• Advertisement
Sign in to follow this  

Security, is it really a necessary evil?

This topic is 4762 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Security may be considered a necessary evil, but I have done quite well for the past 4 years on my windows machine with no antivirus and no software firewall this and that. A hardware firewall and the good sense not to install every little update that my browser asks me to install has been sufficient. Switching to Firefox has certainly made this alot easier. I know windows users that have every kind of antivirus antispyware program known to man and they still have to reinstall frequently due to infections. So the questions are: Can any system of security and preventive monitoring programs really protect ignorant users from their own bad habits? Is it right to make things more difficult for users like myself who do everything as an admin, and find security related problems annoying? Disclaimer: I'm only talking about a user's rights on their own machine. I would definately agree that security is needed when talking to a remote machine. In a purely theoretical sense, only the user ultimately makes the choices that can compromise his computer.

Share this post


Link to post
Share on other sites
Advertisement
Quote:
Original post by pTymN
Can any system of security and preventive monitoring programs really protect ignorant users from their own bad habits?
No, of course not. Any program designed to protect users against their own stupidity is doomed to fail.

Share this post


Link to post
Share on other sites
Quote:
Original post by doynax
Quote:
Original post by pTymN
Can any system of security and preventive monitoring programs really protect ignorant users from their own bad habits?
No, of course not. Any program designed to protect users against their own stupidity is doomed to fail.

And shouldnt be used anyways.

Share this post


Link to post
Share on other sites
The only real solution to stupidity is to limit freedom. If you can't do something, you can't do it wrong.

Share this post


Link to post
Share on other sites
Quote:
Original post by Extrarius
The only real solution to stupidity is to limit freedom. If you can't do something, you can't do it wrong.


Much agreed! I think that security is not only protection from other people - but protection from ourselves as well.

Quote:
Original post by pTymN
Can any system of security and preventive monitoring programs really protect ignorant users from their own bad habits?


I would have to say yes - but then that user couldn't do much other than turn on the PC - in which that freedom would be taken away. As they say - the only 'safe' computer is disassembled and packed underground - or something like that.

Quote:
Security may be considered a necessary evil, but I have done quite well for the past 4 years on my windows machine with no antivirus and no software firewall this and that. A hardware firewall and the good sense not to install every little update that my browser asks me to install has been sufficient. Switching to Firefox has certainly made this alot easier.

I know windows users that have every kind of antivirus antispyware program known to man and they still have to reinstall frequently due to infections.


I think it also depends on what they are doing on the web as well. If you only go to cnn.com everyday and thats it - chances are your not going to get any problems. But as soon as you start searching the web and clicking on everything, then yes, all the protection in the world will do nothign to save you.

I personally use Norton AV, Adaware, and ZoneAlarm. I think that an AV is really important - just because so many pages now have that trojan-byte verify downloader something or another. The other day I was just looking at music lyrics - just one page and I got 3 of them. When you need information such as that, and it is not avaliable on 'trusted' servers, then I think security is important.

Quote:
Is it right to make things more difficult for users like myself who do everything as an admin, and find security related problems annoying?


What do you mean? I know that the only drawback to using NAV is that is slows down the comp a bit - because of realtime checking. For ZoneAlarm - I have to choose wheter I want to allow a program to use the itnernet or not when it tries for the firs time, but I set it that way. As for adaware - no hinderances there - it does what it is supposed to and does not get in my way. I do not think that any program has the 'right' to make things difficult for you - but you would have to tell me of a program that does - for all the programs I am currently thinking of at least let you customize them.

- Drew

Share this post


Link to post
Share on other sites
I've never bought into the limiting access trend. Even if you limit a user to 'user' [rather than root/admin] they can still write to their own files. Joe User will still raise hell with IT if their files disappear, which a virus/worm/stupid user can still do, even without admin rights.

Share this post


Link to post
Share on other sites
Quote:
Original post by Telastyn
I've never bought into the limiting access trend. Even if you limit a user to 'user' [rather than root/admin] they can still write to their own files. Joe User will still raise hell with IT if their files disappear, which a virus/worm/stupid user can still do, even without admin rights.
In a properly designed system (Which I'd say doesn't exist right now), the IT person would give _user_ access to execute (for example) the word processing program and the internet browser, permission to create/read/write/delete files/folders in their own directory, and nothing else. Safe computing practices wouldn't matter since they are not allowed to unintentionally run deltree c:

The only hole left would be software bugs, and many of the bugs that appear currently could be easily eliminated by some proxy software (to prevent viruses coming in/out), UI-control software {automagically closes the word processor's macro editor if it ever opens, for example}, and simmilar freedom-limiting software.

Like I said, if you can't do something, you can do it wrong.

