Obsession?

Didja ever stop and think about the money we spent on software and equipment since we bought our first computer? As an example, my first pc had 15mb of RAM, 150MHZ cpu and cost $2080 with the tax. Then I started buying apps. Since 1997, I must have spent thousands on stuff.

 

I haven't made a definite decision, but sure, an app. that requires almost as much attention as the app. you're trying to do things with, lol. The obvious response would be that once SSM, for instance, learns your computer, it won't prompt you much. True, but when you install things, programs change, cryptic pop-ups (whattafu.exe is trying to inject steroids in windows; block; BSOD!)...

Definitely i prefer an "intelligent" application that only alerts me when it's probable that something is wrong. CH, Prevx1, AV heuristics (they must get better, and will). Or something that covers whatever the threat is (sandbox, GeSWall, which is somewhere between sandbox and policy based app.).

As for software conflicts, bugs and such, it's always better to see it running in our machine to check if that happens to you. There could be a major bug in an app. and you never see it. Nevertheless, if it shows up having too much trouble for too many others, there could be something terribly wrong with it. I agree with you.

 

Hello,

This is a good thread, oh yes. Welcome to Mrk's world.

Why do you feel obssessed (not YOU!! - in general)?

1. You lack the knowledge of how things work - PC, TCP/IP, services etc.
2. The need to be in control.
3. The heightened status of awareness due to participation in security forums.

It probably begins due to a curiosity or infection. Then, it gets complicated as you learn more and more and each new avenue opens a whole new world. At some point, you either become a paranoid or a hobbyist.

The simple truth is: computers are replaceable machines. Period.

After that, everything else is a bonus. You wish to run some security apps? Be welcome. You wish to feel a bit of a hacker? Go ahead.

Today, Windows is the major operating system in most homes and businesses and dictates the trends. These trends are, unfortunately, a mess of money-driven goals and bad code.

Then, you have the predators. Like in any business. They want to earn money. So they do. Because earning money with Windows is as simple as installing a toolbar on someone's PC.

Then, you have the savior. The security companies. Of course, they will make sure you hear about every threat there is - and the ONE and only security app that will give you total protection - of which there are hundreds.

While ... the solution is so simple.

Education. Computers were made for university geeks, but they are not untouchable. Following a few basic concepts can make even a newbie quite immune to disaster.

It's really scripts, plugins, email attachments, instant messaging, and p2p downloads. A few simple rules for each will make sure you don't need 24 security apps. Everything else is a luxury.

Of course, the real absurdity is that Linux is FAR better for newbies than Windows. If someone with money and no clue is going to damage his PC anyway, then we should at least make him cause a tiny damage. In Linux, newbies can't do much. In Windows - everything.

For experts, it doesn't really matter. Of course, Linux is far more advanced, friendly and motivated by other means than money, which makes it the logical choice.

But staying safe in Windows is no black magic. Nor does it require special skills or programs.

I have a few more days till my bet deadline with Escalader, where I'm "risking" a test machine with firewall only in a sea of porn and "wicked" websites.

BTW, all those hackers finding exploits in Windows. You should thank them. They made you think. They made you learn.

Who is the real villain? Some dude in Estonia hacking for fun - or Sony planting rootkits in millions of PCs worldwide? BTW, I have not yet seen or fixed one machine with a real hacker's rootkit in it. But I have seen machines killed by corporate greed.

Windows patches come once a month. But the DRM patch came after 36 hours. Who's the real villain?

Now, when it comes to YOUR money, who will you listen. The "experts" telling you to beware the devil or the CEOs in smart suits holding presentations and conferences in offices of their consumerism / adwareism companies?

And then, they will all sit together and propose campaigns against malware - making us temporarily forget that some of them have worked that lane not that long ago.

What do you fear more? A hacker entering your PC? Or a backdoor during a critical update? Remember WGA?

Believe it or not, my conspiracy closes up in a nice loop. In the words of Robert Redford from All the President's Men - follow the money trail.

Your obssesion - someone else's victory.

Don't let them scare you. Lean back and enjoy. Spending an hour learning is worth 20 clicks on a prompt.

As to spendings on PCs - I have spent more money on books in the last 10-15 years than on PCs, so it's OK.

 

Marketing, sure. Scare them, then sell the solution. Still works, even out the software industry. Not everything, but i'm beginning to think most is.

OT on:

Three Days of the Condor
"We have games. That's all. We play games. What if? How many men? What would it take? Is there a cheaper way to destabilize a regime? That's what we're paid to do."

OT off

LOL

 

Don't get me started! Every month the wife asks me something like this, "Who the hell is Farkle Software, and why do they want $29.95!?"

 

heh

i get the same questions about Farkle too
Not always easy to explain about why I NEED Farkle. LOL

I also get the "What's that new little picture down in the right corner" and "Farkle says i have to do something with the doowhacker at once or we will blow up the planet or something " a lot

 

Hello,
If we're talking wives, mine is pretty cool about Ubuntu desktop. I even got her into using VM.
Mrk

 

i know this is drifting ot a liitttllee
Dont get me wrong: she is MUCH smarter than me.
It' more accurately put along the lines of "what the hell have you done now?"
I like to fiddle in the FD snapshots and have set up a VM for me to "hobby" in; she is far more pragmatic and doesn't appreciate the fine arts of BSODing and me cursing at what a twit I can be.

