Accepting security changes - old habits die hard

Discussion in 'other software & services' started by Mrkvonic, Oct 16, 2006.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,697
    Hello,
    This may be only me, but i was thinking.
    It seems to me that newer anti-whatever applications are being welcomed with far more suspicion than before. The probation period never seems to end and despite (hopefully) earnest efforts, it seems a large number of the newcomers have a hard time proving themselves against the background of a few veterans. One of the most notable exceptions in this case is Ewido.
    My question is, is the solely the matter of time that dictates quality? Spybot has been around for several years. Does that mean that today's newcomers will be tomorrow's cream de echelon, in 2008 or so? Or are there other factors that affect the mood?
    And how does an average joe judge the situation? How does someone for whom Norton is the holy word of security get the feel of the market?
    How does a Wilders' member feel about it?
    When you read about a new anti-spyware or something? What is your first reaction? What do you think?
    Mrk
     
  2. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    I've been studying marketing techniques of the online community recently, and it would seem that blogs and forums like Wilders have an impact on the general trend of what we should get in order to protect ourselves. But I don't have hard facts to prove myself.

    But reviews in magazines also play a big role in who gets the attention as a security product.

    I'd definitely be interested in hearing more on the issue.
     
  3. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Mrk,

    These are my opinions only.
    Time does play a factor on quality in that a mature product will likely have more of the bugs worked out. It also lends the product some additional clout for having survived in the marketplace for a period of time (if it wasn't good, they wouldn't still be in business).
    The same way that one would be wise to wait for the release version rather than an alpha or beta version.

    That doesn't mean that people should not be open to new products and ideas.
    There will always be a better way to build a mouse trap.
    You can have mature products that are really bad compared to some of the new innovative products.

    So time affects quality somewhat, but it adds to the perception of quality more.
    Maybe, if the newcomers can show they have a proven track record and are proven to be better than the old guard.
    Yes, "unbiased" tests, expert opinions (reviews), and all the forms of marketing and advertising.
    Brand loyalty and products one is familiar with and trust has a lot to do with it.
    Joe "buys" what he can see, so unfortunately it boils down to Brand A or Brand B which have the best marketing of all the possibilities.
    Maybe he reads a review or two from a major computer magazine to get what he thinks is an unbiased opinion.
    Maybe it is, maybe it isn't.
    He then makes a decision and buys the one that is the most appealing.

    Research, research, research. He should read all the reviews he can.
    Visit security forums to expand his horizons beyond what is most popular.
    Most popular often means best marketed and should not be a guide for a product's quality.
    It is possible for a product to be good quality, popular, and well marketed.
    I feel much less like a sheep being herded wherever the marketers point.
    I try to research a product as much as possible.
    I have found the forums to be helpful here.
    My decision making process is influenced somewhat by other people's posts.
    Hopefully I will have done enough research to get a good general overview of the product's quality.

    My first reaction is...
    Why isn't there an independent lab that would have a thorough scientific unbiased test of all the security products?
    The companies would pay a yearly fee to be tested twice a year and appear in a commercial security products report that would be published twice a year.
    Open source solutions would be tested free of charge only once a year (or every other year) and appear in either an open source security products report once a year or in a comprehensive report containing all products.

    I also think...What do other people think about this new product?
    Without having the skill, time, or money to scientifically test all the products yourself, there is only so much one can do. You have to depend on other's opinions be it reviews, reports, or forum threads.
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Recently, I've spoken with several System Administrators - one at a college where I taught. I'm interested in their current thinking on the state of security. The media is full of reports about the onslaught of attacks, and that the future looks bleak.

    Perhaps surprising to many, these Administrators reported decreases in malware attacks. This is due mainly to insuring that users follow strict protocols. For example, in the DFK test scenario mentioned in the PG Forum -- where Judy receives an executable email attachment from Carl -- that wouldn't have happened. Carl would know not to send such a thing, and Judy would not be tempted to open it. (another reason below)

    So in addition to educating users, what else do they use? Very little. As far as "anti-whatever applications," you might be surprised that these Adminstrators wouldn't have heard of hardly any of them. "Ewido? Prevx? What are they?"

    Two schools use Deep Freeze on all of the workstations, managed/updated campus wide through the Administrator Console. The Enterprise (Institution) Edition sets up a Thawspace (virtual) drive for user files. Deep Freeze is the only security product on the individual workstations. (router is at the server) Some groups of computers have Software Restriction Policies enabled (see SpikeyB's posts about this), which are also protection against Remote Code Execution on the internet. These schools have =zero= malware problems.

    The only other protection is at the network server. A second reason the Judy-Carl scenario could not have happened at one school is that all executable attachments are stripped at the server. Other safeguards include the powerful anti-spam filters, and monitoring/logging of the T-3 bandwith for excessive network traffic. And a few others.

    One can say perhaps that the situations in these institutions are not relevant for the average joe at home.

    But I would argue that they are relevant.

    1) Users are users, whether at home/school/work, and can learn to follow good rules for security

    2) More ISPs including mine, now strip executables at the server. Recent examples I've received:

    Original message:
    Code:
    To: xxxx
    Subject: Hello
    From: innocentdevil14 @ hotmail.com
    
    Here are your banks documents.
    