Share this post


Link to post
Share on other sites
I myself am a little concerned by your initial post, pTymN.
Do you hardly ever connect to the internet or something?
If so then you may have just been lucky.

Otherwise, if you do go online often then there's a good chance that you have at least 1 virus on your computer by now, and probably at least 1 spyware or adware too. It's quite possible that you wouldn't know you had them without a detection tool of some sort.
A keystroke logger once made it's way through our hardware firewall and onto my PC. In fact, for all you know, your PC could be regularly trying to infect other's PC's.
For everyone's sake I recommend you install just these 3 well regarded programs: AVG antivirus 7 free edition, Ad-aware 6, SpyBot Search & Destroy 1.3.
That should be all you need.

It is indeed right to slightly inconvenience those that are ignorant to virus attack, as it can often be those person's PC's that are constantly attempting to infect others. The inconvenience is minimal really. You can always choose not to download and install MS's updates.
However the thing you have to be aware of is they're not just patching some hole that has been open for ages and has never been exploited and isn't likely to be. When they release a patch, they typically release the details of the exploit too. This means that there is a sudden increase in liklihood of getting a virus without the patch. Hence when they come out, you really should install them within a few weeks.

Quote:
I know windows users that have every kind of antivirus antispyware program known to man and they still have to reinstall frequently due to infections.
There are a lot of FAKE adware/spyware detection programs out there. These programs claim to detect spyware on a clean OS install that hasn't had anything installed on, or ever connected to the net etc. They also actually install spyware! This is why you must only use very well known programs for this kind of thing. Even popular websites such as C|net host these fake detection tools as featured downloads!!! Their creators push up the ratings with fake opinions to make them seem respectable!

(Maybe this thread would be more suited to the lounge btw, there is no programming involved here really)

Share this post


Link to post
Share on other sites
iMalc: I've been in the same situation as the OP for a while now (no idea how long, but a year at least), except that I use online scanners every few months just to be sure, and I run ad aware and S&D every once in a while to check up on things, and so far the worst I've had is tracking cookies, which aren't really all that bad ("OMG COOKIES!").
Most viruses these days basically just ask you to run them, and the few that don't abuse people that have bad IE or OE setting or habits (ie autoinstall=on or clicking 'yes' to install an active x control, etc)

Share this post


Link to post
Share on other sites
what about "buffer overflow"? It's purely programmer's fault. What about unnecessary services/servers installed by default? It's package-maker's fault....

Share this post


Link to post
Share on other sites
Quote:
Original post by Extrarius
iMalc: I've been in the same situation as the OP for a while now (no idea how long, but a year at least), except that I use online scanners every few months just to be sure, and I run ad aware and S&D every once in a while to check up on things, and so far the worst I've had is tracking cookies, which aren't really all that bad ("OMG COOKIES!").
Most viruses these days basically just ask you to run them, and the few that don't abuse people that have bad IE or OE setting or habits (ie autoinstall=on or clicking 'yes' to install an active x control, etc)

I'm not sure if I've head of online scanners. The whole idea sounds dodgy, and unlikely to be able to detect everything that a proper installed virus scanner can.
Agreed, tracking cookies aren't that bad.

I admit that it's possible to go quite a long time without being affected depending on your habbits. But every once in a while something pops up which exploits some newly found vulnerability and causes mass-infection without users doing anything.

Share this post


Link to post
Share on other sites
Quote:
Original post by Extrarius
Quote:
Original post by Telastyn
I've never bought into the limiting access trend. Even if you limit a user to 'user' [rather than root/admin] they can still write to their own files. Joe User will still raise hell with IT if their files disappear, which a virus/worm/stupid user can still do, even without admin rights.
In a properly designed system (Which I'd say doesn't exist right now), the IT person would give _user_ access to execute (for example) the word processing program and the internet browser, permission to create/read/write/delete files/folders in their own directory, and nothing else. Safe computing practices wouldn't matter since they are not allowed to unintentionally run deltree c:

The only hole left would be software bugs, and many of the bugs that appear currently could be easily eliminated by some proxy software (to prevent viruses coming in/out), UI-control software {automagically closes the word processor's macro editor if it ever opens, for example}, and simmilar freedom-limiting software.

Like I said, if you can't do something, you can do it wrong.


Point -> Linux/some unixes. (not sure about the unixe's).

If the linux fights were implememted perfectly (which there not), and it is Impossible to acess another users login account, including root.
Then this would be ideal.
They pretty much have acess to the stuff they make only.
When there not root, its hard/impossible to actually destroy your computer.

IIRC of cource. its been ahwile since i've last remembered that.

From,
Nice coder

Share this post


Link to post
Share on other sites
Quote:
Original post by pTymN
Can any system of security and preventive monitoring programs really protect ignorant users from their own bad habits?