 

Farkle software? is that some new HIPS I haven't heard of?

 

Ah yes, I remember those early PC days when the XT cost several thousands of dollars. That is why I buy tech items well past the prime introductory period. Otherwise you will be paying up the kazoo. It is all a conspriracy by software and hardware vendors to empty your pocketbook.

 

LOL - Boy can I identify with that one!!! Funny though - I never find myself saying "What is this $150.00 for JC Penney?" thus proving that panty hose is more important than system security. At least in my wife's mind... By the way, multiple wardrobes and up-to-date clothing is also an obsession, but that is reserved for another forum and another day

 

to the OP

alot of this obsession comes from the realization that there could well be a zero day exploit for some ap or OS flaw that could make everything you got pointless.

From the sneaky way that malware can subvert your security and leave it looking like its fully functional

From the fact that intelligence is proportionally distributed throughout the population without regard to economic opportunities
and that bright young geniuses in dreary 3rd world hovels may well use that talent to even their lot.

You see obsession I see three layers of your indepth defense unaccounted for

1. who is watching the watchers? run some checksums ala Filechecker

2. where is the virtualization\sandbox?

3. no mention of OS hardening, auditing and security logs


on the other hand I dont see the need for alot of paidware covering the same ground when there is freeware that will do it as well.
And there is alot to be said for simply reducing the number of attack vectors. (no IM, no html in email, no activeX, limiting javascripts ect)

Im running quite lean and mostly on freeware. I have been since I saw the light and largely stopped trying to enumerate badness & tossed out default permits
Im not that concerned about being 100% secure anymore, Im concerned about promptly knowing if my security has been breached.
The total cost of my security amounts to $30, which I spent 6 years ago. (TDS3>ProcessGuard)

 

That really rings true. I have more licenses then I care to think about. In the beginning I acquired them because I didn't really know what I needed to stay safe. I don't regret it though. Researching all these apps led me to this site and some other great sites that taught me how to protect my computer through tweaks, settings, and sensible practice, though I still love researching and previewing new programs and the authors' creation processes. Question is, what do I do with all these licenses? The penny pincher in me hates to have them just sitting there for a year not being used. Oh well.

 

I would like to add Cyberhawk, and remove the AVG Anti-Spyware Component from AVG Anti-Malware. Then I could just run AVG AS Free as On Demand along with SuperAntiSpyware like in the past. That way all I have running is ZA Free for outbound, AVG AV which hopefully has better detection now, and CH for any Zero day or New Malware. Running the AVG AS in RealTime never finds anything, or when it scans, and neither does SAS. Ch only runs at around 10MB average, where AVG AS Component makes one of the AVG processes run as high as 40MB. I have tried using the PC without the Spyware Component before, and I swear the PC is faster without it. Wow, does this sound like an obsession or what? LOL. Anyone else agree with using the setup I mentioned though? LOL

 

Hehehe, a question I still haven't really answered myself. If you get into beta testing, though, they're great for compatibility testing with.

 

Before ringing in the New Year, I will try to make this my last post for awhile. First let me thank the many people here who have put up with questions, opinions, and sometimes long winded posts. (is that such a thing? LOL) I have really enjoyed being a member here in these forums, and reading the many different posts from everyone. I will try to check in occasionally, but I must move on for now to finish something I started two years ago which is a book I'm writing. This is what my next obsession must be for now, and also the main reason for staying out of the forums for awhile. Here it is New Years Eve, and I'm writing to basically strangers who may or may not care what I do, and yet feeling somewhat sad. I don't think this is necessarily because I will be moving on and not trying all the different softwares as I have been doing, as much as I will miss posting in here. And whether you care what I do or not, because many of you have made me smile with some of your posts, and answered many of mine, you will also be missed. Maybe this is too mushy for some, especially coming from someone who is also really a stranger, but I would like to think that at some level all of us here strangers or not, have at one time or another felt like there was at the very least a common bond of sorts. I know I have always felt that way and will miss what ever it is that helped fuel my obsession.

 

So you're writing a book, not going to Alaska. How long does it take to click on Wilders site and check "new posts".

 

LOL. I'm still here for today, and although I agree with you, maybe focus is a better word to describe what I need to do. It's hard for me to keep focused on my book, if I'm in here like now replying back to someones post. This is my point though, I can't stop, once I'm here. LOL.

 

You still look at the bills?

Trust me on this one, ignorance is bliss...

 

I have to agree with the obsession idea. I used to be obsessed but one day I dropped every single app except for Avira Security Suite. Guess what? Not a single problem or infection.

Yes, there COULD be a zero day explot - just like your computer COULD fail mechanically one day. Your CPU COULD be fried. Your RAM COULD become corrupt and not work. Heaven forbid, you COULD not wake up tomorrow. It's all relative. There are a million "could's". I'm not worried about zero day threats. Instead of arming myself with a million aps and watching every move I make, I just USE THE COMPUTER.

