Who says safe computing must remain a pipe dream? | Perspectives | CNET News.com
I find Bruce Schneier to be a voice of calm reason when discussing matters of US national security. He exposes rhetoric and overreaction with clear and concise arguments, explaining his position succinctly, and demonstrating why a particular measure will not achieve the desired results. The majority of his writings, except for the books, can be found on his website at http://www.schneier.com/.
However, in the case of his essay, Who says safe computing must remain a pipe dream? | Perspectives | CNET News.com I believe he fails to see what the real problem is.
First I agree with some of the recommended steps, while others I must also question. While it is not something that I do myself, I would agree that a normal home user should shut down the computer when it is not in use. His advice for laptops and PDAs is perfect. His advice on backups is also reasonable, though the expectation on how this is to be done is the crux of the real problem. The recommendation to limit the number of applications to only those that are actually used, and to keep them patched is ideal. The advice on browsers is also the same as what I recommend, not only for the home user, but also for the enterprise user. All ecommerce web sites should be used only after weighing the options, if it can be done easily offline then probably the security concerns should preclude doing it online, simply because even the best run, most secure site may give up critical personal or financial information of yours to a hacker, or you may mistakenly give that information yourself to a phisher. I agree with most of the advice about email except that I found Outlook 2003 to be acceptable. Each home user should have a firewall as recommended, but it is only the Window OS user who must pay, both Linux and Macintosh computers come with adequate firewalls for free. Even the newer versions of Windows, such as XP SP2 will have an almost acceptable firewall included. The rest of the recommendations may be good advice for a relatively experienced user, they are beyond the capabilities of most users to implement and follow.
Backups are more easily doable, by a home user, in Windows, than in any other operating system, but it is still too hard. Especially the process of doing a restore, when the inevitable happens. The backup and restore process was developed for the system administration professional, not for the home user. Performing backups in Linux requires considerable expertise, and is not possible on a Macintosh running OS X, without adding a third party product.
I use all 3 operating systems in my office, and have administered Unix system going back to 1985 in the enterprise environment. I actually decided to get very serious about information security when one of the first Linux computers I ever installed was hacked within 15 minutes of connecting to the Internet. My personal favorite OS is the Macintosh, especially from the point of view of security, but there is a significant premium at the entry level for the purchase of a Macintosh, in part because it contains a higher security value. I understand the recommendation to delete "command.com" and "cmd.exe", but would extremely wary of actually doing so, as these programs are not in themselves security vulnerabilities, and are in fact necessary tools. Similarly setting Windows Update to automatic is not a panacea as the process fails with a high regularity to correctly apply the necessary patches.
The advice on passwords is partially correct. It is nearly impossible to remember a truly secure password. I have to agree with Mr Gates here, passwords have past their best by date, but the technology to replace them is still some years away. So if a user creates a secure password, but needs to write it down the problem then becomes where to store it. It should never be in the same wallet as banking information, such as debit and credit cards are stored. Storing these items together is like storing a weapon with its ammunition - something is going to get shot, or substantial sums of money are going to be lost, which the bank will not replace due to user stupidity. Perhaps Bruce Schneier did not want to pump his own product, but he has created a password vault tool. I recommend you use it or something similar for storing passwords.
Every user should run antivirus software, and yes the updates should be installed as frequently as they are available. I object to the automatic update of virus data as the vendors are generally using tools to perform this update, which are themselves vulnerability vectors. Non-windows OS users should also run antivirus software, even if there are none or nearly no virus vulnerabilities in their OS, as a windows virus can be harboured in their OS and later transferred.
I disagree with the recommendation on antispyware software. There are not enough reputable firms participating in this effort and the ones that are reputable are not a complete solution. If the user does not know how to avoid spyware in the first place, they will not be able to adequately combat it even with the best of the current crop of tools. If spyware is a problem do not use that computer for any ecommerce or keep any information that is important or should remain private on that computer, or any computers also connected to that network.
The use of encryption is second nature to an individual such as Bruce Schneier, but for the uninitiated it is a black art, especially the free versions of PGP. The commercial versions are better, but the problems such as key recovery and backup issues make this impractical for the vast majority of users.
Fred Langa runs the Langa List, which is a twice weekly newsletter full of tips and advice. This newsletter is targeted at the a user who has some familiarity and comfort with the operation of a computer, but it is evident that even these users would have difficulty in following the recommendations of Bruce Schneier, but Fred regularly gives relevant advice to try and demystify the process.
There have been suggestions, none truly serious, where a user would be licensed to get access to the Internet following a competency test. If that were to be followed through on, then the concepts noted in this article could form the basis for the practical examination portion where a user demonstrates that competency. Failing a licensing process, computer manufacturers, including OS, software and hardware need to change their products so that security, not usability are the prime concern.
At the opening of this commentary I note that Bruce Schneier failed to understand the nature of the problem. I think the problem of information security for the home user is a result of the complexity necessary for correct operation of current computers. The Macintosh clear has the lead in being the least complex with the most security. Windows has the highest degree of user desired functionality, mainly at the expense of those users security and privacy. Linux has the absolutely worst mix from the point of view of a consumer, in that it is complex in terms of both functionality and security. Both Windows and Linux have begun to address some of these security issues, but considerably more needs to be done before the goal of safe computing becomes other than a pipe dream.
However, in the case of his essay, Who says safe computing must remain a pipe dream? | Perspectives | CNET News.com I believe he fails to see what the real problem is.
First I agree with some of the recommended steps, while others I must also question. While it is not something that I do myself, I would agree that a normal home user should shut down the computer when it is not in use. His advice for laptops and PDAs is perfect. His advice on backups is also reasonable, though the expectation on how this is to be done is the crux of the real problem. The recommendation to limit the number of applications to only those that are actually used, and to keep them patched is ideal. The advice on browsers is also the same as what I recommend, not only for the home user, but also for the enterprise user. All ecommerce web sites should be used only after weighing the options, if it can be done easily offline then probably the security concerns should preclude doing it online, simply because even the best run, most secure site may give up critical personal or financial information of yours to a hacker, or you may mistakenly give that information yourself to a phisher. I agree with most of the advice about email except that I found Outlook 2003 to be acceptable. Each home user should have a firewall as recommended, but it is only the Window OS user who must pay, both Linux and Macintosh computers come with adequate firewalls for free. Even the newer versions of Windows, such as XP SP2 will have an almost acceptable firewall included. The rest of the recommendations may be good advice for a relatively experienced user, they are beyond the capabilities of most users to implement and follow.
Backups are more easily doable, by a home user, in Windows, than in any other operating system, but it is still too hard. Especially the process of doing a restore, when the inevitable happens. The backup and restore process was developed for the system administration professional, not for the home user. Performing backups in Linux requires considerable expertise, and is not possible on a Macintosh running OS X, without adding a third party product.
I use all 3 operating systems in my office, and have administered Unix system going back to 1985 in the enterprise environment. I actually decided to get very serious about information security when one of the first Linux computers I ever installed was hacked within 15 minutes of connecting to the Internet. My personal favorite OS is the Macintosh, especially from the point of view of security, but there is a significant premium at the entry level for the purchase of a Macintosh, in part because it contains a higher security value. I understand the recommendation to delete "command.com" and "cmd.exe", but would extremely wary of actually doing so, as these programs are not in themselves security vulnerabilities, and are in fact necessary tools. Similarly setting Windows Update to automatic is not a panacea as the process fails with a high regularity to correctly apply the necessary patches.
The advice on passwords is partially correct. It is nearly impossible to remember a truly secure password. I have to agree with Mr Gates here, passwords have past their best by date, but the technology to replace them is still some years away. So if a user creates a secure password, but needs to write it down the problem then becomes where to store it. It should never be in the same wallet as banking information, such as debit and credit cards are stored. Storing these items together is like storing a weapon with its ammunition - something is going to get shot, or substantial sums of money are going to be lost, which the bank will not replace due to user stupidity. Perhaps Bruce Schneier did not want to pump his own product, but he has created a password vault tool. I recommend you use it or something similar for storing passwords.
Every user should run antivirus software, and yes the updates should be installed as frequently as they are available. I object to the automatic update of virus data as the vendors are generally using tools to perform this update, which are themselves vulnerability vectors. Non-windows OS users should also run antivirus software, even if there are none or nearly no virus vulnerabilities in their OS, as a windows virus can be harboured in their OS and later transferred.
I disagree with the recommendation on antispyware software. There are not enough reputable firms participating in this effort and the ones that are reputable are not a complete solution. If the user does not know how to avoid spyware in the first place, they will not be able to adequately combat it even with the best of the current crop of tools. If spyware is a problem do not use that computer for any ecommerce or keep any information that is important or should remain private on that computer, or any computers also connected to that network.
The use of encryption is second nature to an individual such as Bruce Schneier, but for the uninitiated it is a black art, especially the free versions of PGP. The commercial versions are better, but the problems such as key recovery and backup issues make this impractical for the vast majority of users.
Fred Langa runs the Langa List, which is a twice weekly newsletter full of tips and advice. This newsletter is targeted at the a user who has some familiarity and comfort with the operation of a computer, but it is evident that even these users would have difficulty in following the recommendations of Bruce Schneier, but Fred regularly gives relevant advice to try and demystify the process.
There have been suggestions, none truly serious, where a user would be licensed to get access to the Internet following a competency test. If that were to be followed through on, then the concepts noted in this article could form the basis for the practical examination portion where a user demonstrates that competency. Failing a licensing process, computer manufacturers, including OS, software and hardware need to change their products so that security, not usability are the prime concern.
At the opening of this commentary I note that Bruce Schneier failed to understand the nature of the problem. I think the problem of information security for the home user is a result of the complexity necessary for correct operation of current computers. The Macintosh clear has the lead in being the least complex with the most security. Windows has the highest degree of user desired functionality, mainly at the expense of those users security and privacy. Linux has the absolutely worst mix from the point of view of a consumer, in that it is complex in terms of both functionality and security. Both Windows and Linux have begun to address some of these security issues, but considerably more needs to be done before the goal of safe computing becomes other than a pipe dream.
posted by John Davidson at 18:31
39 Comments:
This blog is awesome! If you get a chance you may want to visit this construction estimating software site, it's pretty awesome too!
You have a nice blog here. Did you know
there Is A 90% Chance That Your Computer Has AdWare Or Spyware On It Right NOW!
Spyware and Adware viruses have rapidly become the number one threat to your computer with over 90% of computers already infected. These include trojans, bugs, ad serving software, monitoring software and more.
I also have a adware bps remover spyware site-blog. It can help you find and get rid of spyware, adware plus other stuff pn your computer for good. Free downloads.
You should check it out if you get the time!
Hey, Just came across your making computer viruses in notepad blog. I also have a making computer viruses in notepad site that may interest your readers. Would love you to stop by for feedback
I like the page you have here. Check mine out japanese beauty product
I just came across your blog about adware spyware removal tool and wanted to drop you a note telling you how impressed I was with the information you have posted here. I also have a web site about adware spyware removal tool so I know what I'm talking about when I say your site is top-notch! Keep up the great work, you are providing a great resource on the Internet here! If you get a chance, please stop by adware spyware removal tool
Hey, you have a great blog here! I'm definitely going to bookmark you!
I have a window xp help forumwindow xp help forum site/blog. It pretty much covers window xp help forum Problems with your Windows Xp Computing !
Come and check it out if you get time :-)
I really enjoyed reading your Blog about sequin handbag. I also have a Blog/Website about sequin handbag come check it out!! Have a great day!
Congratulations Friend for your excellent blog on discount computer monitors!Keep up the good work!
If you have a moment, please visit my site:
discount computer monitors
I send you my warm regards and wish you continued success.
Have a nice day! :-)
You Friend
Thank you for information blog!!!
Medical Help!!
Data recovery is big business in todays way of life, DON'T BE CAUGHT OUT.
Link to my site: professional data recovery software
great blog!!
Great Blog!!
finderThank you!
I look for you as great as your work. Fine
resourse. I found your site suitable for another visit!
I want you to stop and compare with my site.
county foreclosure franklin home under
gambling roulette roulette roulette
syst
Thank you!
Hello...
I'm XRumer, where is my drink?!
http://www.google.com - Here or may be http://www.ya.ru - HERE?!
___
http://www.yahoo.com - my lovely site ;)
P.S. No crack's, hack, keygens, patch for free
Thank you!
[url=http://xkpbluxm.com/cnjb/dnib.html]My homepage[/url] | [url=http://nzqrtoub.com/jmci/kaep.html]Cool site[/url]
Great work!
My homepage | Please visit
Good design!
http://xkpbluxm.com/cnjb/dnib.html | http://prpelcme.com/woqz/smho.html
[url=http://sexogay.blogbugs.org/]sexo[/url]
[url=http://sexogays.blogbugs.org/]sexo[/url]
Hello sexy girls | sexy webcam videos | live chat xanax cheap xanax buy xanax online phentermine buy phentermine online phentermine cheap tramadol buy tramadol online tramadol cheap levaquin buy levaquin online levaquin cheap norvasc buy sex online
babe online casino online casino online roulette online blackjack online poker online phentermine online xanax xanax buy phentermine phentermine buy phentermine cheap | live chat
for fun
Hi
Adult live chat Alone on Valentine's Day?
Bye
Relax and enjoy
Casino
viagra
tramadol
cialis
Hi. Use this search engine for best result: BD search Find all you need in your area!
Enjoy
Tramadol, viagra
viagra
tramadol
cialis
Latest news. Viagra, cialis
viagra
cialis
tramadol
Latest news. Viagra, cialis
viagra
cialis
tramadol
Does your computer seem to be running slower than usual? Eliminate computer viruses forever
credit line report seasoned trade
;-)
Hi Blog mate!!