Is it right to make things more difficult for users like myself who do everything as an admin, and find security related problems annoying?

Disclaimer: I'm only talking about a user's rights on their own machine. I would definately agree that security is needed when talking to a remote machine. In a purely theoretical sense, only the user ultimately makes the choices that can compromise his computer.

As has already been mentioned, a lot of the time it isn't a matter of a user's rights on their own machine or other local security systems. Tons of viruses and spyware these days take advantage of software holes in the operating system - or internet browsers like Internet Explorer - that the user simply can't stop or prevent, no matter how computer savvy they are.

You say you've done quite well without antivirus or a software firewall, however keep in mind you have a hardware firewall and Firefox. The hardware firewall does a great job eliminating all incoming network traffic that isn't on a handful of common ports (HTTP, FTP, etc.), while Firefox eliminates any infection due to browser holes.

Try turning off that hardware firewall and you'll quickly see that inadequate remote security is a large part of the problem. It's not always just a matter of ignorant users downloading and installing every program they find.

Share this post


Link to post
Share on other sites
How about if the user Nor any Software running on behalf of that user, could automatically startup without permission?

Now if you used a linux type approach, what you would have is a file, which specifies what programs to autoexecute. that is readable by that user and root ONLY, and is writable by root ONLY.

Now if it can't startup, then how could it cause spyware?

With viruses, that could be integrated into the os, so that whenever an exe is wrtten to, it arouses suspicion. So that, without the user having to do anything, the file is automatically run in quarentine, to make sure it doesn't do anything its not supposed to. its also "red marked", which prevents it from doing things that normal programs could do, like hooking api calls, and other things which viruses shouldn't be allowed to do.

This would stop the spread of any virus to at most 2 generations.

From,
Nice coder

Share this post


Link to post
Share on other sites
Quote:
Original post by Zipster
As has already been mentioned, a lot of the time it isn't a matter of a user's rights on their own machine or other local security systems. Tons of viruses and spyware these days take advantage of software holes in the operating system - or internet browsers like Internet Explorer - that the user simply can't stop or prevent, no matter how computer savvy they are.


However you can choose a more secure operating system, browser, email package, etc. One major reason why I stick to Win98 rather than WinXP is because I am prepared to give up a little stability for security. That, a little knowledge about network security, and careful use of my software, has meant I've not had a virus or malware in all my PC-owning time.

Share this post


Link to post
Share on other sites
Quote:
Original post by Kylotan
However you can choose a more secure operating system, browser, email package, etc. One major reason why I stick to Win98 rather than WinXP is because I am prepared to give up a little stability for security. That, a little knowledge about network security, and careful use of my software, has meant I've not had a virus or malware in all my PC-owning time.

Of course, but that wasn't my point. He was suggesting that the primary source of problems people have with their computers (related to viruses and spyware) was due to user ignorance, and I was saying that a lot of the time user ignorance isn't to blame - "ignorance" as far as their behavior is concerned (choosing to install strange programs etc.) Switching software or hardware is a solution, but I was addressing the implication made by the examples in the original post, that it is a behavioral issue.

Share this post


Link to post
Share on other sites
Quote:
Original post by iMalc
[...]I'm not sure if I've head of online scanners. The whole idea sounds dodgy, and unlikely to be able to detect everything that a proper installed virus scanner can.
Agreed, tracking cookies aren't that bad.

I admit that it's possible to go quite a long time without being affected depending on your habbits. But every once in a while something pops up which exploits some newly found vulnerability and causes mass-infection without users doing anything.
Onlnie scanners are put out by quite a few respectable anti-virus companies. They're just the scanner engines wrapped into an ActiveX control, pretty much. I do admit that I can't prove they work well since they've never detected a virus on my machine, but then again when I had a normal virus scanner the only thing it detected was a virus in a zip file on a backup I made in 1998 (that was when I was learning assembly so I had tons of zips with txt + com files to demonstrate stuff and apparently one of the .com files was infected before I got it).

I also check the registry, start -> startup folder, services, and running processess once in a while, so if it started anything unusual it seems like I'd notice. The only thing I'm actually relying on the antivirus for is programs that actually infect other programs, and those are really rare these days.

Quote:
Original post by Zipster
[...]You say you've done quite well without antivirus or a software firewall, however keep in mind you have a hardware firewall and Firefox. The hardware firewall does a great job eliminating all incoming network traffic that isn't on a handful of common ports (HTTP, FTP, etc.), while Firefox eliminates any infection due to browser holes.[...]
I have my router set to DMZ my computer (so all incoming connections go to my PC), and I've disabled the software firewall in XP. I also use IE exclusively.

