PC security has nothing to do with skill

Discussion in 'polls' started by Mrkvonic, Feb 19, 2007.

?

Do you think one must be pc geek to be secure?

  1. Absolutely not; on the contrary (provide example)

    15 vote(s)
    14.4%
  2. Some knowledge is needed (provide example)

    52 vote(s)
    50.0%
  3. You must be fairly knowledgeable (provide example)

    23 vote(s)
    22.1%
  4. Paranoia and total control are the only way to go

    12 vote(s)
    11.5%
  5. Other (explain)

    2 vote(s)
    1.9%
  1. herbalist

    herbalist Guest

    Yes, total control is impossible, but you can get close.
    Ignorance is definitely not bliss. CC is being attacked using the PCs of those who think that way, and most likely have no idea what their PC is doing. There's the big picture of what ignorance will do. The big change has been the internet itself. The combination of high speed, being connected 24/7, widespread usage, and an OS that allows anything to run has made the ideal playground for the criminal element. Potentially huge profits with very little risk. Users aren't just caught in the middle. Their PCs are someone elses weapons whenever they can get them. We're not fighting script kiddies anymore. These are professional criminals who happen to be or are employing excellent coders as well. With PCs connected 24/7, you don't have to go looking for trouble. It can come to you. An open port found by a random scan, leading to a known vulnerability in something left running.

    Depending on whose numbers you believe, between 66% and 91% of all PCs are infected with something. Based on that, answer me this question. If common sense is all that's needed, do these represent the percentage of stupid people on the net or is common sense just not enough when dealing with something as technically complicated as a PC and the net? One or the other has to be true.
    Rick
     
  2. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Rick: Splitting the difference let say 79% "stupid", but is that the right word?
    They are poets, doctors, lawyers, engineers etc and probably a geek or two!

    Are these people stupid? or just sloppy, cavalier, blind, or do they lack the energy, time, knowledge, skill, and discipline needed? Not stupid in their fields but should stay off the internet road till they get a drivers license. Or maybe they just should rent a computer program to help them drive on the highway so as not to crash into anything? These would be called ASW, AV, firewalls etc.
     
  3. herbalist

    herbalist Guest

    I believe it comes down to several items combined. Common sense is not computer sense. Intelligence does not translate into computer skill. Conventional security apps just don't get the job done anymore. Malware is evolving too fast and is spread in too many ways by too many types of files for anyone short of a security hobbyist to keep up with. Operating system vulnerabilities are being patched by the dozen, half of them after they're being exploited.

    IMO, to safely use Windows, you have to be security paranoid.
    Rick

    It wouldn't suprise me too much to see internet licenses seriously considered sometime soon.
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Hello,

    You said 66 yo 91% are infected. Well ask yourself how many people have trouble turning the light switch or performing simple tasks as blinking and thinking at the same time. Comes down to the same thing.

    Apropos skills / knowledge, I think it breaks down to pretty much the same in the binary world.

    Mrk
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If I look back to the very beginning, when I was unaware of any danger on the internet and while my computer was heavily infected without knowing it, I think it is important that NEWBIES like me get some information from knowledgeable/experienced people and that's what happened to me after joining SWI and Wilders. Members taught me how to protect my computer and which software to use.

    What is common sense worth, if you are unaware of anything.
    Once you know and start doing something about it, then you are able to use your common sense.

    The BIG advantage of joining a security forum is that a newbie can protect his computer in one single day, because every member will give him advice how to start and which freewares or paywares to use.
    How long would it take for a newbie to gather all that knowledge, if he doesn't get any advice from somewhere else ?

    I didn't become a security expert in these forums. That's because it's neither my job, nor hobby and I don't like security in general.
    But I know at least how to protect my computer to a certain level and I learned what to do in worst case scenarios without re-installing my computer MANUALLY over and over again.
     
  6. CReal

    CReal Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    42
    I agree with Erik.Even getting advice from an expert is knowledge.Just like reading a forum provides knowledge.

    I voted that some knowledge is needed.I think it is necessary in order to be relatively secure.And i would say that you need a fair amount of knowledge ,in order to be very secure (not totaly).For example,you can make a computer illiterate person understand that there are bad things called viruses ,so you must update your AV and keep your firewall,but trying to explain dll injection,process hooking,tunneling etc,without having a minimum of experience ,is hopeless.Not to mention using rootkit detectors.

