Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security IT

Are the Days of Individual Security Over? 125

angry tapir writes "People solely relying on patching and upgrades are lulling themselves into a false sense of security, and individual protection is no longer sufficient in the age of multi-vector attacks, according to the president of the Australian Internet Industry Association. According to AIIA's Peter Coroneos, vendors need to intervene at the network level and provide security tools at multiple levels to help secure people from the variety of threats that are emerging."
This discussion has been archived. No new comments can be posted.

Are the Days of Individual Security Over?

Comments Filter:
  • There's no such thing as 100% secure.

    Film at 11!

    • Re: (Score:3, Insightful)

      by HungryHobo ( 1314109 )

      the solution?
      A monoculture of course!
      and telling everyone that *someone else* is handling security for them.

    • by Weezul ( 52464 )

      I'm convinced this article is simply FUD meant to push the insane content filters so desired by Australia's political class. You'll notice the site's name in cio.com.au. As pointed out down thread, the article basically proposes using "industry standards" as an end run around the legal hurdles Australian's leaders have encountered while trying to copy China's "Great Firewall".

      We had another recent article explaining how the NSA decided that preventing intruders was impossible, instead concluding that secu

      • by anegg ( 1390659 )

        I agree that the article cited is of questionable value and use. However, I'm not sure EMV is the best example for demonstrating improved security through a modified end-user experience.

        EMV may improve security some, but more importantly for the purveyors, it shifts liability... from Wikipedia "The supposed increased protection from fraud has allowed banks and credit card issuers to push through a 'liability shift' such that merchants are now liable (as from 1 January 2005 in the EU region) for any fraud

        • by Weezul ( 52464 )

          Interesting. Imho, any merchant not employing reasonably up to date fraud prevention system should be liable for more fraud. It's obviously evil to shift the liability onto the card holder though since liability was the only benefit they brought to the table to justify their transaction fees. If they really shifted off all their liability, we should all be switching to systems that exclude them, like bitcoin [bitcoin.org] or even ripple [wikipedia.org].

      • But I hope you do not imply that "Chip & PIN" are secure. It's better than the old system, granted, but this "better" is like the "better" you reply to the question how you're feeling after you've been at death's door.

        • by Weezul ( 52464 )

          In fact, another commenter pointed out that "Chip & PIN" is not universally better than the previous system because banks used it to push through liability for merchants who didn't use it. It's true however that the user experience of credit crds made any secure framework impossible.

      • I'm convinced this article is simply FUD meant to push the insane content filters so desired by Australia's political class

        The original statement is from the AIIA (Australian Internet Industry Association) which is made up by Australian ISP's (private companies) not the government.

        Secondly, the AIIA have been instrumental in blocking some of the pants on head retarded legislation, including the aforementioned content filters.

        Thirdly, the Australian ISP market is highly competitive, despite all the a

  • by cpu6502 ( 1960974 ) on Tuesday March 29, 2011 @07:21AM (#35651268)

    "After you secure your network Mr. ISP, remember to filter out these websites." (hands over blacklist including playboy.com, domai.com, etc)

    • by Excelcior ( 1390167 ) <[moc.pmalyella] [ta] [roiclecxe]> on Tuesday March 29, 2011 @07:53AM (#35651556) Homepage

      Oh yeah, and don't forget www.somefringepoliticalview.com, and while we're at it, www.theopposingpoliticalparty.com, and hey, I've heard that religious teachings are bad for kids, so how about www.christianity.com and www.jewish.com....

      "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." - one of the best quotes ever, from Benjamin Franklin, 1775.

      • Yeah, because major religions are soooo fucking endangered with the current ruling classes of the world.

        Man, you really need to pull your head out of wherever you're keeping it.

        • Yeah... try searching "religious persecution" on Google some time. It's not about endangering the religions, it's about the endangerment of the believers. Or do you not care what happens to people who believe things you don't?
        • by sconeu ( 64226 )

          This just screams out for a Godwin-like response.