Quote:
Original post by Zipster
[...]Of course, but that wasn't my point. He was suggesting that the primary source of problems people have with their computers (related to viruses and spyware) was due to user ignorance, and I was saying that a lot of the time user ignorance isn't to blame - "ignorance" as far as their behavior is concerned (choosing to install strange programs etc.) Switching software or hardware is a solution, but I was addressing the implication made by the examples in the original post, that it is a behavioral issue.
From my experience, I say it is exclusively a behavioral issue. I run Windows XP Pro without any kind of firewall, without any antivirus(essentially), and I use MSIE, and the worst thing I get is tracking cookies.

Maybe I'm the luckiest person on earth, but it sounds like my machine is ripe for the taking. I can't understand why I haven't had any problems if it really is so dangerous to run as I do. Surely being on a popular ISP in my area would ensure I get plenty of crap broadcast to me..?

Share this post


Link to post
Share on other sites
Quote:
Original post by Extrarius
From my experience, I say it is exclusively a behavioral issue. I run Windows XP Pro without any kind of firewall, without any antivirus(essentially), and I use MSIE, and the worst thing I get is tracking cookies.

Maybe I'm the luckiest person on earth, but it sounds like my machine is ripe for the taking. I can't understand why I haven't had any problems if it really is so dangerous to run as I do. Surely being on a popular ISP in my area would ensure I get plenty of crap broadcast to me..?

Well, you're the exception rather than the rule. It may not be that bad on private residential networks, but on larger more well known corporate and university networks it's a big problem.

Share this post


Link to post
Share on other sites
Quote:
Original post by Kylotan
Quote:
Original post by Zipster
As has already been mentioned, a lot of the time it isn't a matter of a user's rights on their own machine or other local security systems. Tons of viruses and spyware these days take advantage of software holes in the operating system - or internet browsers like Internet Explorer - that the user simply can't stop or prevent, no matter how computer savvy they are.


However you can choose a more secure operating system, browser, email package, etc. One major reason why I stick to Win98 rather than WinXP is because I am prepared to give up a little stability for security. That, a little knowledge about network security, and careful use of my software, has meant I've not had a virus or malware in all my PC-owning time.
Win98 is more secure than XP? I had no idea. Well, with my XP I've never had a virus either.

Share this post


Link to post
Share on other sites
As the mantra goes, "Security Features is not equal to Secure Features". In other words, if the underlying software isn't secure, then no amount of security features is going to protect you. They may help mitigate risk, but that is all.

Share this post


Link to post
Share on other sites
Quote:
Original post by Nice Coder
How about if the user Nor any Software running on behalf of that user, could automatically startup without permission?

Now if you used a linux type approach, what you would have is a file, which specifies what programs to autoexecute. that is readable by that user and root ONLY, and is writable by root ONLY.

Now if it can't startup, then how could it cause spyware?
This is doable in two seconds on every linux box. It's called "mounting /home and /tmp with the noexec option." It's on pretty much every secure multiuser linux system I've seen.

Just thought I'd chime in.

Share this post


Link to post
Share on other sites
The point about permissions I was making is not just that you can limit execution to stuff not installed by the user, that is a given. The idea I was trying to communicate was that the user can only use certain apps period, reguardless of who put them there or where they are.

Not only that, but really you need to have per-application permissions so a random program can't overwrite files it didn't create(via 'save' or whatever) without the user's explicit permission (so permissions need to be on, off, or prompt instead of just on/off), and such permissions would need to be enforced on the lowest level for them to mean anything.

Imagine something like 'Zone Alarm' that controlled not only internet access but also file access and almost every other facet of the system's API. It might even need to allow 'command line masks' instead of just identifying executables, because you might want 'wordedit -q options filename' to have certain permissions and 'wordedit options filename -f' to have others

Share this post


Link to post
Share on other sites
My ZoneAlarm was a little buggy or something because every single program that I ran made ZoneAlarm pop up and ask me if it was ok to run it. I couldn't get the thing to remember that it was ok to run it, so it would constantly pop up asking for verification. I got fed up with it and just enabled the built-in firewall (which I don't trust much because a program that can use UPnP to access port forwarding can make a hole that the firewall wouldn't stop).

Share this post


Link to post
Share on other sites
You can tell Windows (98 and onwards!) not to run or to only run any programs which do match a criteria. This includes md5 hashes(exes and, optionally, any DLLs loaded), directories, etc.

It would be utterly trivial to not allow users to execute any programs in their home directory & temp folders under Win 2k/XP and only allow known programs.

Share this post


Link to post
Share on other sites
Quote:

No, of course not. Any program designed to protect users against their own stupidity is doomed to fail.


Program - yes, but what about hardware?

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement