Digg this story   Add to del.icio.us   (page 1 of 2 ) next 
Who's to blame?
Kelly Martin, 2005-07-05

If there's one thing the security industry is really good at, it's pointing fingers. We all like to say that, "security starts with you," so that everyone can share a piece of the mud pie. While we're pointing fingers, let's look at a few groups and individuals and see how they can share the blame for their own insecurity - and prevent the spread of viruses, Trojans and worms.

Individuals and small businesses share the blame

In this instant-on, instantly-available world, the best thing many people at home can do (besides ignoring the next virus received in their email) is to simply turn their computers off when not in use. It sounds oversimplified, but it works.

Years ago, about ten thousand people asked me if they should turn off their computers at night, or keep them running. I made the mistake of telling them that I never turn off my machines -- but then, I run half a dozen Unix-like servers spread across several countries. After friends, family and one computer-touting unemployed man on the street have effectively been online 24/7 and infected with worms, I regret to admit that I was wrong. Power up your computer, check your email, surf those nefarious websites that you love, and then power down. Disconnect gently from the network.

Left to its own meanderings, your Windows computer is not to be trusted. Don't do any online banking unless you have a router, a firewall, the latest anti-virus, the latest Windows patches, the latest Windows OS, three anti-spyware applications, and you fully understand what "phishing" means. If you don't know what these are, what you're doing or how to properly configure, secure and operate your own server, turn your computer off. Or buy a Mac or Linux desktop and slip under the radar.

There are always people who should have their Ethernet cables cut with a pair of scissors when they purposely seek out spam, download accelerators, useless toolbars, porn, warez, serialz, make-money-fast schemes and such... they contribute greatly to the botnets and spamnets of the world, but that's another story for another day. Just because one can afford a fast computer and a broadband connection, it doesn't mean he has any idea what he's doing - like the guy who can afford a Ferrari and then slams into the back of a bus.

Small businesses and non-profit organizations can do wonderful things to secure their networks from viruses and worms. I signed up at the YMCA gym the other day, and noticed that they store my credit card information in their computers. I glanced over and saw a DOS-like screen, and gave out a huge sigh of relief. The technology they use predates the Web by about ten years, so the odds of them having Internet access at this gym are slim-to-none. Excellent. The only way into those computers, then, is to arm-wrestle my personal trainer during business hours and get physical access to the machine. For the sake of security, sometimes retro technology that's disconnected from the network is best. Of course they could be running Windows 3.11 and have TCP/IP, but it seems unlikely.

ISPs share the blame

It's not realistic to expect most people to disconnect from the Internet - after all, what on earth were computers used for before the Web? Many people are not sure. Business things. Spreadsheets and word processing, oh and games too. If the Internet is now ubiquitous and owned by nobody, then it's the ISPs who should play a major role in securing their chunk of the network.
Story continued on Page 2 



Kelly Martin has been working with networks and security since 1986, and he's editor for SecurityFocus, Symantec's online magazine.
    Digg this story   Add to del.icio.us   (page 1 of 2 ) next 
Comments Mode:
Who's to blame? 2005-07-05
Anonymous (1 replies)
Not to mention off-site backups 2005-07-07
Anonymous
Who's to blame? 2005-07-06
Anonymous
Who's to blame? 2005-07-06
vinicius
Outbound SMTP port 25 2005-07-07
Anonymous
Who's to blame? 2005-07-09
Anonymous
Who's to blame? 2005-07-09
Alexey Vesnin
Old OS versions. 2005-07-11
Roger
Who's to blame? 2005-07-13
Anonymous


 

Privacy Statement
Copyright 2010, SecurityFocus