I work for an ISP. Here is a random jumble of my thoughts in reference to some of what has been discussed in this thread.
CLECs have been mandated to run IPv6 by year end 2008.
I think that our best bet will be to run IPv4 internally and IPv6 externally, at least until we have a better handle on how IPv6 runs in the wild. Then when we understand the quirks we can bring it inside our networks.
Setting up IPSec for every transaction you make would be an overhead killer. Think of the dial-up users that still exist out there.
The idea of there being so many addresses that you can't possibly hit them at random is not something I want to base my customer's or my security on. All you would have to do is compromise one ARP table to get a list of other targets. The way routing works isn't really going to change either, so a routing table would work just as well.
Anyway, I want an SPI firewall that places a boundary between my internal network and the internet. The IP address shortage is not the only reason that those boundaries exist. I honestly don't care if there were to be an infinite number of addresses. I have to think in terms of worst case scenarios because I will lose customers if I don't. Information is the most valuable commodity in our world today, and as long as that is true firewalls MUST be set to the maximum functional level of restrictiveness.
The people with interests in Defense tout numbers that say we spend too much on Human Services, and the people with interests in Human Services tout numbers that say we spend too much on Defense. Personally, I think they are both right. We as a nation spend too much money. If we eliminated half the bureaucrats in DC, we would get more done. When you spend more money then you take in, that causes problems down the road. If I ran my house or business the way the US is run financially, I would be doing serious jail time.
Defense: We spend too much money on development of technologies that will NEVER be used. Missile defense is irrelevant when you take into account the fact that you can do more damage with a guy with a suitcase then with a missile. And those figures DON'T include the "Emergency Spending" bills that have been passed.
Education: We spend too much money on mid-level patronage jobs. And we have done nothing to teach our children how to think critically. The kids that I have seen are taught to parrot information and conform. We wonder why our kids aren't that creative? We need to spend our money on programs that teach kids how to access, analyze and implement information as opposed to barfing it back up on tests.
I am a cynic, but how could I look at politics and not be?
In his essay WALDO, Robert Heinlein (ahead of his time again), (link to a synopsis http://www.wegrokit.com/jmwami.htm), raises some concerns regarding the health implications of this type of technology. With all of the radiant energy that we are already pumping through ourselves, what are the health implications of this technology?
This won't be adopted in my house until the health implications are sufficiently addressed.
I, too, have trouble unplugging. I am constantly surfing, e-mailing, watching, and listening. I have started to have a once a month "Disconnect Day". This day consists of turning off the computers, phones(all), tv's and radio and reading a book, working in the garden, going hiking, kayaking, biking, having conversations with my wife, playing board games. I am sure that you can think of things that you would like to do on a "Disconnect Day" yourself. I always find myself to be rejuvenated after a day of rest from input bombardment.
I think that blood boiling was a little too mild for my reaction. This kind of white collar crime affects so many more people than one guy robbing a convenience store, but these guys just get slapped on the wrist. I have a much better idea. Lets send these alleged people to places like Riker's Island. http://en.wikipedia.org/wiki/Rikers_Island Put them in GP and let them experience real imprisonment. I guarantee you that there will be a huge downturn in white collar crime after some executive who bilked investors of millions does hard time.
"The default in Windows is now to have no open ports as well due to the Firewall,"
The Windows Firewall is worthless, and does very little against any kind of attack. See the results of http://www.firewallleaktester.com/. The windows firewall in reality is more "security blanket" than Security. The point of many complaints that you wil see here is that there are so many backdoors to the core components of MS operating systems that security is a nightmare. Personally I agree with your analysis of the state of anti-malware. I just think that there is too much financial incentive for a completely secure end-user OS to not be designed. Just my cynicism speaking.
Thank you, I do understand your perspective. I am coming at the idea from a different angle than most on here. I am more interested in end-user usability because I work for an ISP. Most of my customers can barely use the PC they have. I hope that someone can rival Windows for usability and have actual secure code. Sorry if I snapped back, I get a bit riled myself, as I clean these machines that have bearshare, limewire and kazaa on and have more trojans than legit files on them.
"Perhaps you should be a little more conservative with your metaphors. Your metaphor was dangerously close to some arrogant, aristocratic racism I hear regularly. In any case, I've yet to see a correlation between people who merely visit sites and who become infected with malware and certainly nothing to demonstrate causality."
I grew up in some of the worst neighborhoods of NY and Philly, you don't have to tell me about racism or as they say in Philly Zipcodeism where job apps from certain zipcodes get thrown out unlooked at. My experience with the malware issue is that of an ISP cleaning machines that are infected with malware. the correlations that I have seen are porn - spambots, gambling - trojans/keyloggers, gamecheat/filesharing - trojans/toolbars.
"Most malware (by infection number) does not spread through Websites at all. Of that which does, a good portion is posted on public forums and on cracked servers of all kinds. I'm looking at the infected host list for an entire class A right now as well as a list of the DNS request history for them. The vast majority has no correlation at all because most infections do not spread from a particular kind of Website. The only correlation I know of is particular sites that trick people into installing some sort of malware, often spyware."
The first thing I would like to know is where your data is coming from and which time period you are using for your data. According to a symantec white paper http://securityresponse.symantec.com/avcenter/refe rence/techniques.of.adware.and.spyware.pdf "Most adware and spyware programs are obtained initially by BROWSING THE WEB or along with some unrelated ad-supported software. The programs are rarely installed from a conspicuous website, but rather through social engineering banner ads, drive-by-downloads, and through peer-to-peer networks with misleading filenames. Some adware and spyware programs are even installed by exploiting software vulnerabilities." (Caps added) from p8 of the above whitepaper. Trojans, which now make up a vast majority of infected pc's do indeed come from risky surfing.
Instead of ad hominem attacks, lets try to actually have a dialogue. I am not evangelizing Windows, or saying that things as they happen to be right now are satisfactory. I am merely trying to describe my perception of the way things are. The problem with a lot of those secure os's is more around usability or availability of desired software then around security. I would love for MS to improve the security of their OS, but it looks like they can't do that and maintain backwards compatibility that a typical user could implement.
What I am trying to point out is that even though there are secure OS's out there, there are insecure people using them.
"Most compromises are the result of automated exploits with no user interaction. Sure a human made the OS being exploited, but that does not make it a human failing, just a failing in the OS."
Exploits and security holes don't cause themselves. Any failing of the OS is caused by the person/persons who programmed it.
"Since when is porn semi-legal?" There is some porn that is legal, and some that is not. Some that comes from human slavery and some that doesn't.
""Bad" neighborhood exist mostly because the police do not equitably enforce the law and the laws themselves are not equitable. The fact the some neighborhoods have more danger to the average pedestrian than others is often because police resources are improperly allocated by the wealthy. Whether I'm in a poor neighborhood because that is the only place I can afford to live, or a wealthy neighborhood, should not make any difference to the police or their behaviors and no more blame should be placed upon me."
Not disagreeing with you on the cause, but I am not talking about living in a "bad" neighborhood and going home there. I am using an inadequate metaphor to point out that the end user has decisions to make, and that there are consequences to those decisions. If you go to sites that are notorius for containing spyware/viruses/malware without protection your machine will be infected. That's the way it is. If you don't go to those kinds of sites you have a much lower chance of getting seriously infected.
"Most people who are infected with malware are infected without ever doing anything and don't even know it happened. That is not their fault nearly as much as it is the fault of the OS designers who touted their OS as "super secure" even though it is less secure than pretty much every other one out there. They were lied to and are still being lied to. Stop blaming the victims."
The above does not meet with my experience in this. I run the tech bench at an ISP. I can tell what kind of sites people have been visiting based on the malware that is detected on their pc. It's that simple. I do not think that OS manufacturers are without blame, but I think that there is enough blame to go around. If you want to know how I would arrange blame, it would be in three tiers: 1) The people who write malicious code. 2) The companies that don't fix all their bugs as quickly as security holes are detected or are not forthright about the security implications of use of their product. 3) The people who intentionally visit areas of the web that are KNOWN to contain more security risks than others.
To put this in a different way... Security is an illusion, maybe even a delusion. There will never be a time when any of us is 100% secure. There is no OS that is 100% secure. Security is important, but if your expectation is for complete security, you will live a dissapointed life. The weak link in most computer networks is human. If it was programmed by humans, there will be a flaw that can be exploited. If there isn't a flaw in the programming, social engineering works fine to discover passwords that get you past the security.
The government does not exist to prevent someone from making a dumb mistake. It should convict those who take advantage of someone's dumb mistake. Most rootkits/spyware are installed by the owner of the PC when visiting illegal or semi-legal sites, such as pr0n/gambling/file sharing. Whether or not these sites should exist is beside the point. If you go for a walk through a "bad" neighborhood with no protection at 3AM and get mugged, yes they should convict the mugger, but you chose to go through a dangerous area at a dangerous time.