      • - one of the best quotes ever, from Benjamin Franklin, 1775

        and one heeded less and less. Soon both police states and helicopter parents fretting over precious snowflakes may ban the quote altogether as blatant pre-9/11 thought crime.

      • Amen brother!

    • by CAIMLAS ( 41445 )

      What's wrong with playboy.com or domai.com, from a security perspective?

  • hmmm.......

    "vendors need to intervene at the network level"

    Doesn't this seem like just another excuse to let networks censor material by just labeling it insecure?

    • Nice - looks like the early gestalt is agreeing this is weasel wording.

      However, it's a race to see which is worse, censorship, hypertracking misdemeanors, selling higher grade user info, obfuscated blackmail, and more.

    • by jd ( 1658 )

      Depends on how "intervene" is defined within the document.

      For example, ISPs with intrusion detection systems, up-to-date firewall and router patches, secure DNS (and if necessary DHCP) servers, minimum password standards for any webmail they provide, a policy of always digitally signing their e-mails to customers, protection against router table poisoning, and security on the BGP upstream routing links, etc, are unquestionably interfering at the network level.

      I'd also consider them doing an adequate job.

      The

      • I agree. The ISP's can do all that they need to with their current privileges. They don't need anything more than perhaps the will to do it!
  • More weasel words? (Score:5, Insightful)

    by TaoPhoenix ( 980487 ) <TaoPhoenix@yahoo.com> on Tuesday March 29, 2011 @07:23AM (#35651286) Journal

    Rule for the modern world.
    1. Assume malice. Once you determine there's no malice, you can go back to your normal discussion.

    "need to intervene at the network level and provide security tools at multiple levels to help secure people from the variety of threats that are emerging". That's one of the better ones lately. Ask yourself: what are these security tools capable of doing *besides* stopping viruses?

    • by andrea.sartori ( 1603543 ) on Tuesday March 29, 2011 @08:08AM (#35651728) Journal

      Ask yourself: what are these security tools capable of doing *besides* stopping viruses?

      Exactly. And yet they can give a user a false sense of security, so I dare say "security provided by ISPs" could even be part of the problem.
      Have the days of individual security ever begun by the way? People "solely relying on patching and upgrades" were always lulling themselves etc., just not for the reasons suggested by Mr Moroneos: and not necessarily for Windows only (one word: rootkits), although it heroically stands as the most exploited target. Some of the worst threats are still represented by bad password policies -- or no password policies at all -- and vulnerability to social engineering. 15 years ago it was not called that, but there were examples in the wild back then. (What I recall on the fly is ILoveYou, but I'm sure somebody less lazy than me can come out with other examples from 1995-ish.) Some people will click the wrong link, open the wrong messages, etc.: ISPs cannot correct people's behaviour, unless in the horrific ways we can all imagine (see several of the comments here.)
      Or is there something in TFA I didn't get? I confess the word "cloud" repeated every other line gave me a hard time understanding what the hell he was talking about.

      • by CastrTroy ( 595695 ) on Tuesday March 29, 2011 @08:13AM (#35651802)
        Individual security is the only way. That is, taking individual responsibility for your own security, of your own systems. I haven't had a virus in a very long time, and it's because I don't do stupid things. A vast majority of people who have problems with security have problems because of their own incompetence, and their own misunderstanding of the situation. And that not only goes for people, but for organizations as well.
        • by mlts ( 1038732 ) *

          Individual security isn't rocket science either. Last virus that I had end up running uncontrolled was the WDEF virus on the Mac, pre System 7. One can do some fairly simple measures so their individual security is up to par:

          1: First and foremost backups. Not RAID. True backups with media rotated out. This way, if malware nails the drives and the backup media, restoring is still possible. Backups mean what would be at best a day long install-fest (finding the OS media, installing the OS, applications

          • by wamatt ( 782485 ) *

            Individual security isn't rocket science either.

            Says the rocket scientist. For my mom it is a complete mystery.

      • Or is there something in TFA I didn't get? I confess the word "cloud" repeated every other line gave me a hard time understanding what the hell he was talking about.

        I thought I was understanding him, until my brain bashed into this sentence:

        "One credit union customer has been running end-point security for three years and has already experienced authentication token security.”

        Whaaaaat???

    • Rule for the modern world.
      1. Assume malice.

      Nah. I say the best protection is not having anything worth stealing that's not in my head.

      • Quite hard. You have bandwidth and processing power, both worth stealing.

        • Quite hard. You have bandwidth and processing power, both worth stealing.

          Yeah, you're right. But all I have to do is convince them that I've got nothing worth stealing.

          • As long as I can see a computer connected to the internet, there is something I want. For bandwidth, and an IP address that isn't mine.

  • by Anonymous Coward

    I run a popular rolling release linux distro, by the time you clowns have identified a threat I'll be patched. I don't run flash or any proprietry software so you're not going to be helping there either.

    In summary: This is not a valid excuse to sidestep privacy protections and intercept communications data with DPI kit.

    In short: Fuck You!

    • by e70838 ( 976799 )
      I have ubuntu with flash and proprietary video driver. ssh is the single open port. My backup disk is physically disconnected (usb drive). I regularly check last connection and running processes. Do you think I am at risk ?
      • by mlts ( 1038732 ) *

        Your network security is good, but physical security might need some work. It can't hurt to encrypt the backup disk (perhaps a TrueCrypt file is the most foolproof), and use some form of encryption for Ubuntu.

        Of course, other types of security (Remington, Ruger, Smith & Wesson, Calico) can't hurt either.

      • by cpghost ( 719344 )
        You may be at risk:
        • You probably don't do remote syslog(), so hackers could hide their activity by erasing all evidence.
        • You probably don't have stuff like tripwire in use so you can be alerted of system binaries being replaced with a root kit.
        • You don't run at a higher securelevel, like you with with OpenBSD (so you can't protect said system binaries even against root).
        • Your binary video driver's blob could be anything but genuine (and that runs at kernel privilege, where it could hide malicious processes
  • by rolfwind ( 528248 ) on Tuesday March 29, 2011 @07:32AM (#35651358)

    So stop taking it seriously. They don't seem to have much respect for the individual in anything anymore:
    http://en.wikipedia.org/wiki/Censorship_in_Australia [wikipedia.org]

    This just looks like another power grab.

    • by Threni ( 635302 )

      Lol! Australian Internet Industry Association? Who? Big time! Personally I'm not going to reconsider my views until I heard what the Scots have to say about this.

      • Hang on, folks... So we are supposed to care what Threni thinks about the AIIA? Who? Personally I'm not going to reconsider my views until I heard what pedo666 has to say about this.

        Seriously, just because you haven't heard of an organization does not mean that you should simply discount their views. It only takes one person in the world to have an insightful thought, and it is most likely that you have never heard of that person before.

      • You're the descendants of bad-ass convicts! Why the hell are you racing to outdo America with all the "OMG, WON'T SOMEBODY PLEASE THINK OF THE CHILDREN!!!" BS ?!!!!


        In summary, grow a pair .
  • Great Firewall v2 (Score:4, Insightful)

    by Ltap ( 1572175 ) on Tuesday March 29, 2011 @07:32AM (#35651364) Homepage
    Seems like another argument to take responsibility away from individual users. I'm sure it involves filtering domains that "may be virus vectors and may contain illegal content that the user is being protected from". Little "Great Firewalls" for each ISP? Considering that this is coming from Australia, it might be a part of yet another attempt to push for the creation of a Great Firewall at the ISP level, using "industry standards" to enforce it instead of a law that has to be approved and might be struck down.
    • Seems like another argument to take responsibility away from individual users. I'm sure it involves filtering domains that "may be virus vectors and may contain illegal content that the user is being protected from". Little "Great Firewalls" for each ISP? Considering that this is coming from Australia, it might be a part of yet another attempt to push for the creation of a Great Firewall at the ISP level, using "industry standards" to enforce it instead of a law that has to be approved and might be struck down.

      Odd considering this man's stance [iia.net.au] on filtering (pretty similar to the stance of the entire ISP industry and most Aussies)

      Q: Why do you oppose it?

      For a number of reasons, the first is that we think that in terms of the way that the model is constructed, that it is not going to pick up the kind of content that people really do have issues with online. The volume of content that it is likely to pick up by virtue of the design of the filtering systems is really a drop in the ocean compared to the unsuitable content that is on the internet. And so the fear is that we will be creating a system where people believe that they are safer online, whereas in fact it will only be that content that people complain to the regulator about that is classified, combined perhaps with international input onto lists - but only a few thousand sites at best.

      In other words the best you could say about the filter is that it will prevent inadvertent, accidental, access to a very limited number of sites, in the absence of any evidence whether anecdotal or empirical the people are accidentally coming across child pornography, bestiality, rape sites - the kind of sites that the government is seeking to dramatise here. Not in our experience, people are routinely bumping into.

      A lot of the content that families really are concerned about for their children - things like violent material, racial hatred material, material which promotes race hate, maybe even just adult content that you wouldn't want your children to see, none of that will be picked up by this filtering solution.

      Time to admit you dont know what you're on about.

  • by mrclisdue ( 1321513 ) on Tuesday March 29, 2011 @07:33AM (#35651376)

    It's early in the thread, so I'll get the astroturfing over with post-haste.

    The only corporation that has any clue as to what constitutes effective security is Microsoft. Everything Microsoft does is great. The iPad isn't anywhere near as great as the yet-to-be-released tablet that Microsoft is planning.

    Have I mentioned, yet, how great Microsoft is? Google is actually evil, despite what they say.

    If Microsoft wasn't great, they would have 0% market share.

    And even though I have a 7 year old cellphone, which I use sparingly (prepaid ftw), if I were to bother with a smartphone, it would definitely be something with Microsoft Windows Phone 7.

    OK, MIcrosoft: where's my moola?

    cheers,

    ps - afaict, there are no ms-related products in my life, and there *probably* never will be. Slackware 13.37 RC 3.14159265358979323846264338327950288419716 ftw!

    pss - I still want my money.

  • Seriously, whatever made him think that consumer machines, particularly Windows machines, were even close to being secure? Remember that you're dealing with Aunt Tillie who may still be running Windows ME here.

    Now, one thing ISPs could do that might make sense is to have an automated system that contacts a user if they see something suspicious (e.g. several hundred thousand emails at 3 AM) from their connection. That of course assumes that the ISP deletes the data in question within a reasonable time frame.

    • I would agree. It would be a good idea if the ISP were to contact a user if certain suspicious behavior (sudden massive increase in the number of emails being sent at odd hours, sudden, prolonged increase in amount of traffic) to let them know there might be a problem. If the suspicious behavior continues and after multiple contacts the user fails to contact ISP to confirm that such behavior is due to user action the ISP may suspend the user's access to the Internet (for the purpose of triggering the user c
      • >>>suspicious behavior (...sudden, prolonged increase in amount of traffic)

        Like downloading youtube videos?
        Running Utorrent to grab missed episodes of Supernatural?
        And you think the ISP should suspend the user if there's no answer???

        Judas Priest - stop giving them ideas!

        • Not after no answer for one incident, no answer for repeated incidents. The suspension would be until the user contacted the ISP and said, "Oh yes, I was doing something at that time which would explain that spike in emails/usage." No need to specify what, merely the statement that, yes, the unusual usage pattern that you noticed is the result of something I chose to do. Or the user says, "What do you mean I sent out 5,000 emails?" (Actually, Comcast already shuts off your email if you send out too many ema
          • "Oh yes, I was doing something at that time which would explain that spike in emails/usage."

            - "What were you doing sir?"

            - "None of your business."

            - "Sorry sir but I cannot reactivate your account until you tell me what you were doing, because we're concerned about your safety, and protecting the net from virus attacks."

            - "It's personal."

            - "Then I cannot..."

            - "Okay fine I was bittorrenting some TV shows."

            - "That is illegal under our TOS, which forbids running an uploading server or program. I'm sorry but we

            • And that I have a problem with. It is not Comcast's (or any other ISP) business what I do with my Internet connection. The only thing this is a valid use for is to make customers aware if they have a virus on their system.
              The correct response when told what the user was doing was not:
              "I was bittorrenting some TV shows."
              It would be:
              "I was downloading some files."
              If they ask what files, the answer is, "I'm sorry that is privileged information that you have no legal basis for asking. If you still feel th
              • by mlts ( 1038732 ) *

                It also helps to use an anonymous VPN service, even one that is in the same country. This way, Comcast has no way of telling what is going over the PPTP/L2TP link.

                It also strengthens the case of either they provide a legal reason that a judge would sign off on, or they provide compensation for what might be a material breach in their contract terms.

      • But what good would be alerting the common person that they are infected? Most modern malware comes coupled with a rootkit of some sort that subverts AV protection so just running AV would be out of the question. Asking a standard user to reformat their own machine is also out of the question as most users aren't comfortable with that. So basically I feel that you would have to relinquish control of your machine to the ISP for any type of effective treatment to take place. Not that I agree with such big bro
        • I have yet to run into a virus that I could not remove from the PC without reformatting. That being said, I really have not thought about how the ISP should respond to those individuals who will not, or cannot, clean the virus off of their system.
        • But what good would be alerting the common person that they are infected?

          First off, it means they're less likely to put in, say, their credit card information or bank account numbers.

          Secondly, the ISP could provide a referral service for a pro to come clean up the machine. It may be the Geek Squad or something, but there's a good chance it will help.

          • by mlts ( 1038732 ) *

            Problem is that with most modern malware, cleaning up is almost pointless. The only real way to get back to a known state is reformatting and restoring to a point in time that is definitely before any infected code got free reign, or formatting and installing from scratch, reloading the OS and apps, and hopefully any recovered data.

            I don't mind an ISP notifying (perhaps via SMS) about viral threats, as it puts their IDS system to good use. However, I am leery of having an ISP automatically pull the plug o

      • Almost all ISPs already do this. If they don't they risk having blocks of IP addresses they own blacklisted by other ISPs.
  • What a world (Score:5, Interesting)

    by erroneus ( 253617 ) on Tuesday March 29, 2011 @07:56AM (#35651582) Homepage

    I'm pretty sure we all know the score here. We know who the bad guys are and what they are after. We know who the vendors of the platforms being exploited are and why they aren't or can't be patched. We know why end users continue to pretend they don't know or understand what is happening or what they can do to prevent it.

    I just wonder what things would have to happen to overcome all of this crap? Will there have to be a cyber 9-11 attack somewhere to wake everyone up?

    The other day, a person I went to some classes with called me and told me she "got a virus... or several viruses." I invited her over and she brought her laptop with her for me to examine and clean if possible. She was afraid to turn it off. But what was refreshing to me was the fact that she did everything right.

    1. She went to another computer and changed all of her on-line passwords -- banking, insurance, bill paying, email, everything.
    2. She ceased all work and use of her computer immediately.
    3. She was using a browser that wasn't MSIE.

    What I saw what just about what I expected to see. A window that was decorated to look like a Windows window "running a scan" and reporting several infections all over her computer. Problem was, since she was using something other than MSIE, the window wasn't manipulated to hide the URL this was supposed to be coming from... showed to be somewhere in eastern europe. A dialogue box was up with two buttons -- both of which lead to downloading an EXE file. And had this been MSIE, I had no doubt that the machine would have already been compromised -- seen that too many times. And oh yeah, all of this continued to work despite that she wasn't connected to the internet at all. Fascinating stuff and kinda pretty.

