Security: knowing when is enough?

Discussion in 'privacy technology' started by Siamese Dream, May 25, 2013.

Thread Status:
Not open for further replies.
  1. Siamese Dream

    Siamese Dream Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    52
    Location:
    USA
    I'd like to think I live by the 'less is more' phrase, but in all honesty I don't know when is enough regarding PC security. There's these items:

    -AV
    -firewall
    -sandbox
    -anti-malware
    -browser add-ons
    -password

    I'd think most of these are the "core" must's. After that it's a secondary line of defense for most people. I don't use much in the way of apps so the need for these things is only out of curiosity. So the question is: when is enough? I understand it's subjective, but still...
     
  2. guest

    guest Guest

    Core must? I don't think so.

    When is it enough? It's when you get a headache by using your security software(s). :isay:

    When is it enough? It's when you aren't getting infected for long periods of time with your current setup. :isay:

    Well, that's just my $ 1 billion. :cool:
     
    Last edited by a moderator: May 25, 2013
  3. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    I think you really hit on it when you admitted it's subjective. It's all based on your personal preferences and activity.

    If you never connect to the Internet, I'd say you don't need any of that stuff. If you simply go to "gmail.com" and log in to check mail, I'd say you don't need any of that stuff.

    Really you measure "enough" as the balance between your risk tolerance and your inconvenience.

    And to unpack that a little bit, you might say:

    risk tolerance = the amount/level of "risky" behavior you engage in with regard to machines you access + the subjective value you personally place on what you stand to lose as a consequence of the top 3 (maybe?) most likely security breaches (based on your personal situation)

    inconvenience = the time/skill/overall cost it takes to institute and maintain the protection method against attacks [minus] the level of protection you get from the method

    Where those two intersect, that's when you've reached "enough."
     
  4. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    For most people:

    AV, firewall (good suite is often more convenient/better), perhaps sandbox if you know how to use it correctly. Browser add-ons ? As a rule, I don't use them. What kind ? Some may be useful, but aside from what comes with your security software it's hardly required. Password ? Not sure what you mean, I use a unique password for each site.
    Anti-malware ? IMO, overkill, redundant.

    Highly recommended: using an imaging setup :)

    For example, good imaging software (still using an old version of Acronis, and Macrium Reflect free) with an external harddrive.

    Aside from the firewall perhaps, for me imaging (and using my brain!) is my most important security strategy.
     
  5. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    - Internet Security Pack
    - VPN
    - Strong Password
    - Patches & Security updates.

    Done.
     
  6. guest

    guest Guest

    Done. :isay:
     
  7. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Clearly you don't know about privacy and the implication that most people want security covered by one program because its just more simple.
     
  8. guest

    guest Guest

    There's anything more simple than MSE/Win 8 Defender? =V

    Privacy is a debatable subject. Make a thread about it and you will get different opinions. Everyone tracks you these days anyway. :ninja:
     
  9. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    If everyone rapes now anyways, would you be okay with being raped? or if everyone murders now days, same deal. Kids like you are brainwashed to think things are acceptable just because "Its normal" or "popular". MSE/WIN 8 don't have bank guards and more complicated automated security features hence security packs. Using a VPN mitigates 99% of security and privacy risk for the average consumer based on IP related privacy risks, why would anyone not use a VPN in modern times astounds me.
     
  10. guest

    guest Guest

    I hope I'm not derailing this thread. :doubt:

    Your cases there are extreme. Okay, I understand it's just an analogy. :p

    Guarding your privacy is such a hard task today. What makes you think your VPN server isn't selling your private data to someone else? What makes you think the security software vendor that you currently trust won't track your browsing habit and sell it to Google? What makes you think that Microsoft isn't going to log your keystrokes with one of its system files? Oh-mega-conspiracy. :argh:

    You don't really need a bank guard feature. Oh hai, web browser antiphishing database, secure DNS filter, and website raters. :rolleyes:

    And that's based on what? o_O Unless VPNs will give an absolutely perfect security solution, it's just yet another countermeasure you can use.

    You are welcome, grandpa~ *puppy*
     
    Last edited by a moderator: May 26, 2013
  11. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    I am not gonna continue posting because this will go back and forward all day. People who know what I'm talking about know I'm right and people who don't won't understand my point of view. So, for now I'm just gonna let everyone do their own research. Why should I care about what random strangers know about anyway? Why should I spend my time teaching others I don't know. I still ask myself why I even bother even posting at all.
     
  12. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    On paper, privacy and security are separate subjects. In reality, they're very intertwined. In some situations and locations, they're inseparable. In many places, Tor is a privacy tool. In others, it's a necessity to your physical well being.

    The original poster needs to define the scope of this thread in order for it to be useful.
     
  13. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    The way their setup works. And the fact that they're in the VPN business, and not the info-pimping business. Honestly I can't really imagine a business model in which a VPN provider could make more money by servicing a small enough number of clients to be able to store that much data, than they could by simply focusing on VPN services and getting more customers.

    Trying to keep all that data is a superfluous unnecessary expense that needlessly increases the cost of doing business, and I'm not sure I see a VPN company getting paid enough (directly as a result of incurring this cost) to warrant shouldering it, for what would be quite useless data.

    ..and if it were ever revealed that they kept logs and/or revealed information to anyone (especially governments), they'd lose virtually all of their security-conscious customers (which, as a VPN service, would probably be a quite significant amount...particularly if "security" and "anonymity" were selling points they used.)

    And let's play worst case scenario and pretend somehow the VPN company completely lied and was able to cover up the fact that they kept logs and would reveal information to 3rd parties...what exactly is this third party going to be able to do with data about the activities of an anonymous person who paid for the VPN service in Bitcoins? :rolleyes:
     
  14. guest

    guest Guest

    @JackmanG

    I was being sarcastic, doesn't seem to be a good one though. :p

    My real point is: nothing is a core must. You can choose to use A but not B with some little C etc.
     
  15. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    I would add at least 1 verified image to restore from. In case of malware, lost or stolen or disc failure.
     
  16. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    259
    Absolutely, data back up should on top of any security list.
     
  17. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    Technological security is worthless without internet smarts. Be as anonymous as possible.
     
  18. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    When you find you're never being compromised the way things are, it's enough. If you find you're sacrificing convenience in the process and fighting your own policies, it's time to trim things back a bit. The goal should be finding the perfect balance of security & usability.

    I used to run LUA all the time, and Admin only to update Windows once a month. But realized it was an unnecessary PITA. So now I run a secure, yet usable Admin utilizing SRP, Local/Group Policy tweaks, and folder permissions. So it's almost like running a pseudo LUA on Admin.

    And even this is probably overkill, namely my Paranoid HIPS. But I like having that control. And it doesn't bother me anymore now that I've set rules for everything, so there's no harm done... no popups. The first 2 weeks or so after a clean format are a bit irritating though, but worth it in the long run.

    I'd say a couple on demand AV's are a core must, if you download things. A real-time AV is certainly not a core must though. And I really never download anything anymore anyhow, so I never even find myself using the on demand ones. I've downloaded everything I could ever want by now. I used to download new versions of CCleaner, and that'd be about it. Now I don't even do that, as the last build of 3, well, I doubt anything more can be done for XP users in mind. All updates now are pretty much for newer OS's.

    Browser addons are certainly not core musts either, just optional.

    Strong passwords... for sure.

    Firewalls... only inbound, and a software one isn't a must, again optional. A router = sufficient, or even built in WinFW.

    IMO DEP is far more important than it's given credit for, when set to Always On or Opt Out. Combined with SBIE it can turn back just about anything. DEP will terminate the program before anything bad can happen, then the sandbox empties itself... no user interaction required. Whether it's just software DEP or hardware, I always encourage everyone to change it's default for system processes only to Always On or Opt Out. Not a "must" maybe, but very useful, and everyone has the option to utilize it.
     
    Last edited: May 27, 2013
  19. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    How are you going to update your software or backup the system? Anti-theft? Privacy/Encryption related? VirusTotal?

    I could go on with various forms of whitelist, or even file/process verification, but let's stop there. First 2 points are what I consider essential though.
     
  20. Siamese Dream

    Siamese Dream Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    52
    Location:
    USA
    Well I don't really know. Guess that's why I'm asking. You can add what you please. I am less concerned with brand names as opposed to the types of security.

    Another thing is complete privacy is an impossibility. If government wants info on your internet travels, they'll get it. Guess I view a security setup as something that will never be impenetrable but where it will encourage thieves to go after an easier target.
     
    Last edited: May 28, 2013
  21. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Deciding what is enough really depends on who or what you want to be secure against. Your PC and the data it contains can be protected against malware by a well implemented default-deny security policy. Defending your system against a skilled attacker, government agency, or big money adversary is much more difficult. If the attacker really wants you and has the resources, it's likely that they'll succeed given enough time.

    Once data leaves your system, you have very little control over it. Securing data from one point to another can only be done with end to end encryption. The effectiveness of that encryption will be no better than the security policy implemented on both ends. If either machine is compromised, the encryption is worthless.

    Anonymity and defeating tracking on the internet is quite different than protecting your PC and its data. These require control over the traffic in and out of your system and control over the contents of the traffic that is allowed. Total anonymity may be impossible, but one can get pretty close with a combination of Tor, VPNs, and proxies. If you're also running Tor as a relay, it makes it much harder to tell which traffic is yours.

    Defeating tracking requires control over the traffic that's permitted in and out of your PC. Much of this is done via browser settings, extensions, or free standing content filtering apps like Proxomitron. Apps like Sandboxie, configured to empty the sandbox when the browser is closed are also useful for eliminating tracks stored on your PC (cookies, LSOs, browser cache, history, etc). IMO, defeating tracking is becoming more difficult than securing your PC against malware.

    Both anonymity and anti-tracking measures both depend on your PC being secured.
     
  22. Siamese Dream

    Siamese Dream Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    52
    Location:
    USA

    Aside the above, what other security do you recommend?
     
  23. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Could you narrow the scope of that question? It's not possible to cover computer, data, and internet security plus the privacy aspect of these in a single forum thread. It would also help if we had some idea of what or who you want to be secure against.
     
  24. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    It is never enough. No matter how secure you are at one point, there will always be another new and sophisticated attack that you will want to defend against. However, as other participants in this thread already said, it is important to make a plan and decide against what kind of adversaries and threats do you want to protect yourself against, and how to proceed from that point on. 100% security against all adversaries and threats is not possible.
     
  25. Siamese Dream

    Siamese Dream Registered Member

    Joined:
    Mar 1, 2009
    Posts:
    52
    Location:
    USA
    -Types of programs that make it more difficult to get into the computer should my PC be stolen. (I've heard you can still get in without a login password if you know what you're doing.)

    -How to be more secure with online purchases. Are there programs that can say make Paypal, etc even more secure within their security system? If that makes any sense...

    -Leaving as little trail as possible while browsing the internet. What are some of the main areas within that? Cookies, VPN, etc.


    I understand these in itself could be broad, but tis the best I could do since my understanding of security is so minimal. The rest I imagine I can TechSupportAlert it for now. Guess the best thing to do is keep coming here and reading. A website that acts as kind of a dictionary for all this computer lingo couldn't hurt though.
     
Loading...
Thread Status:
Not open for further replies.