On TechRepublic: Why Android beats iPhone
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 33 of 46:
Next »
« Previous
You're still wasting you're time.
In the Special to ZDNet, 27 February 2002, 'What harm could come from cyberterrorism?' by David Morgenstern, http://www.zdnet.com.au/news/security/0,2000061744,20263719,00.htm, I was quoted as saying:

"You're wasting your time, IT just hasn't evolved enough yet. We do an awful lot of whining about the problem of IT security, but most of us haven't a clue [about] the heart of the problem" [there's more....]. I believe this statement to be still very pertinent, as little has changed, if anything intrusions have gotten worse.

Since the time I wrote that some fifteen months ago, I've seen essentially no significant improvement in the security of Windows operating systems. In fact, my experience has been the opposite, even with protection software such as Kaspersky AV, ZoneAlarm Pro, Ad-aware and its cleaver Ad-watch, Spybot Search and Destroy, HijackThis, Spyware Blaster, and Shell Objects Editor etc. I still spend half my time on the Net in full defence mode--manually clearing out the IE's cache, modifying ZoneAlarm's convoluted permissions on-the-fly, checking Windows system32 directories etc. and yet I still get clobbered or regularly spied upon.

Before going onto the Net one has to prepare for battle, especially if one is going to do some extensive Googling that might land one into rather suss places. It's a risky business, and one mustn't go to such places without one's helmet and sword and be fully psyched up to do battle.

Taking proper precautions are absolutely necessary, for instance it's essential to have the telephone cord in a position where you can yank it out of the wall socket--this much quicker than trying to rely on ZoneAlarm's brain-dead 'Stop' button to disconnect one from the Net (it hasn't a hot key associated with it, you have to open ZA first which is very time consuming when your vital data is being syphoned down the tubes).

Furthermore, I regularly have to give permission to my firewall (ZA) to let a program have access to the Internet, but in so doing I have no idea what data is ACTUALLY being sent. THE FIREWALL DOESN'T SHOW YOU THE DATA *BEFORE* IT'S SENT, SO ONE'S FOREVER LEFT IN THE DARK AS TO WHAT ACTUALLY GOT SUCKED OUT OF ONE'S MACHINE. This situation is simply a disgrace, and Microsoft and ZoneAlarm et al have let it continue without any effective remedy for years!

Nice tight permissions regularly have to be undone to get anywhere on the Net. Even to post this note to ZDNET I had to seriously reduce my Internet security, otherwise, the site wouldn't let me in. I had to:

* Reactivate Java
* Accept embedded objects (Java bits)
* Accept mime and integrated objects
* Accept cookies
* Modify my host file (swap a tight one for a sloppy one)

before I could actually post this note to the Net!

When reputable companies such as ZDNet make it difficult for one to lock everything down securely then the problems inherent within Microsoft's Swiss-cheese code are only compounded. This locking down and unlocking makes people sloppy, they let their guard down and leave many of the locks off for the sake of sheer utter convenience. And, of course, that's a recipe for disaster.

Until the honest operators stop forcing users to accept Java, scripts, embedded objects and require them to modify their host file etc. just to get access to many sites on the Net then security will improve very little.

Moreover, until Microsoft modifies its operating systems so that operating system files, programs files and user's data files are truly quarantined* from each other--both within the operating system and on the Net--and that this distinction is supported with proper kernel-level authentication systems then just making the mote bigger isn't going to stop the plague fleas from entering your castle.




Grahame Wilson
wilsongr@ozemail.com.au.




* OS, program and user data files should be truly different from each other, a Chinese wall should separate them. At the most fundamental level, this would prohibit data moving between the different file types. For instance, an incoming virus masquerading as text or document file couldn't be executed as a binary file as the operating system would recognise its structure as fundamentally different to user data. Similarly, that incoming executable couldn't replace an installed executable unless it was properly authenticated--that's to say clicking a bogus attachment just simply wouldn't nor couldn't work. This requires some fundamental rethinking, so it's not going to happen anytime soon, methinks.
Posted by: Irritated User   Posted on: 07/02/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Have you tried Netscape  waicri@... | 07/02/04
Exactly  llamee | 07/02/04
Do you run the latest version?  AxleMunshine | 07/02/04
Have you tried Netscape  mystic100 | 07/02/04
Netscape has had more than it's fair share of problems  balsover | 07/02/04
Netscape 7.1 is OK but  Bill4 | 07/03/04
MS and keystroke Loggers  amaughan | 07/02/04
So how did you know you were Jacked ?  stephensfam | 07/02/04
Alternate Browsers  don.chambers@... | 07/02/04
Never Happen.  jmervyn | 07/02/04
No Outbound Block sad & Firefox 0.9 happy  tbbrickster_z | 07/02/04
browser vendor may not matter  GDF | 07/02/04
Microsoft should improve application security  alan maughan | 07/05/04
Point of Order - outgoing connections & startup control  jpivonka@... | 07/06/04
The solution is so easy and enjoyable...  MTMacPhee | 07/02/04
but _NOT_ on your wallet!  riff7raff | 07/02/04
$2000 is too much?  Wings_z | 07/02/04
Those aren't all the costs  home_user | 07/02/04
As wings says, get an eMac  MTMacPhee | 07/02/04
The cost of changing to a Mac is more than just the list price  balsover | 07/02/04
I'm da man!  MTMacPhee | 07/02/04
re: da man  home_user | 07/02/04
They don't?  MTMacPhee | 07/02/04
Linux & Mozilla a safe haven for now..  riff7raff | 07/02/04
Linux & Mozilla a safe haven for now but...  dave_anderson99 | 07/02/04
May be u r not old enough  laci2126 | 07/04/04
...for now but they will always be safer than any M$ product ...  indigo_z | 07/05/04
Keystroke Loggers, etc, ad nauseum  Wings_z | 07/02/04
Palladium  PB_z | 07/02/04
Irresponsible journalism  bullwinkle_z | 07/02/04
Nonsense!  jpivonka@... | 07/06/04
Why outbound filtering is a waste of time  JohnJ_z | 07/09/04
You're still wasting you're time.  Irritated User | 07/02/04
Dave, you are the one that needs a realilty check  balsover | 07/02/04
Using "something called a port"? Really!  jpivonka@... | 07/06/04
I Agree  chapgen | 07/02/04
Too Late!!!  Andre Velloso | 07/03/04
Too Late!!!  Andre Velloso | 07/03/04
Is it, or is it not? The true fate of the ICF's outbound connection control  jpivonka@... | 07/06/04
Not  JohnJ_z | 07/09/04
Outbound blocking? BAD idea.  syrynxx | 07/06/04
Outbound blocking is a good idea, and easily managed too  jpivonka@... | 07/06/04
Outbound blocking -- irrelevant idea  JohnJ_z | 07/09/04
Properly configure your IE browser!  AlmostBandwidth | 07/06/04
microsoft wish  spam@... | 07/08/04
For ANDRE  Fabulous | 04/19/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline