First off, I'm not bashing vendors, pet operating systems or even people. Just trying to make people realize they might have illusions. So stop reading here if you cannot deal with disillusions.
I recently purchased a computer for my wife at a small shop. I really like the shop. They customize off-the-shelf hardware to make extremely silent high performance PCs. So after the waiting for this new monster's parts to be collected and customized, I went to the shop to pick it up. The shopkeeper takes the time to open up the case to show their work, turns it on, and I verify the hardware properties to make sure my custom build machine has all the right parts. All good, I still like them.
Before he turns it off though he tells me something very worrisome. It went like: "We turned off the windows automatic updates". I wasn't sure if I'd wipe the harddisk or not at that point, but as such things would convince me to wipe, I answered "No problem, I'll enable it when I get home, thanks for the warning". Then he goes on to explain they do that always as "In our experience windows update and all those patches break more than the viruses harm you. Just add a good anti-virus program, we've already tightened up the windows firewall. You'll be safe, don't worry. In our experience it is best to install the service packs Microsoft brings out, but stay away from the crap in between". Painfully wrong advise in my opinion, from a shop I like a lot for their hardware.
I'm very worried about the less security savvy consumer. I'm not convinced other shops give that much better advise. Sure they might want to try to sell me an anti-virus and personal firewall bundle. So we need to get the word out to the world at large. Do not believe all to easily you are safe, no matter the fancy explanations.
And yes, experience shows installing patches is one of those moments you are more likely to get a blue screens of death. But you'd get them anyway, even if you did not install the patch. It's just a sign your machine was already becoming unstable. And it is a good opportunity to rebuild the machine and install the patches. See: no problem installing the patch on a clean system!
I've seen large IT support departments revert their policy from a shy away from patches to a patch ASAP policy for their desktops/laptops. Their conclusion was simple: we have less work in total and it is more spread out if we encourage immediate patching.
Mac OS XMyself I use a powerbook. I like it a lot but I see a few things that worry me a lot:
So, for as far as they are concerned, I'm still without anti-virus and anti-spyware protection on my Mac, guess the rest of the network will have to live with me not helping in protecting them.
So somehow we'll need to live with the constantly increasing risk and a user community that thinks it is invulnerable.
BrowsersMany security professionals will try to avoid Microsoft's Internet Explorer (MSIE). We can see this at isc.sans.org: about 50% of our hits come from MSIE, while less security minded sites get more like 80% of their hits from MSIE.
Even the tools used to gather known malicious content such as wget and lynx have been suffering from vulnerabilities.
The restPlease, don't try to convince me your favorite OS is immune to everything.
To take just one example: Linux: sure better security due to most of the users not using it with superuser rights. But is it immune to worms, trojans etc. ? No. And for the rest you'd better reread the Apple story above as most of it applies to Linux as well.
Not even OpenBSD has a zero defect track record.
Paranoia?There are other solutions than unplugging the network permanently. It's called defense in layers. You choose the least vulnerable, the least exposed, the least targeted, the least commonly used solution and you choose them in layers around you so that each layer protects you redundantly. And if all fails you are ready to mitigate the consequences, learn form the experience and rebuild.
But living with the illusion of security is the worst solution as far as security is concerned.
Jan 18th 2006
|Thread locked Subscribe||
Jan 18th 2006
1 decade ago