I hope you don't mind me blogging anonymously like this. I thought the blog was really cool. I am also into best online gambling.
I found another interesting website blog at http://gamblingwebsites.blogspot.com. I am constantly looking for ways of making extra money online and think that online gambling could be a way of doing that.
Cheers for now and keep up the good work!
Try linkreferral.com - free website traffic generating and promotion program
http://www.adquity.com
Classifieds for our community. Buy, sell, trade, date, events... post anything. Adquity Classifieds.
http://www.adquity.com
DOn't you know what else can help ? Because I do not know to whom address.
I was prescribed Carisoprdol which I bought here. But maybe I bought something wrong?
soma
soma
or here phentermine
I welcome you!..
All have other problems... Many have a health... But, unless probably to refuse a female body?
Welcome to sexy teens | movie pages | picture pages | webcam movie | adult friend finder.
Here pages devoted to health are published.
It is the large search robot, which can help to receive this or that information and as to get this or that goods!
Tramadol | Phentermine | Buy Xanax | Xanax and all that is necessary.
Up to a meeting on monitors...
You won?t believe your eyes, see the World?s best girls HERE! ...... Try to find sexy partner in your area !
- JOIN FREE - After free registration you can have unlimited access to the huge adult source.
ATTANTION ! Adult only !...... http://searchchat0.tripod.com
alaska airlines reservations
alaska airlines credit card
cheap alaska cruise
alaska cruise specials
alaska cruise diamond princess
alaska jobs
alaska marine highway
alaska real estate broker
alaska real estate for sale
alaska real estate agent
alaska fishing lodges for sale
alaska land for sale
alaska halibut fishing
alaska remote properties
wholesale glass pipes
wholesale replica handbags
wholesale fashion handbags
wholesale shoes
wholesale salon equipment
wholesale sunglasses
wholesale purses
wholesale lingerie
wholesale curtains beaded
wholesale baseball equipment
discount fitness equipment
weider fitness equipment
discount exercise equipment
baseball field equipment
youth baseball equipment
baseball equipment training
miscellaneous fishing equipment
childrens playground equipment
residential playground equipment
fastpitch softball equipment
wholesale softball equipment
hertz equipment rental
commercial gym equipment
discount gym equipment
Blog about home for sale bakersfield california
Hi
Enjoyed the blog - nice to see someone else has activated their anonymous feature ;-)
I'm interested in investing in the real estate market in the US and am looking for some really cheap repossession properties in Miami, Florida, California, New York, Washington, Dallas, Texas, Chicago and Los Angeles. I've found a couple of really good sites - Bargain network which has some really cheap homes and Texas Ranches for sale - ranches in Texas plus both sites have beachfront villas and cars that have been repossessed and are really cheap!! Just wondering if there are any more sites like this.
Thanks for this.
John
cheap discount airfare
student discount airfares
cheap last minute discount airfare
travel europe airfare discount
international discount airfare
discount airfares air travel finder
first class discount airline tickets flights
cheap air flights discount airline tickets flights
european discount cruises
oceania discount cruises
murrays discount auto parts
discount golf shoes
discount dansko shoes
discount merrell shoes
It was a perfect place
discount motorcycle tires
cheap discount airfare
student discount airfares
cheap last minute discount airfare
travel europe airfare discount
international discount airfare
discount airfares air travel finder
discount airfare europe
military airfare discount
first class discount airline tickets flights
cheap air flights discount airline tickets flights
discount airline tickets argentina brazil
discount military airline tickets
european discount cruises
oceania discount cruises
cheap discount london las vegas hotels
military discount travel
canadian discount air travel
discount international air travel
cheap air flights airline discount central
military discount flights
discount international flights
discount auto parts
discount golf shoes
discount running shoes
discount designer shoes
discount dansko shoes
discount vans shoes
discount dance shoes
discount merrell shoes
discount womens perfume
discount designer perfume
discount yankee candles
discount coach handbags
discount prom dresses
discount comforter sets
discount ammunition
discount student plane tickets
discount coach purses
discount wedding dresses
discount fitness wear
discount spa apparel
discount yoga apparel
discount wedding gowns
discount laminate flooring
discount hardwood flooring
discount bamboo flooring
Your attention is gold
Hey, while searching for widgets for my blog, I stumbled upon www.widgetmate.com and wow! I found what I wanted. A cool news widget. My blog is now showing latest news with title, description and images. Took just few minutes to add. Awesome!
Post a Comment
<< Return to Thoughts on Security Home