Parasitic Paranoia

Doesn't wash? I simply answered the question. I do not know anyone who has lost money through Internet criminal activity. I do know people of have been murdered.

 

Interesting thread, specially considering your signature

Why would you need all that, or even using anything to feel safer or secure or safe? Or are you being paranoid as well, in a very parasitic way? If you use all that you either don't trust the Internet, or it just works like placebo. Does nothing, but makes you feel better.

 

I regret posting this thread. It was worded badly and contravened the very principles of a Security Forum.

But my basic theme was that in my world of just ordinary people, no epidemic of threats and infections is apparent. If we spend all our time in a Hospital, all we see are sick people, pain and suffering.

On the outside, this is not such a dominating factor. Life is normal and mostly pleasant and trouble free.

Same with a Forum, all we hear about are threats and we do not get a true perspective of the millions of users that are not experts but use the Internet with the virgin attitude of Goldie Locks. 90% hack on and nothing ever happens.

So what I was getting at, is not to come up with a security system that would defeat the Pink Panther stealing the gold bars in Fort Knox, but to consider a security package that the ordinary user can install with the confidence that it will protect them in the hum-drum of everyday Internet activity.

I am sorry if my badly worded thread offended, it was not intended.

My own security package as shown in my signature has defended me against attack for so many months that I cannot remember when I last had an infection.
Sandboxie has been an absolute miracle.

My good wishes to you all
John B

 

For Windows users, that's called an LUA, being behind a router, having a software firewall, perhaps having a startup items monitor, using an up-to-date AV program (arguably), and keeping Microsoft patches up-to-date.

 

One friend and one relative (both naive in the extreme when it comes to computing in general) both got financially clobbered following a series of transactions online.

One had £4 500 (approx $ US 6,961.35 ) swiped from their account whilst the other had over £2 000 (approx $ US 3,094.30) used to buy clothes from Abercrombie and Fitch in Melbourne, Australia. The owner of said card lives in Scotland!

If I wasn't paranoid before about online banking/internet purchases, I sure as hell am now. It's SafeOnline and KeyScrambler for all payments and even then I'm still crossing my fingers...

 

Paranoia rules!

 

I agree that the threats from cyberspace have been largely over-hyped by the popular press (who typically have very little technical understanding of the issues involved) and by the government (who wish to pass new legislation for more control) and by private security firms (who wish to get lucrative contracts).

Think about it: if shutting down a power plant remotely were so easy to do, we would have seen it by now (yes I am aware the CIA claims it has happened in an South American country but that's not America and I am not sure if it was an inside job or not). Some people have watched "War Games" one too many times.

This is all not to say there aren't real threats (there are), but most of them can be mitigated without new laws or new technologies. All it takes in some cases is a bit of common sense, such as forcing power companies to adhere to NRC rules concerning SCADA systems and how/if they connect to the public Internet. Most of the threats from the Internet are financial ones -- scammers, social engineers, malware writers, etc. Most of the botnets are harnessed for this purpose, not to shut the Internet down in some apocalyptic way. Most of the real villains don't want the Internet to shut down; they want the source of their gravy train to continue to produce and shutting down the Internet would be the antithesis of their goal.

Mankind has always had those who panic and predict the end of the world -- it happens in every era with every new technology.

 

Sensationalism in cybersecurity stories is not a new media phenomenon, of course: the mainstream media has always played to the human attraction to sensationalism.

Where the mainstream security media fall short is failing to cover proactive solutions to the various types of cyberattacks. A good example is the current "dll hijacking/binary planting" vulnerability. The use of "binary" is to cover the possibility of executables other than DLLs being used in the exploit. This will be another heyday for meda coverage in the coming weeks.

Often times wrong information will come out in an article, and this article will be picked up by dozens, even hundreds, of other sources.

A good example is from several years ago, during the digital picture frame USB exploits. One security researcher was interviewed by an online newspaper, and gave the impression that a particular trojan his company had discovered could re-enable any autorun settings that had been disabled by the user.

I wrote the researcher and said that would be a pretty nifty trick: if autorun is disabled, how can the trojan run in the first place from USB? He responded to me that he had been misquoted by the writer, who didn't have much technical expertise.

I asked if he was going to ask for a correction. He said no, because he was too busy. Well, it turned out that on his company's web site was a big blurb about how their security product would prevent this trojan from doing any damage.

This story was picked up all over the internet.

While there aren't too many examples of this type of misinformation, nonetheless many of the sensational articles are misleading at least, to the unaware, and lead to fearful reactions on their part.

While the fact that many applications are vulnerable to this DLL hijack thing, none of the articles I've seen suggest that the users

1) assess the risk/probability of being tricked to click on a malicious file that would trigger the exploit

2) review their proactive security strategy, to include

• policies about opening unsolicited files
  
  
• security in place to prevent the running/loading of unauthorized executable files

Both of the above have been mentioned by Wilders members in other threads on this topic.

Those Wilders members have a good opportunity to educate those in their sphere of influence.

----
rich

________________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier

 

Don't regret it. I just couldn't understand why someone like you (security-aware, at least for the signature you have) could start something like this.

I'm afraid this is a bad analogy. You'd be surprised by the percentage of people, who are very ill, and are not in hospitals, either because they can't afford it or simply know there isn't anything a hospital can do to help them out.
Many other people simply struggle against whatever they have, despite, for example, doctors say nothing is possible to help them. They manage to live years only with their will.

Not the same.

I agree. They don't need all the panacea that most of us can and know how to make use of.
They need simpler solutions, and they do exist, starting with least-privileged accounts. They don't need to be experts to be secure. They need to conscious that the danger does exist. If their systems become infected or not, it is up to their actions.