Are we not head over heels with security?

Discussion in 'other security issues & news' started by Mrkvonic, Nov 7, 2005.

Thread Status:
Not open for further replies.
  1. realnoob

    realnoob Guest

    The irony is,while the original poster of this thread snipping at others for playing security expert he himself is guilty of doing so. After all what else is this thread but an attempt by someone who thinks he knows better, trying to guide all the other misguided people? Playing security expert.

    PS Yes, I'm playing security expert now too, but I admit it.

    PSS If "beef" is an expert. So is Notok.
     
  2. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Beef,

    Hope you get feeling better quickly!

    As to the rest, it is solid advice. There is a difference between coherent layering as a structural strategy and randomly piling on application over application. A while ago we had a thread on You can only have 4 Anti-Malware apps: What would you run?. This really should not be thought of as the barest coverage conceivable. It's possible to use 4 or fewer security applications and be well fortified; it's also possible to use a dozen security applications and be completely exposed. It's all in the selection, design, and how well it matches your personal exposure profile.

    The fact is, one of the better AV's (BitDefender/KAV/McAfee/NOD32/Symantec-Norton) coupled with a decent router (my preference over a software firewall - but you should have one or the other) really covers the majority of the populace quite well. That wasn't the case 6-12 months ago when classical AV's did not handle spyware as aggressively as they do now. That does demonstrate some of the fluidity in the landscape. At that time, an antispyware app was quite beneficial - it still is as an on-demand checker for most systems, and it borders on necessity for some of the weaker AV's. As malware employs new approaches, dedicated applications typically lead the way in handling them. That will generally always be the case. Over time, one can expect incorporation of needed functionality into suite type applications. There are numerous examples of this beyond spyware in AV's. Whether a user opts to stay with the specialized coverage or a suite approach often falls to personal preference. What a user generally shouldn't do is to try to embrace both approaches - that can result in conflicts and system instability.

    One other aspect that I would mention is that having tools at your disposal as required is different than having a extensive collection of realtime monitors constantly scanning and providing mutliple checks on your activity. I have many tools installed and ready to go if needed. However, very few are active all the time.

    Finally, some of the more powerful tools available really are not suitable for casual users. These applications do provide the enhanced security advertised to anyone knowledgable in the subject matter of the alerts, but, in my experience, that generally does not extend to casual users. While it can be comforting to use the strongest tools available, it is as important to understand the use of that tool before installing it. If additional education is required beforehand, that should be pursued, and it is usually something a tad more involved than obtaining a list of preferred settings from a more experienced user of the product.

    Blue
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,839
    Hi,
    I was not snipping anyone. I was trying to "bait" people into presenting their views. There is not "right" approach here. There is no ultimate truth. I am just curious to know how many of us have had their security give any sort of warning. How many had the entire selection of programs blazing with warnings. That's all. I think that most of us have security arsenals far exceeding the actual everyday need. Almost like nuclear weapons.
    I'm not a security expert. But I think I'm capable of suiting the internet to my needs. And like Zanetti said, sometimes 4 apps are enough and sometimes even 40 would not suffice ...
    Cheers,
    Mrk
     
  4. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Thanks Mr .
    I saw it for what it was . That is why I chimed in . As for Beef , I hope you get to feeling better my friend . As for Beef and Notok being experts . They are both very good at saying what needs to be said . There are some in this forum that are experts yet , no way for you to tell who they are . Not that it matters but , I think Beef was fine for saying what he said . MrKvonic made excellent posts too . As with Beef , I had a problem with how someone in here approached this and so did Beef apparently . No need for anyone to get upset . Everyone just trying to get some points straight . I have said before that most in this forum are paranoid . I just like to play . Computer security was a job . Now , just a hobby . I can run a single application and be safe . Just one . I do not . I have for the last week as a test . As Mrkvonic said . It could be four or forty . As helpful as this forum can be , it is harmful as well as the noobs start reading posts and think they need everything ever released . That is how it looks in here . It really is simple . Try different apps and see what you like . Looks , speed , effectiveness , and so on . If you want 40 , load em up . If you want only 2 , you can do that and still be very secure . The choice is , and always has been , the users . The noobs need advice and they can find it here . Some " experts " need advice on some things too . Just all play together nicely and give advice when it is asked IF you have an answer . Many times , people try to be too technical and thus , confuse newer people . That is my 5 cents worth . HURRY UP AND GET BETTER BEEF ! The wannabees want you back so they can rag on you .
     