    Still, I booted one of my machines over to Windows, updated everything and AV signatures too. I pulled her hard drive and connected it to a USB adapter and connected it to my computer to perform a scan. After a very long time, nothing showed up leaving me 98% certain that all was well and that nothing had happened to her machine.

    Still, she doesn't fully understand the technologies but she at least listened to advise to not run MSIE on the WWW and to stop using her computer and to change her passwords from a different computer. How many people do you know would do that? I don't know too many... in fact, she was the first. I had another classmate who had a similar problem and she was terrified but she KEPT USING HER COMPUTER. I was like "uh.... okay... these are the risks... it's on you now."

    Motivations and desires push people to do things, often stupid things, in spite of their knowledge of the risks involved. AIDS is still alive and killing for that very reason and so is drug-pushing spam. (Though lately, I have seen a LOT less of that... actually, none... either my filters are learning way good or there is simply less of it out there and what is out there is being caught.)

    In a perfect world, Microsoft would abandon its Win32 and create a new OS based on BSD like Apple did. We would still have reasons to "hate" on Microsoft and they would still find ways to screw things up I am sure, but a better OS is definitely needed for the world and if it ain't going to come from Microsoft, I find it hard to imagine where it would come from in the near future.

    • and 2% fearful that you got the same root kit she has?

      Still, I booted one of my machines over to Windows, updated everything and AV signatures too. I pulled her hard drive and connected it to a USB adapter and connected it to my computer to perform a scan.

      or Plop Linux + Avast + latest 400.vps on bootable CDR. That's how I end up fixing peop's computers (if I'm feeling charitable, i.e. if they are family). No way am I plugging a known compromised device on my LAN, let alone directly to my computer, no matter how patched I think it is. And I don't even run Windows.

      Plop [www.plop.at] what a relief it is.

  • by cerberusss ( 660701 ) on Tuesday March 29, 2011 @07:58AM (#35651600) Journal

    It's kinda hard to see what the conclusion of TFA is, since it doesn't really take a moment to summarize anywhere in the piece. But basically we have two people speaking. Peter Coroneos tries to say something that home routers should contain more/better security.

    Then he says: "people need to ask if Cloud applications are secure and private". I don't see what that has to do with security but rather with privacy, but there you go.

    Then there's TrustDefender co-founder and CEO, Ted Egan, who's trying to peddle his company product, which seems to be a piece of software not unlike a trojan, which detects other trojans.

    OK, that was a waste of time.

    • by c0lo ( 1497653 )

      It's kinda hard to see what the conclusion of TFA is, since it doesn't really take a moment to summarize anywhere in the piece.
      [...]

      OK, that was a waste of time.

      Mate, before following your conscience and actually reading TFA, a quite commendable act anyway, I direct your attention to the smaller details of:

      it security finally slashvertisement story

      from the fight-botnets-with-socialism dept

      • Thanks for that tip! I actually never check the tags, but checking for 'slashvertisement' seems very useful.

        Although, for even a slashvertisement, the piece was amazingly badly written, with no real conclusions or summarizations, and ad-hoc jumping between topics.

  • With the increase in population and vice, there are so many people walking around that it's hard for a single homesteader to protect their land and family all by themselves these days. It used to be that when someone walked onto your property you could see them coming from a mile away, and you could get a pretty good idea of what they was a-hankerin' to do by the way they looked and what they had with'em. These days, in Silver Gulch, with every kind of person around, and so many people walkin' about, it j

    • What? Be reasonable! I don't want some yahoo sheriff coming onto my property and enforcing some law, some arbitrary law, someone came up with no idea what's true and proper to do on my own land! I'll treat my servants however I like on my farm. If there's some problems around Silver Gulch, well, that's what we got those Anonymous vigilantes over there for, running around and hanging people they think done the world wrong. Why, everyone should be proud of those fellas. Even if they get a few innocent people

  • First indicator that this guy may be wrong is he's a CIO. CIO's have staff that probably tell him the kind of crap that he has in this article, but let's look at what he has....a quote of his quotes:

    "Coroneos said vendors need to intervene at the network level and need to provide security tools at a multiple levels to help secure people from the multiple levels of threats that are emerging."