    
    Message from ISP:
    Code:
    To: xxx
    Subject: MDaemon Notification -- Attachment Removed
    From: Postmaster @ xxx.net
    
    The following message contained restricted attachment(s) which have been removed:
    
    From      : innocentdevil14 @ hotmail.com
    To        : xxx
    Subject   : Hello
    Message-ID: 
    
    Attachment(s) removed:
    -----------------------------------------
    document.pif
    
    Another removed:
    Code:
    Attachment(s) removed:
    -----------------------------------------
    body.scr
    
    (Because of this, I no longer get neat stuff to test via email. Although my ISP would let me look in the Server quarantine box if I wished, but I haven't taken the trouble to do so)

    3) Administrators control the installation of programs. None have ever had trojan/spypware/adware attached. Why not? They insure that the source of the products is reliable. It goes without saying, of course, that web sites offering bogus/pirated/silly freebies software are avoided.

    Is this not also possible for the home user? How much misery could be prevented just by observing these simple procedures.

    I've approached security using the models I've observed at the schools. If they are successful, something must be working.

    As such, I've found that I don't need a lot of products, so I admit ignorance to most of the stuff to which you refer, since I don't keep up with them.

    Using this approach, I've had success with the home systems I helped set up for others. Malware certainly has become more sophisticated, but the methods employed haven't changed much: somehow, it has to get installed and run an executable.

    In response to your thread title, "Accepting security changes - old habits die hard,"
    I would say, actually not!

    If the habits work, why change?

    regards,

    -rich


    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    The average joe only reacts, when something serious happens to his computer and he will ask for advice in his neighborhood.
    Then he will install the adviced security setup, hopefully keep it up-to-date and never change it until something else happens and so on.
    The average user is only interested in work and hobbies, not the boring stuff of security softwares.

    My 1st reaction : "Why did this company re-invent the wheel?" We have already so many AV/AS/AT/AK-scanners.
    My 2nd reaction is to check the list of rogue Anti-Malwares.
    My 3rd reaction is not to use it, because these NEW scanners can't compete with the existing advanced+ scanners.
    My 4th reaction is to read the comments of the users.
     
  6. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Good thread
    Good discussion
    Everyone will have an opinion.
    Devinco: good analysis
    So many points to reply to so I'll just offer this: slight tangent

    There are obvious quality issues from soft to soft, non-perfect.
    You use SPybot as example of possibly "long in the tooth" utility but updated constantly dedicated team and developer support ++ and despite some recent tests downgrading it it still works better than most imo.

    Heh: look at latest release of SpySweeper; ****-ups all over the place.

    Agree.; no single best, but having learnt from here have gained the expertise and experience of all: "community based" protection.

    The commercial interests of publications owned by conglomerates is a great worry. Mags have given SS great reviews but look here:
    http://reviews.cnet.com/Spy_Sweeper_5/4505-3667_7-31929421.html
    even these sites subject to spamming yea or nay

    Dont forget how many people have NO AV/AT/firewall
    Just check some of the HJT logs in the other forums: there is often NOTHING.

    Saw somewhere the estimated userbase of Prevx is ~500,000 !! drop in the bucket for www.

    Remus;
    I know what you are getting at but there was an article recently (really) from some "respected" some one or other noting that the flow of malware is now massive.
    Administrators and organisations not seeing it because they do not recognise it was the point of the article.
    Just think of all the major systems compromised in the last 12 months.
    At least that college is recognising one of the greatest risk is human error and have removed that as far aspossible from their equation.

    If Spam is ~80% of www e-mail, what makes anybody think malware is not up there?

    Deep Freeze and the like are the go for static systems but maybe not an option for evolving ones?
    restricting web sites may be fine in the same circumstance but imo is against the ethos of the web.
    If all we try and do is build fortresses then they have already won :mad:
    (heh practical considerations may override philosophy)

    Answer 1; Fear. answer2: ego
    If the automobile industry can do it with crash testing then so could SOftware!

    Could carry the car analogy a little firther:
    Current cars way better than older ones, do more for equivalent of less; safer ?? sort of, but still a blight. Some idiots will still crash!
    Similar to software: feel like surfing with W98 and norton 2001?
    Still there is convergence and parrallel evolution of current security softs: look alike do same things: we pick what is best in a similar way to buying a car. Doesn't mean a 1950 Mercedes gullwing doesn't rock, just wouldn't take the family for a long trip!

    Time up!
    Rant off
    Regards
     
    Last edited: Oct 17, 2006
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Statistics are useful, as long as one doesn't feel that s/he is necessarily prone to becoming one of them. Old saying: "Just because Miss Pidly's shoes are too tight, why should my feet hurt?"

    This can be inspiration that it can apply to home users also.

    Agreed, but just because it is "up there" doesn't mean it has to come "down here." Too many ways of avoiding it today, and for that which does get by filters, well, no one is forced to open such stuff.

    Some one recently used the Garden of Eden allegory as an example: The snake didn't twist Eve's arm, it tempted/tricked her.

    Excellent point: certainly one's computing habits determine what types of working environments one wants.

    I've never thought of it as a fortress situation, rather, one of making choices. If I'm walking downtown and pass an Adult Bookstore, I don't have to go in.

    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  8. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    @remus
    :thumb:
    xactly, but there are those who would lock it up: one small step from adult bookshop to any bookshop

    Regards.

    heh you cant say regards, i say that :D
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Understood, but in the situations I described, web sites are not locked or restricted. Just wise decisions made on the part of the users.

    ok, bye :)

    -rich
     
Loading...
Thread Status:
Not open for further replies.