    I see PCs as my hobby.I build my own,build them for friends,like security applications,but i can do all that because i ve spent years reading specialized magazines and forums ,as well as try and error.Common sense is important,but it's not enough.Most people i know can't understand the importance of an inbound firewall request from an outbound.You must explain it to them in detail and then they 'll have a chance.But i wouldn't bet my money that on them that if they get a trojan and tries to phone home,they 'll understand that this is abnormal and deny it.Because you must previously explain them how malware can get into the PCs despite the normal defences and how it tries to go out,even if it seems good old trusted IE that wants to go out.Of course if you explain all this ,they have knowledge.So,knowledge was needed.
     
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Hello,

    CReal, it's much simpler than that.

    You just need to to follow the Rule No.1 - If there's a doubt, there's no doubt.

    A clueless home user does not need to know what inbound and what outbound means. He needs to know that when he's prompted to accept something, they should:

    Try to consult with someone who knows
    If not, decline / block - ask when possible, restrain and have patience

    This works like magic for every kind of problem.

    As to getting hacked, I feel a sort of sadness when I visit a forum and see the same old same old 'something got downloaded on my machine' and then you see the XP SP1/2 MSIE6.0 Outlook My Norton ran out syndrome. Really boring.

    Mrk
     
  8. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Mrk,

    This situation is not much different than that faced by teachers around the world each and every day. For every user properly taught to handle these things, there's a new crop of those unaware waiting in the wings. Stated another way, for a university professor, there's a new set of fresh faces every Fall and much of the same ground has to be covered year after year.

    That will always be the case and the only step which can remedy that are intrinsically secure OS's, user environments, and/or application software.

    Blue
     
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Hello,

    Having taught for a couple of years in schools in the so-called 'underdeveloped' towns, I must say that I never despaired when confronted by children. Even when things got really slow and they showed little progress. Somehow, I always felt proud when even just a very few managed to break out of their social and economic and cultural boundaries and ascend.

    With computers, it feels completely different. I see these machines as nothing more than highly useful toys. Very simple, very universal, very un-emotional. A PC is a PC everywhere. And if anything, computers bring two different guys from across the globe so much faster than any educational program.

    So I'm wondering why does the PC experience have to be so ineffective? We're past the 60s revolutions. The gaps between the worlds is so much smaller today. There's little excuse not to be able to adjust and use computers.

    Out global village is not that global after all. A few people are in the know, the rest are floundering fish. Makes you feel sad that the global effort of a hive / borg called humans is as effective as a last kick of a throbbing, dying animal.

    Seeing an individual poking through the ashes of the great world wide web with relics of an outdated anti-user technology called M&S puts a bit of a cast on the brightness of the hi-tech bubble we like to wrap ourselves in.

    Mrk
     
  10. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Mrk,

    Unlike the children you (and I for a few years) taught, most PC users don't want to be in class. It's akin to doing something wrong and finding yourself cast into a remedial anger management or substance abuse class. They want to do their time/fix the problem and move on, not really caring whether they equip themselves for the next event.

    The situation reflects another side of a growing problem that people seem increasing unable to independently search out new (for them) information and teach themselves an existing body of knowledge. This is a problem I face daily even with my staff - who happen to be a bunch of PhD scientists. Maybe they've never embraced the joy of learning, maybe they've never really had that spark. All I know is that if they paid attention regarding how my peers and I climbed our professional ladders, they've be more aggressive in refreshing their technical skill set on an ongoing basis, but we're wandering a tad off topic here, so I'll end my personal mini-rant.

    Cheers,

    Blue
     
  11. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Do you suppose it might have something to do with the fact that today, people seem to be less willing to be responsible for what happnes to them. "it's the governments responsibiliity to keep the internet safe" type mentality

    Pete
     
  12. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    You could say that ignorance is bliss, but when it comes to protecting your pc you should have some idea of what is needed. I remember when I got my first pc and was totally ignorant. Some how I found out that computers can get virus' and I should get an anti -virus app, which I did. It just sat there on my pc for months and never got updated. It was only after reading everything I could get my hands on that I started to discover what security was about. I think that beyond that it takes a learning curve to make intelligent choices in pc protection. Just look at the forum and see how many people keep trying different ways to be even more secure. That takes some knowledge to make intelligent choices.
     
  13. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Mrk:

    Here is my paraphrase of your statement, I really do want the Moosehead now!:rolleyes:

    "As a clueless home user I does not need to know what inbound and what outbound means. Following your advice all I needs to know that when I was prompted to accept something, they should, and I did! I opened a email from my bank which never sends emails, and entered all my bank account information for the special investigator! Now my account reads zero.

