Give the Gift of Security!

Discussion in 'other security issues & news' started by Rmus, Nov 28, 2007.

Thread Status:
Not open for further replies.
  1. herbalist

    herbalist Guest

    ConstantLearning,
    Both of you own the PC equally? If that's the case, you two have to find a common starting point. You mention that he wants Linux, which you'd rather see run in a virtual environment first, and that his behavior with Windows is based on being lucky and that the luck will continue.

    There is another option here. Since you both own the PC, how about a dual boot? You own and control Windows. He owns Linux. Each of you controls your operating system and runs as a guest on the others. You can't alter or install to Linux, he can't alter Windows. Might be a starting point.

    As for learning Linux, have you checked out a liveCD? You can see what Linux is like without actually installing it. Live CDs run slow compared to an installed system but it still lets you evaluate different packages to find what you like. With some like the Knoppix live CD, you can do a "poor mans install" which basically copies the files to a hard drive without actually installing them. The CD drive is freed up and it runs faster, almost like an installed system. Removing it is as simple as deleting the files.
    Rick
     
  2. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Well, a simple reality is that this might be 1% of the general user population, maybe... It could be a lot less than that.

    The approach of the remaining folks is probably something along the line of "I have a black box, I like what it shows on the monitor, I don't want my bank account emptied or credit card information stolen, and I don't want to be part of a botnet - whatever that really is - I don't know what it is, but I know it's bad..., What do I do?"

    It's not "what do I learn?" it's "what do I do?" Five steps, ten steps, whatever number but it has to be small and it has to be "perform this action and you're done"; install this stuff and/or click these boxes and that's it. That's reality. If they then want to learn, great, but virtually nobody starts there and hardly anyone ends there.

    The fact of the matter is that this scheme, regardless of how mindless it seems, can work very well for most (really all...) people if they're provided reasonable information.

    Blue
     
  3. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Quite true - hence the qualifier around
    and even here one needs to be somewhat cautious. It get's complicated if the second user is a purposeful installation junkie (versus a rube who's a magnet for drive-by downloads and stealth installs)

    Blue
     
  4. herbalist

    herbalist Guest

    It would seem I'm in a much smaller minority that I realized. I've always worked on the assumption that most who come here are not your typical or "general public" user, an assumption that appears to be wrong. My experience has shown me that the "average user" is already infected and doesn't know it. The average user has no clue what the threats really are or just how much the internet has in common with a war zone.
    I have a very hard time with that, even if it is what most people would prefer. To me, doing that is the equivalent of handing someone a new weapon with very little instructions and sending them to a battle zone. When they come back a casualty, give them bigger weapons. IMO, the only ones benefitting from this arms race in the long term are the ones selling the software.
    Rick
     
  5. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Maybe more like a map to avoid the front lines.
     
  6. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    A vote for Lusher's approach,which indicates common sense, is effective and simple :thumb:

    Blue Zanetti has it right-even more advanced users have better things to do with their valuable time than trying to comprehensively understand how it all works, prior to properly securing a system,when the simple solutions can do it all.
     
    Last edited: Dec 2, 2007
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Similar results from this end also.

    I have fiercely opposed my own system with everything from the most notorious of malware to landing inside booby-trapped laden sites only to now, thanks in large part to HIPS + Sandboxes watch a comical show of malware trapped in suspended animation without the previous common anxieties that used to create doubt and other uncertainties.

    The Layered Approach is a most formidable front that now is most educational as you can calmly observe the what & where potential infectious files are trying to move to. The SUSPEND code many HIPS employ is been invaluable in holding off these mischiefs while affording the user CONTROL in making his/her decision on them.
     
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Hello,

    I think that security begins with understanding what bad things can happen - and then trying to find the right way to prevent them from happening.

    Example:
    Data gets lost for some reason (virus, hard drive failure etc) - backup.
    Malware gets installed - revert to system state without malware.

    These are just simple crude examples, but once the person fully understands the consequences of his/her deeds and the price required to prevent the consequences, he/she will have a working and effective setup.

    The price can be time, money, sometimes even loss of data, or maybe involvement with the authorities. Each vector has its countermeasures.

