April 28th, 2003, 05:54 PM
I don't think I understand you amanda... your analogy is kinda wierd. First off, there was an intial preventalbe occurence, whether it was the drivers fault or some drunk guy at the intersection. We have also never mentioned outside damage, we're talking about the owner the 'people in the car'. Changing your current analogy to reflect this would end up more like this:
The people in the car have a massive leak in their brake system and know it, but they decide it's not worth getting it fixed as the cost of a new master cylinder, a few hoses, and a rear brake thing (I'm not an auto mechanic) costs mutch more than a bumper and maybe a side panel (i.e. their underestimating the possible damage). They proceed with life as usuall and their brakes happen to go out right in front of a local mall while their traveling at about 35. Luckily they hit a store with few people and only two people suffer minor injuries.
Suddenly Wazz ( ) appears out of nowhere and says "You guys really should have gotten your brakes fixed"
Now, does anybody disagree with him? I don't... You are correct in pointing out the flaw in Wazz's initial views, it's pretty twisted, but you're argument is also flawed.
April 28th, 2003, 05:55 PM
ParaNoia (hehe) can be a good thing, but you have to know the balance between security and Encasing your computer in cement, it's been talked about before, security is a must these days, but don't go over board...find something that you like and that works, and stick with that, if you feel it isn't enough, get more.
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
April 28th, 2003, 06:42 PM
Hummmm..... Im sorry. I find car wrecks and burning buildings to be more exciteing sometimes. Errrr... anyways...
My point was if some admin becomes lazy and sees no need in AV/FW and lets the rest of the world suffer due to his lazyness then the real victum is those who take the most damage. I would set some of the blame on the admin for not haveing any AV/FW/brains/ however most of the blame should go to the kiddie for useing the box to launch attacks in the first place. But im not going to sit back and say things like you should have been prepared for just about anything out there but you weren't so you deserved what you get.
April 28th, 2003, 07:51 PM
Unfortunately most of the systems we see DDOS and other zombie processes coming from are home users that don't know the first thing about security (and are usually too afraid of the computer to care). Personally I think the blame lands on these groups in order of magnitude.
Originally posted here by Amanda
I would set some of the blame on the admin for not haveing any AV/FW/brains/ however most of the blame should go to the kiddie for useing the box to launch attacks in the first place. But im not going to sit back and say things like you should have been prepared for just about anything out there but you weren't so you deserved what you get.
1. The broadband ISP (a lot of times these idiots not only don't tell their customers about security programs, they actively discourage the use of firewalls on home machines.)
2. The hardware vendor for not bundling AV and personal firewall programs in the system
3. The script Kiddies
4. The user especially after they drop 100+ on a virus repair and still refuse to secure their system.
April 28th, 2003, 08:52 PM
Everyone has made some very good points......Ignoring the issue or thinking you are not vulnerable, I still say you are asking for it. People that don't know squat about computers or security, I feel bad for......
"It is a shame that stupidity is not painful" - Anton LaVey
April 28th, 2003, 10:44 PM
There's alot to be said for changing your motor oil, locking the doors at night, etc., etc. (if it gets broke/deleted/dented/scratched/or just opened up, who is to blame?) not I. In reading the posts, there are alot of valid opinions out there, just as there are a lot of solid(ok, sort of), dependable firewalls, most of which are pre-loaded as Trial software with a new OS or Machine. The inability of the masses to stop ignoring the warning signs,like pop-ups or worse, when your files are nuked, do deserve what they get. Shareware to start, save some cash, learn it up, learn some more, then get what your OS will work and love with. Unfortunately, there will always be the 10%'s.
[glowpurple]Outside of a dog, a book is man\'s best friend...[/glowpurple] [gloworange]inside of a dog, it\'s too dark to read...- [/gloworange] [shadow]Groucho Marx[/shadow]
April 29th, 2003, 12:36 AM
"The customer only found out when the attacker was done playing with the backdoors and remote control utilities and decided to start messing with stuff... Then the poor unsuspecting customer is left to deal with the likely $100+ bill for the repair of thier OS and
restoration of their data, if that's even possible."
If the pc was attacking other people or launching serious denial of service
attacks more headaches besides a $100 bill the authorities might visit and
ask serious questions they may take the computer to examine the drive
& the customer has to prove he or she wasn't behind malicious attacks
to his/her ISP security team they could suspend the service while they
investigate & oh yes and what about other victims who were attacked?
if the source was very incompetent with his or her security what's to stop
them from launching a suit to recover at least some of the damages
they suffered if they were mauled? it's like if they can't have the crackers
head they'll be looking for someone to burn at the steak and they'll
get there vengence one way or the other theyre not going to care
if he did it or not.
April 29th, 2003, 03:21 AM
I know this is a known fact and I know I've said this, but as stated by the Unix System Administrator's Handbook, "Security = 1 / Convenience". People buy computers for convenience. The ability to "surf the net", to "chat with their friends online" with their AOL accounts (not a trash on AOL but because a LOT of packaged machines are peddled with AOL), homework usage for their kids (even though their kid will learn more in five minutes than they ever will), keeping account information (Quicken and the like) which is now so much easier due to software automation (Turbo Tax, etc)...
That being said, the real problem lies with the fact that a majority of these people who either think they don't have anything worthwhile on their machine or just simply don't know is the lack of education. Nobody tells them what they should do, they don't want to take classes (my mom for example), they don't have the ability to sit down with it and just screw around with it because their mentality consists of "I'm afraid I'm going to break something". After their workday is over, they simply want to come home, veg, do whatever they want to do with their family, friends, etc....and more than likely, 90+% of the time, that means the computer they store their bank info, tax info, and whatnot on sits in the corner and is last on the list for "Things to do".
If people would sit down and educate themselves for 5 minutes (nobody is SO busy they can't spend 5 minutes educating themselves or others), it would make a world of difference. If people that DO know would spend 5 minutes answering someone's question, clarify an issue, or simply show someone the RIGHT way to do something...man, I can imagine the internet world as a whole new place!
Pass on anything you know, common sense things you would do for your own machine but someone else wouldn't think of, let people scour your brain for knowledge. Because, God knows, they're effectively helpless in the internet age and without proper knowledge of their machines and how to just do simple tasks and maintenance, they're unarmed for these things. I've never withheld any information from someone who asked me something relating to computers and I've seen it get passed around and built upon and betters things are done because of it.
I've seen 10 people walking in a group down a street that had trash on it (this was an exercise). Every person picked up one single item of trash and threw it away. Just by those 10 people doing that, the street looked better. Imagine the possibilities...
After all, it's like letting a car out in traffic. It takes you 10 seconds to do, and chances are, you'll see your good deed being passed along.
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
June 4th, 2003, 04:16 PM
So true. My entire immediate family knows nothing and doesn't want to know anything(about comp security). If it weren't for my paranoid nature, all their boxes would probably be DDoS zombies or something equally ungroovy. As it is I can name about ten or so people who are above average intelligence and yet, refuse to take the time to learn how to use their OS properly, much less secure their box.
If people would sit down and educate themselves for 5 minutes
Sorry that was a bit of a rant, in short, I agree with Vorlin.