lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: david.vincent at mightyoaks.com (David Vincent)
Subject: [OFFTOPIC] Zone Alarm 

> The users bought a car.  Is it too much to expect that they 
> drop some cash to buy bumpers, seat belts, and air bags to
> protect their investment?  They don't have understand HOW
> those work(*), only that it does.
> 
> Like it or not, the computer industry has collectively 
> avoided any sort of liability - in most other industries,
> selling something so deficient that there's a *market* for
> the equivalent of ZoneAlarm would get you sued to your
> skivvies quite quickly.  Cars come with safety features, 
> electrical devices carry a UL sticker, and so on.

the user's car came with these safety features, because the market demands
it, no one will buy a car without bumpers/seatbelts, and the law requires
it.

if all you ever do is buy your computer, use it for word processing and game
playing, without hooking it up to the 'net, you're fine.  almost completely
secure (of course, warez can come with viruses attached, and every so often
a product gets released with a virus already infecting the CDROM.)

the computer doesn't come with all those features because the computer you
buy is a general purpose machine, and not meant for hardcore internet
use/security.  and the law doesn't require it.  well, the windows/lindows
machines anyways.  think market share...

once you want to hook into the wild world of the internet, you need to
become informed of the implications of your actions.  you need to know that
people will be looking for open shares/weak services/any foothold they can
find to get into your box.  much like when you take your car off your
property or out of the parking garage in your apt. building you need to know
that people will more than likely try and get in and rip you off.  you need
to know certain "best practices" to use, like not leaving loose change on
the dashboard, and not leaving expensive things like laptops etc. in a
visible spot thus enticing more abuse.  you need to know that certain cars
are more likely to be broken into (like the dodge caravan a few years ago)
and depending on what you drive you are more at risk.  much like taking a
win9x box on the net vs. whatever you think is secure.

due to market demand, windows xp and server 2003 come with a built-in
firewall, and it does a pretty good job of defending against the kiddies.
much like the locks on my car do a pretty good job of keeping ppl from
hopping in and driving off.  the xp/server 2003 firewall does not have
application layer protection, but you can bet if the market yells enough or
if enough other personal firewall software includes these options, microsoft
will incorporate that feature in a future release.  this is arguably the
same as my using "the club" on my steering wheel.  it is enough to keep the
random people out.  it is not enough to keep away a targeted attack.  see
the club buster:  http://www.clubbuster.com/clubbuster.htm

however, if your vehicle/computer is attractive enough to someone, they WILL
find a way in.  you can count on that.  with lots of time and patience, lots
of things become possible.

zone alarm is good enough for an average home user.  it will give them peace
of mind, do a decent job of stopping incoming attacks.  of course there are
better products out there, kerio and sygate come to mind.  zone alarm is the
most popular probably because steve gibson endorsed it when he setup his
shields up site, i bet the screen savers from techtv recommend it too.
personally, i hate the interface.

in the same way i take my car to the mechanic whenever it makes strange
noises, users need to be aware that their computer could use some love from
a professional (and i do NOT mean the neighborhood teenage geek who thinks
he/she's hot shit and can do it all).

yes, hardware firewalls do a better job of securing a network rather than a
single machine.  yes, dsl routers do a good job of protecting users too.
yes, zone alarm when properly configured is really good software considering
we're talking about the free version (at least, i am).  security is more
than one layer deep.  using multiple layers will protect you better.  if you
think of attacks in percent probability, it gets harder and harder and more
and more expensive to secure the last few percent and become 100% secure.
you have to sacrifice something to achieve that.  try unplugging the
ethernet cable.  you become 100% secure against internet attacks, but you
need to sacrifice usability in an extreme way.

what we, and all our users need, is more education.  always more education.
and patience, tons of patience.  especially us when we are talking to our
users/lusers/grandmothers.

we need more education about everything we use daily.  we need full
disclosure.  and not just about the latest windows flaw, about everything we
depend on.  i bemoan my knowledge of cars, i suck.  i really do.  but i take
every opportunity to ask questions and learn when i can.  i am constantly
reassuring the relatives i support as well as the other users, and
encouraging them to ask me questions.  then i try and do my best to explain
it back to them in terms they can understand.

(the other day i read something about exploding gas tanks on crown victoria
cars, how many cops do you know who drive those things?
http://www.crownvictoriasafetyalert.com/aboutCVPI.html "These Crown
Victorias are the same as the cars driven by consumers, except Ford
advertises them as being specially built for the unique conditions demanded
by the law enforcement profession. In reality, it uses a standard civilian
fuel tank. Ford admits there have been more fire deaths in the Ford Crown
Victoria than in the Ford Pinto before it was recalled.")

the real trouble is, folks like my grandmother are SCARED to learn.  and
SCARED to try something new.  they are EASILY social engineered.  if
SOMEONE, ANYONE who LOOKS like they know computers and SOUNDS like they know
computers tells them "use zone alarm, it will prompt you whenever a program
tries to get to the internet.  just let it through and eventually you will
not get propmted anymore." they are HIGHLY LIKELY to follow that advice and
feel secure and never think twice until the damn thing is crashing all the
time and as slow as dick clark's aging process.

i conclude...  learn.  teach.  ask.  be patient.  have respect.  be tolerant
of other ideas.  learn to recognize when you are wrong....

...and give peace a chance.

...and lets stop all this fucking swearing goddammit!  oh my virgin ears!

-d

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