Because the government is made up of human beings, it is flawed. Legislation can fix some problems, but with the complex legalese that is used in most laws it is as easy to circumvent a poorly written law as it is to circumvent poorly written code. You just have to know what you are doing.
So take reasonable precautions, but don't expect your precautions to amount to much if you are making poor decisions.
I rarerly purchase any books new, mostly because I enjoy the experience of used book stores. There is nothing quite like paying 1/8th of the cover price or less for a good book.
As a geek, books are something I turn to when I am trying to escape from the daily grind. Since my daily grind involves computers, I like to step away from the screen to escape.
People got used to the land line rudeness. Think about the comments your grandparents made about the inconvenience of the phone ringing at times they would prefer it not to. Now, as you stated, you hear nothing about it. In twenty years people will have gotten used to the rudeness (My wife's biggest pet peeve is when she is talking to someone and hears the flush on the other end.) of cell phones and they too will be acceptable, and some other piece of inconvenient/overly convenient technology will take the hated place of cell phones. The trend that concerns me most is not the technological trend, but the emotional/Psychological end. There is now an expectation of availability. Jobs expect us to be reachable at all times, and family and friends do, too. I have actually started doing a communication fast once a month. I take one day and turn off all phones and my cable modem. I don't even check my snail mail. I always feel completely relaxed by the end of the day.
I manage the tech bench at a local ISP. We offer a service to clean customer pcs of viruses and spyware. The average number of spyware items on a pc (this is taken from the number of hits given by various pieces of anti-spyware not including cookies 585816 divided by the number of PCs we serviced since we started recording 462) is 1268. These are all machines that were brought in for service though, so these are machines that were so ground down that they couldn't access the internet.
Even so, I think that 10 is an overly optimistic number, so I think that webroot is downplaying the actual threat.
The anti spyware tools that we use are Spybot, AdAware, Pest Patrol Corporate Edition v4 (v5 is trash), EWIDO, and MS Anti-Spyware.
I think that our whole outlook on security is missing the point. We need to simply gather a list of approved executables and their characteristics and enforce that. Then, you can come up with whatever random name you want, your virus will not match the approved characteristics of filename X, so it won't run. The current virus trends will melt away like frost in the sunlight, but I guess that makes too much sense.
Actually, a huge percentage of retail sales for the holidays occur over what is now called black friday, so if enough people do it, it will have an effect.
You are correct in saying that our economy is based on consumption of resources, IMO overconsumption of resources. This is great for short term profits, but causes problems in the long term.
Take food for example. Since the 1940s portion sizes in the US have increased by 700% The other statistic that has increased by 700% is obesity. This is having obvious negative long term effects on our health, the cost of healthcare, etc. This is having the positive effect of increased profits for food oriented companies and health oriented companies.
We can very easily live without half of the stuff in our homes. The purpose of Buy Nothing Day is to give us space away from the marketing hype to more accurately define what our needs are, and to step away from the artificial hype inflated glut that is the normal state of life.
OK, Reality check time. I am a tech with 10 years experience working with Pc's and Macs. I haven't had the neccessity or motivation to learn Linux, mainly because I don't think it will be widely used outside of technical applications, and I make my money doing user support. I don't have time to learn a whole new command structure that I won't have the opportunity to use. As of right now of the roughly 10,000 customers my company serves 0% of them are running linux.
To configure Linux you have to be comfortable in its command line, and have a basic unix background so that you know what the commands are. The advantage that both Windows and Mac have is that it is comparatively easier to install by the end-user. We can talk about the security issues, etc, but until Linux can be completely administered from a gui, it won't expand outside of the back-end server applications that it mainly runs now. So I really don't want to hear about how secure (Insert favorite *nix version here).
What I am interested in is: Have you developed a version of linux that can be COMPLETELY installed, administered and run from a gui?
I am not a linux basher, and I sincerely hope that it becomes more developed and popular than it is now. I have no allegiance to any specific OS, I think that they all have their drawbacks, but I am going to continue avoiding linux until my customers start using it.
Let me preface this with the following disclaimer: I cannot give a complete answer, I can give an educated guess.
Two chapters earlier God had told people to spread out and fill the earth. God was punishing them, but He was also forcing them to do what He had asked of them.
Of course this just raises more questions. Why? I am not entirely sure, but maybe people were getting boring, you know everybody looks the same, talks the same, and thinks the same. Maybe He didn't want all of humanity clumped into one spot so that a natural disaster could end the species. There are tons of possibilities. I still haven't figured out what's true about God's motivations, but who has? Anyway, hope that helps.
The reason why people mumble under their breath and don't do anything is because if you have the nerve to touch or correct their precious angel, they will sue the pants off of you, or charge you with child abuse. Most of the parents of "those kind" of children are as bad or worse than the kids.
Next point. Ranking playing violent video games with drug and alcohol abuse is comparing apples to oranges. There is absolutely no reputable study that links playing violent video games to performing violent actions.
My child's upbringing is 100% my responsibility. I and no one else should be the content filter for my child. If my child is going behind my back, and kids will, it is up to me to provide consequences for doing that. That is called being a good parent.
As a tech who currently has 4 machines on his bench right now with spyware problems, I have these words of reality checking: 10 seconds my a$$!!! Who are these morons trying to fool here. To remove spyware/malware/trojans from a machine, it usually takes me 3 days without a format and reinstall, and I usually have to boot up with an NTFS Dos boot disk (Hirens)http://www.9down.com/modules.php?name=Down loads&d_op=viewdownloaddetails&lid=172&ttitle=Hire n's_BootCD_v7.2_With_keyboard_Patch and delete manually what the removal tools miss. I have found that deltree removal of all temp and content.ie5 directories knocks a day or so off of my scanning.
Slashdot Mirror
Hi,
I work for an ISP. Here is a random jumble of my thoughts in reference to some of what has been discussed in this thread.
CLECs have been mandated to run IPv6 by year end 2008.
I think that our best bet will be to run IPv4 internally and IPv6 externally, at least until we have a better handle on how IPv6 runs in the wild. Then when we understand the quirks we can bring it inside our networks.
Setting up IPSec for every transaction you make would be an overhead killer. Think of the dial-up users that still exist out there.
The idea of there being so many addresses that you can't possibly hit them at random is not something I want to base my customer's or my security on. All you would have to do is compromise one ARP table to get a list of other targets. The way routing works isn't really going to change either, so a routing table would work just as well.
Anyway, I want an SPI firewall that places a boundary between my internal network and the internet. The IP address shortage is not the only reason that those boundaries exist. I honestly don't care if there were to be an infinite number of addresses. I have to think in terms of worst case scenarios because I will lose customers if I don't. Information is the most valuable commodity in our world today, and as long as that is true firewalls MUST be set to the maximum functional level of restrictiveness.
Spending FUD!
The people with interests in Defense tout numbers that say we spend too much on Human Services, and the people with interests in Human Services tout numbers that say we spend too much on Defense. Personally, I think they are both right. We as a nation spend too much money. If we eliminated half the bureaucrats in DC, we would get more done. When you spend more money then you take in, that causes problems down the road. If I ran my house or business the way the US is run financially, I would be doing serious jail time.
Defense:
We spend too much money on development of technologies that will NEVER be used. Missile defense is irrelevant when you take into account the fact that you can do more damage with a guy with a suitcase then with a missile. And those figures DON'T include the "Emergency Spending" bills that have been passed.
Education:
We spend too much money on mid-level patronage jobs. And we have done nothing to teach our children how to think critically. The kids that I have seen are taught to parrot information and conform. We wonder why our kids aren't that creative? We need to spend our money on programs that teach kids how to access, analyze and implement information as opposed to barfing it back up on tests.
I am a cynic, but how could I look at politics and not be?
In his essay WALDO, Robert Heinlein (ahead of his time again), (link to a synopsis http://www.wegrokit.com/jmwami.htm), raises some concerns regarding the health implications of this type of technology. With all of the radiant energy that we are already pumping through ourselves, what are the health implications of this technology? This won't be adopted in my house until the health implications are sufficiently addressed.
I, too, have trouble unplugging. I am constantly surfing, e-mailing, watching, and listening. I have started to have a once a month "Disconnect Day". This day consists of turning off the computers, phones(all), tv's and radio and reading a book, working in the garden, going hiking, kayaking, biking, having conversations with my wife, playing board games. I am sure that you can think of things that you would like to do on a "Disconnect Day" yourself. I always find myself to be rejuvenated after a day of rest from input bombardment.