  5. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Mrkvonic,

    I more or less skipped your primary question, so let me handle that now.

    I frequently have my security programs alert me. Now let me qualify that. It is invariably connected to assessing the risk associated with links others post on this site. In my personal surfing, it is extremely infrequent, but it typically occurs under the somewhat distressing circumstance of a google or other search where I am looking for somewhat vague information and I wander to a compromised or malware infested site. If one is seeing alerts more than a couple times per year, either the alerts involve relatively benign, but usefully flagged conditions (e.g. tracking cookies and so forth) or the user has a rather risky surfing or usage profile. My personal opinion is that most users underestimate the potential impact of an infrequent exposure. Hence, while I believe that true near misses or malware hits are infrequent, failing to adequately plan for them is foolhardy.

    Unfortunately, most alerts are benign and involve flagging of potential malicious actions that are safe in context. An example would be a registry monitor going crazy during an application installation or configuration.
    I'd agree, most of our arsenals more than address the threat. That is really as it should be. The issue is whether achieving that level of protection subverts the primary function of the computer - this is an all too easy a trap to fall into.

    Blue
     
  6. controler

    controler Guest

    I agree, Even as a tester I would not recommend alot of apps installed at one time. In fact the efwer the better. That way there is no conflicts. I often reformat before testing a new app. Then will add an app here and there to see compatability issues.

    There is a thread going on over at DSLReports most of you may be aware of.
    Blake ( Linklogger) is setting of various cheap routers and inviting the whole world to try slip packets by any of them. He gives his IP address, leaves some without SP2 ect. A few have been able to slip some packetc through a few of them but at present he only has XP's internel firewall running and as of last night. Nobody had sliped any packets by the plain windows firewall.

    Like beef says, you can tweak alot of your apps yourself just by seeking the knowledge. in this case, most the commands are done from the DOS prompt and alot of newer computer users never had to know about DOS.
    Funny how MS still gives alot of demos using DOS commands. The latest rootkit video being the latest example.

    I saw for noobs and pros alike, the future will be suites. Well intigrated suites
    with the best protetion.
    KAV, Norton, Mc afee to name a few have gone this route already.


    controler
     
  7. realnoob

    realnoob Guest

    Mrkvonic my apologises about the sniping part, I was talking about someone else

    I think part of the problem is that leaving asides genunie disagreements about how much is necessary (eg Blue's framework on what is needed looks logical, but even then i bet some would claim that it's not a necessity), the less experienced who are caught in what I call the "Do I have enough? stage" are misled when they see relatively experienced people seem to be running and discussing all kinds of new, beta and advanced stuff.

    The natural implication of course is that they need these stuff too as well.

    I define the "do I have enough? stage" as people who just recovered from an infection, found this forum and are determined to prevent this from happening again. They feel Violated! This stage can last for months if not years.

    They are relatively new to the game , easily paranoid, espically when they read (and semi understand) about all kinds of threats , espically high level theorical threats, and constantly afraid they are not protected enough. You can see these people starting threads about "Do I have enough" , "Do I need antikeyloggers (or whatever class of software)?" or specific questions like "Is KAV better than Nod?" And woe betide if they get false positives (very likely if they run a lot of scanners), they will remove it before anyone can confirm they were really infected, and this pushes them into yet another cycle where they doubt they have enough protection.

    "Testers" (people beyond the do i have enough stage, but continue to test new security software for fun, or for some insane desire to the endless search for perfect security) sometimes unwittingly contribute to this paranoia, all it takes is a couple of people talking about testing this new hot security software, and a lot of people will take it as an implict recommendation , and soon you will have "Is this <insert security software being discussed> necessary?" threads poping up.

    Eventually most people will snap out of this phase, if they stay here long enough and knowledge starts to remove some of the fear. Most do learn the virtue of moderation, while others might continue to run all sorts of software, but when pressed would concede it's not strictly necessary, but more of a game. They are perhaps "testers", or people who just like to keep up with the trends.

    Then there are those who suffer a blacklash, and start removing most of their security software, because they find they can surivive without it. They are the ones who start posting about how they can surivive without an AV, a firewall, etc etc.

    This can lead to conflict espically with those who are still in the lower stages who have a overblown fear of unknown dangers, and others more knowledgable but who still feel implictly critised because they continue to choose to run these supposedly unnecessary security software.

    Except for people in the "do i have enough" stage, i think those beyond it, play security expert without much harm as long as they don't threaten doomsday if security program x is not used.

    Of course many of us , don't go through all the stages, some of us for example have always being interested in computer security, and come to the forum with more knowledge.
     
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,839
    Hi,
    @realnoob, nicely said (no need to apologize...).
    Our approach to secuirty (not just computer, but in this case...) is governed by instincts. We want to be as safe as possible. And sometimes, this can drive us over the edge. People should always remember that computers are only dumb machines. We have our personal data to protect (porn etc...), but these can be saved to disks. After that, you can shotgun your computer. Format until the hard drive runs thin. When a person reaches the state when he knows he masters the beast and not the other way around, security will become efficient. People will use what their sense governs and not what their fear does, testers and hobbyists excluded.
    Apropos DOS and command line, it is really useful that people try it, even those that never used DOS. It will give the user a feeling he controls the machine with smart little commands rather than play with buttons on a GUI beneath which all hell breaks loose.
    Mrk
     
  9. Beef

    Beef Guest

    My visit to the hospital reveal severe bronchitis......looks like I'll be staying in bed a few days.





    realnoob


    "PSS If "beef" is an expert. So is Notok."

    Are you sure that you want to make this a personal issue ? That would be rather pointless since you know absolutely zip about me...so your comments have no value


    Actually your last post I thought very good.....it made lots of good sense.........making such a post does far more better than taking a swipe at me.





    All in All the posters and their comments have been exceptional......things are being put out front for discussion that should have been brought up years ago..........an the highly intelligent manner its being posted in..... certainly deservers respect.....as do the posters.....

    This is what needs to be done.......an thats part of what I am saying in my statements. An you can damn well bet I know every real security expert at this forum.........an everyone who is not. The posters in this Thread are good people capable of giving good advice..........an I would take their advice in a heartbeat..........BlueZannettiis as honest as they get.........
    an controler has been around for years trying to help.....,,

    No one is suppose to have All the answera.........but a nooob should not be left to the mercy of some worthless wannabe either........so take a real good look at who is posting here.....and if push comes to shove back them up...........this is your forum.......a forum for good people

    I have no desire to be a security expert.....thats never been my goal.....but offer the years the security experts taught me more than I ever dreamed possible.............an all I would like to see is the "good guys" doing the same for every nooobe that drops in..........an not just sit idle while some wannabe mis-informs the nooob

    realnoob, this applies to you as well.......you are intelligent.....awear of the situation......you speak well.....you are the type of person for the job......not someone like me.........

    hollywoodpc...sure hope you hang around the forum....you have a special gift of insight thats needed here


    Mrkvonic....you have the courage to ask the hard questions....thank you
     
  10. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    It's fairly simple and easy to understand.

    :ninja:
     
  11. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    The hammer that hits the nail.

    At the heart of paranioa is lack of control.

    At the heart of lack of control is ignorance.

    Regards - Charles
     
  12. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Sorry about the illness Beef .
    All in all , it has been productive . And , I am in COMPLETE agreement with you Beef .
    And beef . I think what you have is bacterial but , you may want to get a second opinion about your illness in the antivirus area . Just in case it IS a virus . The wannabees might have some good advice .
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    9,839
    Hi,
    Maybe you should upload your medical results to jotti. They might discover that you do not have a bronchitis virus but a bronchitis trojan dropper...
    Mrk
     
  14. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    I could but , It is probably a virus . lol When Beef comes back , we will let him decide . Hope he does not think you are a wannabe Mrkvonic . If he does , for sure he will not go to Jotti's . :D :D :cool:
     
  15. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Post by realnoob removed.

    Last reminder Ladies and Gentlemen, any further personal jibes and this thread will be locked.

    Blackspear.
     
  16. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Just a comment to all..., there's no real purpose implicitly challenging anyones unspoken credentials, nor is there any gain trotting out unverifiable claims of credientials. What we say here and elsewhere in discussing security should stand or fall on its own merits whether we are an objective subject matter expert or not.

