please share some of your own words. I already read his.
I have to believe this is not the author's intent but the impression I came away with from reading his own words was this books makes it OK to follow our first instincts.
Should I play the lottery? I got a hunch that tonight is the night I am going to win so yes I should play.
Should I buy a new car? Yes, I can figure out how to pay for it later.
Reminds me of the scence from the "Matrix" when Neo asked his girl if she knew how to fly a heliocopter. She replies "not yet" and ten seconds later, after a quick upload, she does.
Instant gratification needs validation and now here is a book to validate not having to give anything more than a quick thought. Another step forward for our instant, microwave society.
according to Vavle they have sold over 1.7 MILLION copies of HL2. Whine all you want as long as everyone buys the games they will keep adding more crap like steam.
Speak with your dollars and stop buying this crap. Find another game or make one of your own.
Since most home users have no desire to even think about computer security you have to started with the absolute basics.
For security I try to get everyone to run Norton Internet Security and a hardware firewall. I don't really care if Norton is the best/worst or somewhere in between but this combination will stop MOST attacks. Spyware/Adware and directed attacks? Well trying to stop those right now for the home user would be like trying to protect your house against a tank. There is only so much you can do with the limited time, resources and brain power that an end user is willing to give to the problem
For parents this is my one essential rule.
The computer MUST be in a public area of the house. No exception. Even if the kid bought it with their own money and they are the only person that uses the computers it will still be in a public area.
And what if you choose to drive on the left hand side of the road? Is that the state limiting your freedoms in not allowing you to make that choice as well?
A free society is a compromise with its citizens. We give a little we get a little. We all agree to drive on the right hand side and we get plenty of roads and fewer accidents.
Social Security is that type of compromise. FDR watched as the eldery, disabled and unemployed were dying in the streets. Completely destitue. Social Security was designed to help those less fortunate. If you are one of the more fortunates, blessed with good health, good education and a good job count yourself lucky. And now consider the millions of elderly, blind, deaf, orphaned citizens that share the land of the free with you and how well you would sleep at night knowing some of them lay dying in the streets while you enjoyed being able to afford that 50" HDTV instead of having to settle for only 35"
Let them eat cake.
As others have noted using one source, a comedian at that, for news is arguably worse than not reading the news at all.
/., google, cnn, harpers, christian science monitor, etc are just some of the sources of information available.
I find Mr. Stewart entertaining, sometimes insightful and always timely but he is just one small source of information in an ever expanding array of mediums.
Calling Mr. Stewart a hero would be equilavent to worhsipping beevus and butthead. Mr. Stewart may be funny and, more importantly, he may be right but that his is luxury, not yours. Just because you listen to a smart man doesn't make you smart. Wisdom is gained not from one master but from many.
What Mr. Stewart was commenting on was the whole system. As an outsider to polticial news he has a unique position. Popular enough to say what he feels but knowing he must always tap dance for the kids. Kinda like having a clown at the birthday party deliver an anti-drug message. The kiddies are not there to hear the antidrug message they are there to see the clown.
I would give serious consideration to re-evaluting your current world view. I would encourage your friends to do the same or someday we may all wake up and find that discourse, political and otherwise, has fallen to the lowest level. No longer will we care what the news is as long as it is told with a snide and a cynical smirk
Perhaps it already is too late.
Regards
Joe Smooth
To Actually answer your questions.
1. SSL would effectively block this attack IF the user pays attention to invalid certs. Your browser contains certain CAs it trusts and, unless they had control of your PC which is certainly possible but was not done in this case, the CA they would use would be invalid and generate that pop-up box telling you so. If you ignore that box and click yes you do so at your own peril.
2. What about it? Once the data is on wifi than it is fair game for any type of manipulation. That is why they have 2 nics. The first nic "hears" your request for content "GET" and then responded much more quickly than the remote web server can with the corrupted "POST". When the correct information finally gets to your PC it is simply ignored as invalid TCP traffic and a RST packet is generated.
3. WEP would have stopped it in this instant. WEP is breakable but requires a good amount of data to be sent over the wire. Since your average user is not going to send GBs of data over HTTP and the processing power needed to break 100s of connection would be more than a couple of laptops could handle this attack would have been alot less fun. Still possible but would need to be much more dedicated. I run WEP at home, I know it will not stop the determined hacker but the casual war-drive will ignore me in favor of my many neighbors with open APs.
4. You are correct AS LONG AS you pay attention to the cert's trail. SSL really is two seperate pieces in my mind. 1 - encryption - End - To - End data encryption and 2 - Trust - I know the data I am receiving comes from the correct website. This is done with certificates. Since there is no God of the internet and we have to trust someone initially companies like verisign, etc have working with Microsoft, Mozilla, etc to get their root certs pre-installed in your browser. Anybody can generate a certificate but only companies that have passed the "Idenitifcation Test" with Verisgin or whoever can issue certs that will have the proper path back to a valid root cert. Please note Verisign has been duped before and even given out valid MS certs to non-microsoft organizations.
You may think it is lame but it is actually a harmless example of things to come. Why is wardriving so popular? Because 90% of the APs do NOT use WEP. If everyone used WEP that would stop casual attacks. Consider two fences. One a 3-ft high fence. This fence is only going to stop people who don't want to go in. The 2nd fence is 10' high with barbed wire. This can still be overcome but will require some dedication. That is the difference between open and WEP. The problem is nobody uses WEP so this attack will work most of the time with ease.
Regards