    Thank you for the advice!:D
     
  14. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Try to consult with someone who knows
    If not, decline / block - ask when possible, restrain and have patience
     
  15. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    "You just need to to follow the Rule No.1 - If there's a doubt, there's no doubt.

    A clueless home user does not need to know what inbound and what outbound means. He needs to know that when he's prompted to accept something, they should:"

    Hi Mrk:

    Yes, then why ever say when prompted to accept .... they should"

    Taken out of context as people have a wont to do that is a very dangerous statement! IMHO of course.

    Take it easy.... the voting continues very good poll ...
     
  16. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Let me complete it: don't open unknown emails; and do not answer to the bank online- ignore it, or phone them.
    The advice has to be this much specific. And even then, i suggest some readings so people sink in the concept. Nothing hard, a few articles. Because some may ignore this when the moment comes. They need to understand why.
    That's some knowledge.
     
  17. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    another zero skill vote

    the question failed to exclude LiveCDs :p
     
  18. herbalist

    herbalist Guest

    Except that being aware of the inherent security of a live CD is in itself, knowlege. :p
    Rick
     
  19. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    That's all i'm saying, and others too. This is semantics going wild
     
  20. sweater

    sweater Registered Member

    Joined:
    Jun 24, 2005
    Posts:
    1,678
    Location:
    Philippines, the Political Dynasty Capital of the
    At least, some knowledge is needed to secure pc on the net. We have to know how things work, the basics of protections. As knowledge starts to be acquired by the left and right brains of ours then wisdom will automatically emerged as a result of observations and continued concentration on the subject. :cool:

    Some are paranoid and some are not, now it just depends on ur confidence, experiences and belief about using pc on the net. Its up to u...;)
     
  21. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Mrk:

    I'm starting to panic again, the Absolutely Not's are gaining at twice the rate as the Some's!

    If this keeps up I may be forced to vote!

    My moosehead is fading away......"I'm melting" quote from wicked witch of the west!:'(
     
  22. Happy-Dude

    Happy-Dude Registered Member

    Joined:
    Aug 28, 2006
    Posts:
    54
    Location:
    United States of America
    You need "some" knowledge, but not a WHOLE HEFTY - geek kinda lot.

    Just know what the PC Security terms are, at least have an idea (ports, INTERNET, scanning, resident, FIREWALL, ANTI**, etc.). Also, know the features of your products and how to utilize and control them. I know XP SP2 Firewall has no outbound protection (I'm pretty sure its not the other) but inbound (more terms). Finally, have a COMMON SENSE. Don't just be going around the internet and clicking on ads that say FREE $100,000 or be checking e-mails that say something you know isn't right. Don't be stupid ...

    Ah, that's it. Knowledge, though not too much, is simple and raw power. Just know the terms, features, and have a common sense. All there is to it. :) !!
     
  23. walking paradox

    walking paradox Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    234
    @ Mrkvonic

    Mrk,

    I'm interested by the position you are taking on this issue, as it seems to run counter to the position (I presume) you put forward here. From what I can gather, it seems that in this thread you are positing that in general limited or no knowledge is needed, aside from perhaps common sense, and that one should simply take and act upon the advice of another who is knowledgeable. However, in the article I'm presuming you wrote, or at least agree with since you have a link to the site in your sig, the position seems to be reversed. In the article it seems to be putting forward the notion that security software in the hands of an inexperienced and unknowledgeable person is practially useless. I'd be interested in how you would reconcile these two positions.

    -TypicallyOffbeat
     
  24. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Hello,

    I would like to help explain, if you could point out specific things that contradict what I said here or there.

    Security decisions in the hands of an inexperienced user are indeed useless. However, an inexperienced user can still be secure by following a few simple rules, even if they do not fully understand what they mean.

    Like: If a doctor tells you you should not drink anti-freeze engine coolant because it is not good for your liver, trust him. You don't need to know what chemical interactions will happen. Take it for granted.

    The same applies for Internet. You don't need to know how kernel works in order NOT to execute a suspicious file.

    You don't need to know C to realize that a suspicious file is anything that you receive in your inbox and did not expect.

    Think of land mail. If you got an "invitation" to some "bank" via a letter in your mailbox (real one), would you answer it? No. So why should you do that with email?

    And so forth.

    As a security newbie, don't innovate. Listen to those who know their stuff.

    If you are a geek and know stuff, then do whatever you please. You get the knowledge and power.

    That's all. No contradiction.

    Mrk
     
  25. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    I answered a letter from the bank. It said pay or we'll forclose. :D
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.