    Once the person understands how he/she can stop the worst from occurring, the fear goes away. Once the fear is gone, the learning can really begin.

    I don't think a person must fully understand how the system works, but he/she must understand:

    - What leads to where
    - How to identify problems and avoid them
    - How to identify the consequences of problem and cure them

    Using imaging software against malware is not good enough. One must understand that the current setup is corrupt and revert to a good one, otherwise that one will continue working as if nothing happened.

    Using HIPS is not good enough. One must understand the prompts.

    Using AV is not enough; what are false positives, for instance?

    All in all, some knowledge is needed. I call that driving skills. One does not have to know how what ABS really is or how it is built - but one MUST know what ABS will affect the braking - and HOW. The same applies to driving in the rain, what slick tires can do, weight distribution etc. One does not need to know how suspension is built or the friction properties of rubber. But understanding the action-reaction is a must.

    I believe in trying to teach people the following things:

    0. Don't panic, rule 1 in the Hitchhikers Guide.

    1. Try to explain the consequences of bad computing.
    2. Avoid problems as much as possible - most people do not have the time, patience or skill to master the nuances of the web; so for them, the best way to solve problems is to stay away. In other words, I don't want them to test their AV, AS or whatever. I want their AV, AS to stay as quiet as possible. Call that a Cold War.
    3. If problems somehow "slip" - what now? Here comes the cure issue. How can one assure that data / precious things remain safe, regardless of the problem type and nature.
    4. Finally, getting more technical, analyzing the system and identifying problems; this is what we spend quite a lot of time as security geeks, testing and testing and testing. It can take lots of leads and it never ends.

    Mrk
     
  9. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    I haven't been able to keep up with this thread since it started almost a month ago now, but since I have some time off from work because of the holidays, I would like to add my two cents worth to this thread. In addition to Rmus' suggestion above, I would also like to suggest that either the Wilders Security Forum or posters here at this forum post Stickys or threads, respectively, that explain basic security concepts and strategies to newer members here at this forum or members who are not as technically adept as other members. There are still a lot of security concepts that I don't understand and often times when other members discuss these concepts, it sounds like greek to me. For instance, one poster mentioned something to me about "code that is scriptbased" and a "scripting flaw." Know I hate to sound unnecessarily igorant, but I really don't understand the concept about "scripting." Now I do know that javacoolsoftware has this little program that disables "scripting" in Windows Media Player to help protect your computer against the scripting vulnerabilities that are inherent to Windows Media Player, but that's about the extent of me knowing what to do to protect my computer against scripting vulnerabilities. And of course it all goes back to the thing where if you have never been taught something, you're just not going to know it. And I know that a person could always google information about "scripting," but unfortunately, most of the time that person has to plow through all the websites, information, and articles that don't answer his or her question about scripting until he or she finds the information that they are looking for and that ends up being very time consuming. But my suggestion is to create a thread or a Sticky that explains essential security concepts from "scripting" to what a "HIPS" is that many members here take for granted. Also, often times technical concepts are explained or discussed here at this site in more of a "college level" type style, however, I just thought about a scene from the movie "Philadelphia" where Denzel Washington's character just didn't understand Tom Hank's character's situation and said to him, "Now, explain it to me like I'm a four-year-old." Now, hopefully, I'm not sounding too much like an idiot, but someone in this thread said something about how the average person doesn't really want to "understand" internet security, but are content with just knowing what protection programs they should have on their computers, and that may be true, but I believe that most of the new(or relatively new) people who come to this forum(including myself) do want to understand the issues with security and would benefit greatly from the more knowledgeable members teaching them fundmental security concepts and information that the more knowledgeable members themselves take for granted.
     
    Last edited: Dec 24, 2007
  10. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    Nice attitude for being a member of a security forum. :cautious:
     
  11. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    Seems the case :D They don't want help until their computer doesn't work and someone just keylogged their dad's Credit Card and used it to buy a few TVs.
     
  12. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    I would like to know if any of the newer members or less knowledgeable members find any merit in or agree with my suggestion above. Or if I'm a "lone ranger" on this matter.(And no offense ronjor...although he did recently change his avatar. :cautious: ;) )
     
  13. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    I fully agree.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.