Are the Days of Individual Security Over? 125
angry tapir writes "People solely relying on patching and upgrades are lulling themselves into a false sense of security, and individual protection is no longer sufficient in the age of multi-vector attacks, according to the president of the Australian Internet Industry Association. According to AIIA's Peter Coroneos, vendors need to intervene at the network level and provide security tools at multiple levels to help secure people from the variety of threats that are emerging."
Oh and by the way..... (Score:4, Interesting)
"After you secure your network Mr. ISP, remember to filter out these websites." (hands over blacklist including playboy.com, domai.com, etc)
My personal security firm (Score:0, Interesting)
... is Smith and Wesson.
cheap, effective, and protected by the U.S. Constitution.
What a world (Score:5, Interesting)
I'm pretty sure we all know the score here. We know who the bad guys are and what they are after. We know who the vendors of the platforms being exploited are and why they aren't or can't be patched. We know why end users continue to pretend they don't know or understand what is happening or what they can do to prevent it.
I just wonder what things would have to happen to overcome all of this crap? Will there have to be a cyber 9-11 attack somewhere to wake everyone up?
The other day, a person I went to some classes with called me and told me she "got a virus... or several viruses." I invited her over and she brought her laptop with her for me to examine and clean if possible. She was afraid to turn it off. But what was refreshing to me was the fact that she did everything right.
1. She went to another computer and changed all of her on-line passwords -- banking, insurance, bill paying, email, everything.
2. She ceased all work and use of her computer immediately.
3. She was using a browser that wasn't MSIE.
What I saw what just about what I expected to see. A window that was decorated to look like a Windows window "running a scan" and reporting several infections all over her computer. Problem was, since she was using something other than MSIE, the window wasn't manipulated to hide the URL this was supposed to be coming from... showed to be somewhere in eastern europe. A dialogue box was up with two buttons -- both of which lead to downloading an EXE file. And had this been MSIE, I had no doubt that the machine would have already been compromised -- seen that too many times. And oh yeah, all of this continued to work despite that she wasn't connected to the internet at all. Fascinating stuff and kinda pretty.
Still, I booted one of my machines over to Windows, updated everything and AV signatures too. I pulled her hard drive and connected it to a USB adapter and connected it to my computer to perform a scan. After a very long time, nothing showed up leaving me 98% certain that all was well and that nothing had happened to her machine.
Still, she doesn't fully understand the technologies but she at least listened to advise to not run MSIE on the WWW and to stop using her computer and to change her passwords from a different computer. How many people do you know would do that? I don't know too many... in fact, she was the first. I had another classmate who had a similar problem and she was terrified but she KEPT USING HER COMPUTER. I was like "uh.... okay... these are the risks... it's on you now."
Motivations and desires push people to do things, often stupid things, in spite of their knowledge of the risks involved. AIDS is still alive and killing for that very reason and so is drug-pushing spam. (Though lately, I have seen a LOT less of that... actually, none... either my filters are learning way good or there is simply less of it out there and what is out there is being caught.)
In a perfect world, Microsoft would abandon its Win32 and create a new OS based on BSD like Apple did. We would still have reasons to "hate" on Microsoft and they would still find ways to screw things up I am sure, but a better OS is definitely needed for the world and if it ain't going to come from Microsoft, I find it hard to imagine where it would come from in the near future.
Re:More weasel words? (Score:4, Interesting)
Ask yourself: what are these security tools capable of doing *besides* stopping viruses?
Exactly. And yet they can give a user a false sense of security, so I dare say "security provided by ISPs" could even be part of the problem.
Have the days of individual security ever begun by the way? People "solely relying on patching and upgrades" were always lulling themselves etc., just not for the reasons suggested by Mr Moroneos: and not necessarily for Windows only (one word: rootkits), although it heroically stands as the most exploited target. Some of the worst threats are still represented by bad password policies -- or no password policies at all -- and vulnerability to social engineering. 15 years ago it was not called that, but there were examples in the wild back then. (What I recall on the fly is ILoveYou, but I'm sure somebody less lazy than me can come out with other examples from 1995-ish.) Some people will click the wrong link, open the wrong messages, etc.: ISPs cannot correct people's behaviour, unless in the horrific ways we can all imagine (see several of the comments here.)
Or is there something in TFA I didn't get? I confess the word "cloud" repeated every other line gave me a hard time understanding what the hell he was talking about.