Secretmaker - "all-in-one" security solution?

[Synja]

Security comes from the OS (and the user to a lesser extent), always has, always will.

If you look at the popular "security" programs that really take proactive measures... they do nothing more than adjust the manual settings that may be hard for the average user to find.

If you look at the "immunization" option in SpybotSD, all it really does is create system settings that prevent certain IP/hosts from being accessed, and denies all cookies from certain sites. There is no reason you can't do this on your own, it just makes it easier.

Bastille-Linux as another example. All it does is create the settings that will protect your computer, it doesn't "add" anything except a few cleanup scripts. All it does is changes the defaults to more restrictive settings. Sometimes causing unexpected side effects... but usually doing a good job.


There are a myriad of tools and preset configurations you can install, from a custom hosts file, to the NSA's Security Configuration Templates

There is not a single thing that can't be easily done by a competent user without the use of external tools.

My point is, that if you want security, you have to look at the system, not what you can download for it.

[Maverick811]

Originally posted here by Synja
Security comes from the OS (and the user to a lesser extent), always has, always will.

If you look at the popular "security" programs that really take proactive measures... they do nothing more than adjust the manual settings that may be hard for the average user to find.

If you look at the "immunization" option in SpybotSD, all it really does is create system settings that prevent certain IP/hosts from being accessed, and denies all cookies from certain sites. There is no reason you can't do this on your own, it just makes it easier.

Bastille-Linux as another example. All it does is create the settings that will protect your computer, it doesn't "add" anything except a few cleanup scripts. All it does is changes the defaults to more restrictive settings. Sometimes causing unexpected side effects... but usually doing a good job.


There are a myriad of tools and preset configurations you can install, from a custom hosts file, to the NSA's Security Configuration Templates

There is not a single thing that can't be easily done by a competent user without the use of external tools.

My point is, that if you want security, you have to look at the system, not what you can download for it.

I agree with Synja - when I do system lockdowns, it consists of mostly making registry changes, implementing certain security policies by using either secpol, domain security policies, etc. I feel you can properly configure a system without the use of third party software in an effort to secure the box.....

[Negative]

My point is, that if you want security, you have to look at the system, not what you can download for it.

And what you keep forgetting is that you cannot expect the average user to "manually" secure his or her system. I think we can all agree that a Windows-out-of-the-box system isn't exactly fit to go on the Internet (although it's getting better). It's a fact that a few simple settings can vastly improve your security (aren't you writing a tutorial on that subject?) - why not have an automated tool that changes those settings? Or are you hoping that the average user will read and implement your tutorial?

[Synja]

It's a fact that a few simple settings can vastly improve your security (aren't you writing a tutorial on that subject?) - why not have an automated tool that changes those settings? Or are you hoping that the average user will read and implement your tutorial?

Yes, I am writing a tutorial on that, I have had a few delays, but it is getting done.

My issue with the one size fits all tools is that they miss quite a bit in many cases, and it doesn't *teach* the user anything. The user stays blind to the way the computer works. That is why I am writing the tutorial, and posting it on a variety of sites. (I am posting a link to it and hosting it on my server to prevent copyright and ownership issues).

Many security settings are not difficult to implement, and a user who has had even a small amount of experience should be able to manage it. THis is why I am writing the tutorial. The user doesn't have to be scared of system settings or the registry, they just need to pay attention.

Look at me... I have never had any formal training, everything I know was learned from books, forums, tutorials, and just playing around. If my drunk ass can do it, the average user sure as hell can.

[Negative]

Ah... but the average user does not WANT to have to do it
The average user does not WANT to be taught - he wants to turn on his computer and use it, and I don't blame him. I want to drive my car, and I couldn't care less about what goes on under the hood. If my car needs to have some bolts tightened after every hour or driving, it better do it automatically (I may want to push a button to do it), but getting under the hood?

[Synja]

Ah... but the average user does not WANT to have to do it
The average user does not WANT to be taught - he wants to turn on his computer and use it, and I don't blame him. I want to drive my car, and I couldn't care less about what goes on under the hood. If my car needs to have some bolts tightened after every hour or driving, it better do it automatically (I may want to push a button to do it), but getting under the hood?

But, as long as you brought up the car analogy...

You change your oil every 3000 miles?

You get new tires every 50,000?

You perform all the prescribed maintenance, either through your own means or by hiring another entity to do it?

If the user does not want to do it themselves, they need to have someone actually do it for them. You wouldn't take your car to a shop that just dumped more oil in it? You'd take it somewhere that would inspect and correct.

[Negative]

The difference with the car is that all cars fresh from the manufacturer are safe to drive

I think an all-in-one-tool is an excellent idea. Rather than having to go into the registry, give the user a button to click; with an all-in-one-tool: give him one simple button to click, and all those settings you're going to describe in your tutorial are implemented. That's something the average user can do, and probably will do. But going into the registry? Or having it set up by a professional? People don't have computers serviced... they have them fixed when they break down

[Soda_Popinsky]

Ok, so the average install gives you an administrative account to use. That's well known, and why mostly everyone on Windows uses the admin account for everything.

So what's so hard about creating a tool that checks for patches, (enables auto update for grandma), enables the firewall and creates a user account, then spits you into the user account when finished?

[Synja]

The difference with the car is that all cars fresh from the manufacturer are safe to drive

Shall I quote the safety recalls of the last however many years? Spontaneous engine fires, faulty seatbelts, etc?

[Negative]

American cars aren't cars... they don't count