    To borrow a medical analogy playing on Beef's current state, when we go to an aid unit, we may see a doctor (technical subject matter expert) or a nurse practicioner (operational subject matter expert). Alternatively, we could discuss our condition with a random person in the street. In all three cases, we generally don't have direct personal knowledge of the technical background of any of these people. We typically have confidence in the advice of two of these folks based on the context of their position, despite their vastly different levels of training and global skill sets, and would probably avoid the third option. So it is here. There are the genuine technical subject matter experts who can discuss anything within their portfolio is detailed technical terms - there are certainly only a few of these. Then there are the operational experts. Significantly greater in number, narrower in focus, relying on experienced based knowledge. Within their expert portfolio, they may provide better operational advice than the academic technical expert working somewhat outside their area of direct expertise. An operational expert won't be able to dissect the inner causes of problems, but they will be able to get you back on your feet and on your way. Finally, like your friends cajoling you to visit a doctor, the men and women in the street will probably also voice an opinion. In most cases it will be a solution for what is perceived as similar symptoms that they have tried with success in the past. If your health returns, does it really matter where the advice ultimately comes from? No, good advice is good advice. At various times we've all of us have likely provided valued assistance to those in need, as well as dispensed pearls of wisdom which in hindsight were ill-considered. I will personally and publically plead mea culpa to both.

    In my day job, I'm a PhD scientist in a technical discipline. I direct a fairly large R&D section and personally lead some large project teams. The range of folks under me span high-school graduate only up to fellow PhD's. The fact of the matter is that some of the lowly high school only graduates with 20 years of operational experience demonstrate higher proficiency levels in their technical work area than reasonably fresh PhD's. They can't always articulate the arcane technical rationale for their approaches since there knowledge is cast by experience, but many times I trust their judgement more, and I can provide that technical analysis for them if needed. Such is the lot here. Experts can indeed provide poor advice, while the non-expert may forward the more reasonable operational approach to take. Dry credentials are not everything.

    Lastly, realnoob's "four stages of security awareness" does strike a bit of a chord with me. I see it reflected in many posters here and elsewhere. I can't imagine any other progression myself, it's that way with knowldedge acquired in the course of crisis. On the other hand, aggressively confronting qestionable advice from those whose training is in progress is counterproductive, while offering a reasoned counter analysis can be educational to all. I try to personally refrain from labeling anyone a wannabe, since I sincerely hope everyone is a wannabe of some sort. Even the expert should want to be a better expert. Expertise is not static, it has to be renewed to changing circumstance.

    Comments offered by anyone here should be viewed as presenting either an opportunity to learn, or an opportunity to teach by use of counterexample. We shouldn't let these opportunities fall by the wayside.

    Blue

    PS - Lest it be unclear where I place myself in expertise - I'm a battle weary man-in-the-street. No more, no less...
     
    Last edited: Nov 9, 2005
  17. realnoob

    realnoob Guest

    Well all i can say is, I didn't start this. :) If you want to label others noobs and wannables, be prepared for others to label you the same!


    I agree that in normal circumstances, you can't tell how good someone is, just by looking at his posts. Most of the posts discuss generalities, which is subjective. Anyone here can give a semi reasoned answer to the question "Do I have enough?".

    Though you do at times gain a sense of how lacking someone is , when they start posting patently false information in response to arguments and I don't meant false because they don't try to be inaccurate but false because they clearly don't understand the fundmentals.

    Of course, these same people sometimes call others noobs and wannables...


    You need more imagination. :) And I specified 3 stages really. At the fourth stage, they leave Wilders for more technically oriented channels.

    At stage 3, people do react differently though. The "testers" (Vikorr,Notok) and the minimists (Remus) for example.

    And I thought i was long winded. But yes, that is what i'm saying, but apparantly it's against the TOS or something, since people keep deleting that.

    On second thought i agree with beef, we should stop wanabes and noobs from posting advise. :p
     
  18. roflmania

    roflmania Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    17
    word :cool:
     
  19. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,304
    I know little about all the security programs, and I find this and similar discussions helpful, although I do not understand all that is said. I have recently uninstalled some programs that no doubt are good, but duplicate what I have. I am not sure but what I am still “over secured.”

    I currently have running full time, Bit Defender 9.0, LooknStop, Ewido, Counterspy, Snoopfree, UnHackMe, Win Patrol Plus. In addition, on demand, I have Spyware Blaster, AdAware, Spybot S&D, Spyware Doctor, Dr Webb Cureit, and CCleaner.
    I am also behind a NAT hardware firewall.
    My surfing is very safe, and I never go to "risky" sites.

    My computer runs well, and there is no conflict except sometimes with BD when Counterspy has a major update or version change, such as a week or so ago. It gets corrected and all is well.
    There are so many programs, and so many praises for them, that it is difficult for some of us to determine what we really need. We do get excellent advice from Wilders and a couple of other forums. Thanks all.

    Jerry
     
  20. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Personally, I find it more productive to engage the points made, rather than the person making the points.
    As you probably realize, the most difficult aspect of any discussion of complex systems is appreciating where your knowledge ends and speculation/misinformation begins. Things can seem quite reasonable and still be patently wrong.
    That is an unfortunate reality. We do try to reign it in as needed.
    You left out the stage at initial violation. They're not even ready to consider that a concept of enough security exists.
    I'd agree, there can be a branching as folks progress.
    Mea culpa here as well. But you do know where I'm coming from when you're finished reading. I'd rather be longwinded and clear than terse and vague.
    Personal bashing is against the TOS. Keep it civil and on topic, and it will remain.
    Whenever someone is challenging themselves with self-education, there will be a phase in which their desire to assist outstrips their knowledge. At that point it is incumbent on the community of those knowlegable to gently correct the fault. Unfortunately, in open, largely anonymous, forums, many feel compelled to fire a whithering broadside of invective rather than gently redirect the discussion to its proper course following excursions with ill-considered recommendations.

    Cheers,

    Blue
     
  21. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    I never said anything bad . At least , I do not think I did . This is for any moderator .: Am I to understand that the term noob or newbie , is considered a bad thing ? If so , congrats . You have done it again . Why can people not understand here that noob or newbie is used to describe a newcomer to this OR anything else in life . Shall rookie be better ? NOPE . Why ? Because rookie is the same thing !~ Sheesh . Why all this stupid criticism someone using that term ? This is about as ridiculous as it comes . Is everyone in here brainless ? I do not understand and would like an intelligent answer as to why that word is a bad thing . I can assure you that NO answer given can change the fact that newbie is NOT a bad term . Neither is rookie . Answer if you wish . I just want to know why all this stupidityone word that means nothing other than describing someone new to the area . Rookie , child , come on . This is really unbelievable . Iguess we can reduce it down to referring to a new person as an idiot . Would that be better ? I guess I am an idiot then when it comes to things . My suggestion is , if you are stupid enough to take newbie as a derogatory word , give us something better OR , better yet , get a life . I am not trying to be hard here but , none of this should be relevant in here . We all should know what newbie is describing . Nothing more , nothing less . I think Vikorr should come back . Vikorr is ok . And will I apologize for using the term noob or newbie ? No way . Guess you better ban me then . I have NEVER used it in a way aimed at putting someone down . And , I have yet for anyone to tell me that it was taken that way . This is truly a sad day .
     
  22. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    By the way . A rookie in here has referred to himself as a noob . Check viruses and worms . Uh oh . Guess we better crucify him too .
     
  23. dog

    dog Guest

    Hollywood the term itself isn't offensive ... but when used in certain context(s) it certainly is.

    The thing that is sad ... is your rant over this issue. Totally unnecessary and uncalled for. :'(
     
  24. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Sad ? Maybe . And you do not find it sad nor does it bother you all the useless crap that has gone on in here over that term . You dog , obviously have a problem with me . I will not comment to you again . We have had problems in the past . Bottom line is , I have yet to see it used in here as a bad thing . Yet , many have gone overboard in here talking about something as stupid as this . So , I added my rant . I take offense to anyone saying that it is a bad thing . Again . I did not see it in this thread or any other as bad . Not to say it was not used in a bad way in a thread I have not seen but , this whole thing is sad . Nice to see you think it is only me . I am ranting because many here keep this thing alive by talking about how bad the term is . My goodness . Seems to me that the people saying it is bad are the ones casting lablels . Saying it is wrong to use a perfectly legitimate term to describe someone . As a few new people in here already call themselves that term .
     
  25. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,730
    Location:
    Toronto Canada
    I'm probably in between stages two and three having avoided the initial stage Blue added.:D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.