I think that blood boiling was a little too mild for my reaction. This kind of white collar crime affects so many more people than one guy robbing a convenience store, but these guys just get slapped on the wrist. I have a much better idea. Lets send these alleged people to places like Riker's Island. http://en.wikipedia.org/wiki/Rikers_Island Put them in GP and let them experience real imprisonment. I guarantee you that there will be a huge downturn in white collar crime after some executive who bilked investors of millions does hard time.
Step One: Uninstall all McAfee related products on your computer.
Step Two: Go to http://free.grisoft.com/ and download and install their FREE anti virus software.
Best fix for McAfee I have seen yet.
"The default in Windows is now to have no open ports as well due to the Firewall,"
The Windows Firewall is worthless, and does very little against any kind of attack. See the results of http://www.firewallleaktester.com/. The windows firewall in reality is more "security blanket" than Security. The point of many complaints that you wil see here is that there are so many backdoors to the core components of MS operating systems that security is a nightmare. Personally I agree with your analysis of the state of anti-malware. I just think that there is too much financial incentive for a completely secure end-user OS to not be designed. Just my cynicism speaking.
Off with her head!!!
Thank you, I do understand your perspective. I am coming at the idea from a different angle than most on here. I am more interested in end-user usability because I work for an ISP. Most of my customers can barely use the PC they have. I hope that someone can rival Windows for usability and have actual secure code. Sorry if I snapped back, I get a bit riled myself, as I clean these machines that have bearshare, limewire and kazaa on and have more trojans than legit files on them.
"Porn in the US is a fairly regulated industry. Asserting that a significant amount of it is illegal, without any evidence is empty rhetoric."
? scope=all&edition=i&q=Slavery+%2B+pornography
e rence/techniques.of.adware.and.spyware.pdf "Most adware and spyware programs are obtained initially by BROWSING THE WEB or along with some
The first part of your statement is the key "Porn in the US" http://search.bbc.co.uk/cgi-bin/search/results.pl
are a list of articles from the BBC on slavery and pornography. Most of which occur outside of the US.
"Perhaps you should be a little more conservative with your metaphors. Your metaphor was dangerously close to some arrogant, aristocratic racism I hear regularly. In any case, I've yet to see a correlation between people who merely visit sites and who become infected with malware and certainly nothing to demonstrate causality."
I grew up in some of the worst neighborhoods of NY and Philly, you don't have to tell me about racism or as they say in Philly Zipcodeism where job apps from certain zipcodes get thrown out unlooked at.
My experience with the malware issue is that of an ISP cleaning machines that are infected with malware. the correlations that I have seen are porn - spambots, gambling - trojans/keyloggers, gamecheat/filesharing - trojans/toolbars.
"Most malware (by infection number) does not spread through Websites at all. Of that which does, a good portion is posted on public forums and on cracked servers of all kinds. I'm looking at the infected host list for an entire class A right now as well as a list of the DNS request history for them. The vast majority has no correlation at all because most infections do not spread from a particular kind of Website. The only correlation I know of is particular sites that trick people into installing some sort of malware, often spyware."
The first thing I would like to know is where your data is coming from and which time period you are using for your data. According to a symantec white paper http://securityresponse.symantec.com/avcenter/ref
unrelated ad-supported software. The programs are rarely installed from a conspicuous website, but
rather through social engineering banner ads, drive-by-downloads, and through peer-to-peer networks
with misleading filenames. Some adware and spyware programs are even installed by exploiting software
vulnerabilities." (Caps added) from p8 of the above whitepaper. Trojans, which now make up a vast majority of infected pc's do indeed come from risky surfing.
Instead of ad hominem attacks, lets try to actually have a dialogue. I am not evangelizing Windows, or saying that things as they happen to be right now are satisfactory. I am merely trying to describe my perception of the way things are. The problem with a lot of those secure os's is more around usability or availability of desired software then around security. I would love for MS to improve the security of their OS, but it looks like they can't do that and maintain backwards compatibility that a typical user could implement.
What I am trying to point out is that even though there are secure OS's out there, there are insecure people using them.
"Most compromises are the result of automated exploits with no user interaction. Sure a human made the OS being exploited, but that does not make it a human failing, just a failing in the OS."
Exploits and security holes don't cause themselves. Any failing of the OS is caused by the person/persons who programmed it.
"Since when is porn semi-legal?"
There is some porn that is legal, and some that is not. Some that comes from human slavery and some that doesn't.