JUST USE THE DARN THING!!! Being obsessed with security means you never really get a chance to just use it for fun or even work, cause all you do is switch the apps, reboot, etc.

And no, to the person who said "your mom must only look at recipes" or whatever, because they only had one security suite, it's not true. It's simply ridiculous. This is a security forum, but things are overblown here. Nobody needs 10 security apps. It's luxury, like the other person said. Personally, I think 3 apps maxium is more then enough. Everyone here should relax and just use your computer (this goes out to the paranoids, not the hobbyists)

 

Having suffered the wanton corruption of bad memory, the wholesale destruction of bad power, the death of processors and drives. I can say, you can forestall these things if not prevent them entirely. Easing the transition and disruption

The same can be said with security. Complete ignorance means your not in control and likely dont have the ability to "just use it" and any sensitive activities can put you in real financial risk. While no one here is completely ignorant, a shallow defense is an unwarranted risk, a "faith" in the infallibility of some vendor.

I "use" my computer for online banking, bill paying, ebay sales, paypal disbursements and online shopping. And more and more people are as well.

In that light the odds go up. Basic precautions can be enough (like using a LiveCD for secure sessions) but if your employing several applications to access and track your activities ( editing photos, coding sales pages, customer service and support, financial records, ect) Having a secured permanent system isnt a trivial issue. More and more its not just end users shopping but end users running low level online small businesses. Generally speaking they lack the expertise available to bigger corporations.

Paranoia has its place, it can go overboard and multiple applications with largely the same functions be nothing but a resource hog and source of conflicts. But the reliance on a single ap or suite tempts fate with a lone subversion that goes undiscovered. There is real value in cross checking and a web of tripwires.

The veracity of this line of reasoning is easily checked by simply looking at your email, how many supposedly secured forums\institutions have had your "real" email address harvested at some point?

True security isnt a reliance on applications XYZ, its knowledge and an awareness of potentials, many of the potentials are overblown and most of the promises of applications are as well, that doesnt negate the real threats.

That knowledge is how to limit the potentials, from abstaining from some activities or isolating them to addressing potentials you cant avoid, with the employment of appropriate applications, best practices and creating a reliable layered defense that at the least alerts you to successful and attempted subversion.

Like many here I see the obsessive control and pissing match acquisition of security aps and question it. I also see little discussion of best practices and hardening, with the aim of breaking malware that makes it past the security, detection from outside the OS and verification of the security.

 

I somewhat agree with this philosophy. Get a good AV, a good firewall, and 1 or 2 good AS applications and let it be.

Let's compare computer security to home security. You could:

1. Lock all doors and windows all the time when you aren't home. Maybe have some lights set on timers to make it appear that you are home. That's gonna be enough for most. Kind of like the all in one suites.

2. You can have a alarm systrem for the house and keep it monitored. That's a nice luxury, but many people do this to feel safe. Kind of like adding an extra security app to the PC.

3. You can move to a gated community. You can put multiple dead bolts on each door. You can nail downt the windows. You have have the highest dollar security system sending laser beams all over your house. You can own a gun and keep it for emergencies. You can no have no windows in your house whatsoever to avoid the possibility of a thief breaking one and entering through it. You can set booby traps in your yard and house. If your neighborhood permits, you could build a tall brick wall around the perimter of your house. Not many people do all this, but these are valid security measures, some of which take away functionality of your home. But they all provide some level of security.

Again, for most people, #1 or #1 plus #2 above will be completely sufficient. And the vast majoity of us will never have our homes even attempted to be broken into. (Analogous to the safe surfers). But if you live in a really bad part of town, you may need to implement some of what's in #3 (analogous to people that visit the cack sites, porn sites, downlaod music, use intant messaging, ect).

 

That's why I'm back to using my full AVG Internet security Suite, and letting go of trying all the other FW's, AS's and even HIPS. I may add Arovax Shield at some point, or ProSecurity Free if they dummy it down a bit, but other then that I'm leaving my hands off of all the security programs and sticking with AVG. I hope. LOL.

 

lets consider another analogy
10 years ago you opened a shop in a nice neighborhood
7 years ago its over run by vandals
5 years ago the bullets started flying
2 years ago it slipped into civil war

would look something like this
http://i11.tinypic.com/2e2gqwo.gif
same link as above
http://www.ranum.com/security/computer_security/editorials/dumb/

i mean you could go back to dialup and run just LiveCDs
but if your not shutting down portions of the OS that arent really employed daily,
and running something that monitors your security...
for me the greatest advantage to be had recently is sandboxes and virtualization

1. harden
2. restrict access
3. try to ID malware
4. do without stuff you can
5. verify the security aps in real time and indepth comparisions regularly
6. run all potential infecters in sandboxes or virtualization

 

Actually, no. That was a hypothetical situation, or something along that line. I haven't seen the checkbook or credit card statements in ages. Too scared to look Like my mom used to say, Ignorance is bliss, and some people are blistered.