    I think this means that vendors need to design security as a function of their software and of their networks which g

    • by McNihil ( 612243 )

      With "First indicator that this guy may be wrong is he's a CIO." you make that CIO sound so like "Chief Idiot Officer." :-J

      But on topic now... there is only one security model that works and it is Active with Proactive Security where one monitors 24/7 for any breaches and searches for holes before they are exploited. This actually takes knowledge and time which costs real money. Useless information (most human beings data... especially now in the age of Facebook et.al.) doesn't need this overhead. In this l

  • He'll tell you it's alive and well.

  • by Anonymous Coward

    Coroneos said vendors need to intervene at the network level and need to provide security tools at a multiple levels to help secure people from the multiple levels of threats that are emerging.

    I work in IT Security and I barely understand what he is talking about. Is he suggesting that we don't have the tools to detect and counter-act these threats at the network level already? Is he saying we should implement network level solutions such as filtering? If so, why target that advice at vendors and not service-providers? The tools already exist. The suggestion is so light on details and ambiguous, it's meaningless as a direction.

  • In the article, he writes,

    It reminds me of a Monty Python skit where a building is being held up by trust. It’s only standing up because people are believing it will stand up[...]

    Anybody know what skit he's referring to?

  • Windows will NEVER be secure.
    To be secure (or secure enough to avoid viruses etc) would mean sacrificing other things that are more important to Microsoft's customer base including ease-of-use and backwards compatibility.

    • by Bengie ( 1121981 )

      Which is funny, because OSX has been shown less secure than Win7.

      Win7 on the network is quite secure, but I guess if you start running random programs from unknown providers, you may get malware. But hey, the same can be said for Linux and its on-going fight against priv elevation exploits.

    • Windows will NEVER be secure.

      That may be true, but just saying so is not terribly informative. What, in particular, makes Windows 7 inherently insecure? Can you point to some features in the architecture of the OS that prove your point?

      I'm not saying your assertion is wrong; I'm just saying that it would be ever so much more helpful if it were preceded by a valid argument that demonstrates its truth.

  • Q: Are the Days of Individual Security Over?
    A: most definitely yes: the individuals have all been secured! Now it is time to move forward to social security...

    Errr... what? Ah,now I see why this is coming from:

    the fight-botnets-with-socialism dept.

  • The only way to be 100% secure is to have no network connection at all. Preferably also turned off and locked in a safe. Virus --> anti-virus software --> anti anti-virus & polymorphic virus --> etc. DOS attack --> countermeasures --> DDOS --> more counter. Network attacks --> firewall --> ISP level network --> something new?

    Yes, very simplified and not very accurate, but it shows the constant war between attackers and attackees.

  • the Australian Internet Industry Association. According to AIIA's Peter Coroneos, vendors need to intervene at the network level and provide security tools at multiple levels to help secure people from the variety of threats that are emerging."

    [Industry] spokesman declares that life as we know it is about to end, and that only [industry] is in a position to protect us. Given the proper financial incentives, of course, and made mandatory by legislation "for our own good" if need be.

    Color me shocked.

  • It is called an OS that is not Windows. If you use your PC to surf the web, write, and do your taxes, then you don't need windows.

    Look, there are things an ISP can do to keep itself secure. For example, they can look for suspicious activity and kill your connection if it becomes obvious you are owned.

    But pretty much anything else becomes them providing LESS service, not more.

  • We should collectively rush to close the barn doors after the horses are out.

  • The author of this little piece cites Peter Coroneos, one who is not in favor of internet censorship [iia.net.au]. So stop being so paranoid.

"Hello again, Peabody here..." -- Mister Peabody

Working...