""Bad" neighborhood exist mostly because the police do not equitably enforce the law and the laws themselves are not equitable. The fact the some neighborhoods have more danger to the average pedestrian than others is often because police resources are improperly allocated by the wealthy. Whether I'm in a poor neighborhood because that is the only place I can afford to live, or a wealthy neighborhood, should not make any difference to the police or their behaviors and no more blame should be placed upon me."
Not disagreeing with you on the cause, but I am not talking about living in a "bad" neighborhood and going home there. I am using an inadequate metaphor to point out that the end user has decisions to make, and that there are consequences to those decisions. If you go to sites that are notorius for containing spyware/viruses/malware without protection your machine will be infected. That's the way it is. If you don't go to those kinds of sites you have a much lower chance of getting seriously infected.
"Most people who are infected with malware are infected without ever doing anything and don't even know it happened. That is not their fault nearly as much as it is the fault of the OS designers who touted their OS as "super secure" even though it is less secure than pretty much every other one out there. They were lied to and are still being lied to. Stop blaming the victims."
The above does not meet with my experience in this. I run the tech bench at an ISP. I can tell what kind of sites people have been visiting based on the malware that is detected on their pc. It's that simple. I do not think that OS manufacturers are without blame, but I think that there is enough blame to go around. If you want to know how I would arrange blame, it would be in three tiers:
1) The people who write malicious code.
2) The companies that don't fix all their bugs as quickly as security holes are detected or are not forthright about the security implications of use of their product.
3) The people who intentionally visit areas of the web that are KNOWN to contain more security risks than others.
To put this in a different way... Security is an illusion, maybe even a delusion. There will never be a time when any of us is 100% secure. There is no OS that is 100% secure. Security is important, but if your expectation is for complete security, you will live a dissapointed life. The weak link in most computer networks is human. If it was programmed by humans, there will be a flaw that can be exploited. If there isn't a flaw in the programming, social engineering works fine to discover passwords that get you past the security.
The government does not exist to prevent someone from making a dumb mistake. It should convict those who take advantage of someone's dumb mistake. Most rootkits/spyware are installed by the owner of the PC when visiting illegal or semi-legal sites, such as pr0n/gambling/file sharing. Whether or not these sites should exist is beside the point. If you go for a walk through a "bad" neighborhood with no protection at 3AM and get mugged, yes they should convict the mugger, but you chose to go through a dangerous area at a dangerous time.
Because the government is made up of human beings, it is flawed. Legislation can fix some problems, but with the complex legalese that is used in most laws it is as easy to circumvent a poorly written law as it is to circumvent poorly written code. You just have to know what you are doing.
So take reasonable precautions, but don't expect your precautions to amount to much if you are making poor decisions.
I rarerly purchase any books new, mostly because I enjoy the experience of used book stores. There is nothing quite like paying 1/8th of the cover price or less for a good book.
As a geek, books are something I turn to when I am trying to escape from the daily grind. Since my daily grind involves computers, I like to step away from the screen to escape.
Also, I have never had to reboot a book.
People got used to the land line rudeness. Think about the comments your grandparents made about the inconvenience of the phone ringing at times they would prefer it not to. Now, as you stated, you hear nothing about it. In twenty years people will have gotten used to the rudeness (My wife's biggest pet peeve is when she is talking to someone and hears the flush on the other end.) of cell phones and they too will be acceptable, and some other piece of inconvenient/overly convenient technology will take the hated place of cell phones.
The trend that concerns me most is not the technological trend, but the emotional/Psychological end. There is now an expectation of availability. Jobs expect us to be reachable at all times, and family and friends do, too. I have actually started doing a communication fast once a month. I take one day and turn off all phones and my cable modem. I don't even check my snail mail. I always feel completely relaxed by the end of the day.
I manage the tech bench at a local ISP. We offer a service to clean customer pcs of viruses and spyware. The average number of spyware items on a pc (this is taken from the number of hits given by various pieces of anti-spyware not including cookies 585816 divided by the number of PCs we serviced since we started recording 462) is 1268. These are all machines that were brought in for service though, so these are machines that were so ground down that they couldn't access the internet.
Even so, I think that 10 is an overly optimistic number, so I think that webroot is downplaying the actual threat.
The anti spyware tools that we use are Spybot, AdAware, Pest Patrol Corporate Edition v4 (v5 is trash), EWIDO, and MS Anti-Spyware.
I think that our whole outlook on security is missing the point. We need to simply gather a list of approved executables and their characteristics and enforce that. Then, you can come up with whatever random name you want, your virus will not match the approved characteristics of filename X, so it won't run. The current virus trends will melt away like frost in the sunlight, but I guess that makes too much sense.
I personally will install an ad based OS on my customer's PCs on two conditions:
1) Actual video footage of Hell frozen over
2) Actual video footage of flying pigs
No fakes, and just in case you are wondering no I won't hold my breath.
Actually, a huge percentage of retail sales for the holidays occur over what is now called black friday, so if enough people do it, it will have an effect.
You are correct in saying that our economy is based on consumption of resources, IMO overconsumption of resources. This is great for short term profits, but causes problems in the long term.
Take food for example. Since the 1940s portion sizes in the US have increased by 700% The other statistic that has increased by 700% is obesity. This is having obvious negative long term effects on our health, the cost of healthcare, etc. This is having the positive effect of increased profits for food oriented companies and health oriented companies.
We can very easily live without half of the stuff in our homes. The purpose of Buy Nothing Day is to give us space away from the marketing hype to more accurately define what our needs are, and to step away from the artificial hype inflated glut that is the normal state of life.
OK, Reality check time. I am a tech with 10 years experience working with Pc's and Macs. I haven't had the neccessity or motivation to learn Linux, mainly because I don't think it will be widely used outside of technical applications, and I make my money doing user support. I don't have time to learn a whole new command structure that I won't have the opportunity to use. As of right now of the roughly 10,000 customers my company serves 0% of them are running linux.
To configure Linux you have to be comfortable in its command line, and have a basic unix background so that you know what the commands are. The advantage that both Windows and Mac have is that it is comparatively easier to install by the end-user. We can talk about the security issues, etc, but until Linux can be completely administered from a gui, it won't expand outside of the back-end server applications that it mainly runs now. So I really don't want to hear about how secure (Insert favorite *nix version here).
What I am interested in is:
Have you developed a version of linux that can be COMPLETELY installed, administered and run from a gui?
I am not a linux basher, and I sincerely hope that it becomes more developed and popular than it is now. I have no allegiance to any specific OS, I think that they all have their drawbacks, but I am going to continue avoiding linux until my customers start using it.
Let me preface this with the following disclaimer: I cannot give a complete answer, I can give an educated guess.
Two chapters earlier God had told people to spread out and fill the earth. God was punishing them, but He was also forcing them to do what He had asked of them.
Of course this just raises more questions. Why? I am not entirely sure, but maybe people were getting boring, you know everybody looks the same, talks the same, and thinks the same. Maybe He didn't want all of humanity clumped into one spot so that a natural disaster could end the species. There are tons of possibilities. I still haven't figured out what's true about God's motivations, but who has? Anyway, hope that helps.
The reason why people mumble under their breath and don't do anything is because if you have the nerve to touch or correct their precious angel, they will sue the pants off of you, or charge you with child abuse. Most of the parents of "those kind" of children are as bad or worse than the kids.
Next point. Ranking playing violent video games with drug and alcohol abuse is comparing apples to oranges. There is absolutely no reputable study that links playing violent video games to performing violent actions.
My child's upbringing is 100% my responsibility. I and no one else should be the content filter for my child. If my child is going behind my back, and kids will, it is up to me to provide consequences for doing that. That is called being a good parent.
As a tech who currently has 4 machines on his bench right now with spyware problems, I have these words of reality checking: 10 seconds my a$$!!! Who are these morons trying to fool here. To remove spyware/malware/trojans from a machine, it usually takes me 3 days without a format and reinstall, and I usually have to boot up with an NTFS Dos boot disk (Hirens)http://www.9down.com/modules.php?name=Down loads&d_op=viewdownloaddetails&lid=172&ttitle=Hire n's_BootCD_v7.2_With_keyboard_Patch and delete manually what the removal tools miss. I have found that deltree removal of all temp and content.ie5 directories knocks a day or so off of my scanning.
I'm in favor of the Russian anti-Spam method for dealing with spammers. http://www.scmagazine.com/news/index.cfm?fuseactio n=newsDetails&newsUID=5eead5c2-50ca-40e5-9c59-a8da 453de038&newsType=Latest+News
I could even envision a new arcade smash hit: "Whack-a-Spammer"
Sorry, I work for an ISP, and get to deal with the annoying results of these idiot spammers' actions. I couldn't resist
All this just adds to the already existing BSoIP.