Starting At Home

  • Do you use anti-virus and other security software for your personal computer? After all, you're an IT professional, most likely a DBA or developer and cognizant of the various risks to computers on the Internet. Apparently not all IT Pros bother, as mentioned in this article.

    On one hand I kind of see the point. Security is a habit and like all habits, you should practice it everywhere. On the other, there could be overriding circumstances and to what level should we "force" people to be secure?

    I know we all want to prevent botnets, virus propagators and the like, but at what point is it fair, at least in US terms, to tell someone what they need to do. We mandate all sorts of rules and regulations to the populace, but they aren't mandatorily forced upon people. People are allowed to break the rules, and suffer the consequences, but they are allowed to break the rules.

    Having a more secure Internet, and asking people to be more secure, is important. Having vendors build secure applications and install their software in a secure manner is something that I'd like to see more prevalent. Ingraining those habits of secure coding, even in demos, even though they're a pain and they obscure some of the code you're using, helps to propagate the habit throughout the IT professionals daily life.

    I'm just not sure it should be forced upon us in a fascists or Stalin-esque manner.

  • There is a lot of malicious code that propagates via home computers to businesses. If you count the number of business computers and compare it to the number of 'non-business' computers, I would guess their are more 'non-business' computers.

    What good is all the anti-virus and firewall stuff at work if someone brings in a file from home that is infected? Or VPNs into their work computer from their home computer, especially if the home computer has a key-stroke logger hidden on it?

    As Smokey The Bear said....Only you can prevent forest fires. Well, you are the front line for stopping malicious code being spread.

    I run antivirus, firewall, two antispam products on all my computers. Plus I have them connected to a router that NATs the IP address to the Internet. I use wireless for some of my connections to the router and test its security by 'war-driving' my house every now and then. We change our passwords every six months and I change the router passwords/authentication every three months.

    Added: I believe it should be 'forced' upon us WITH the option to turn it off and use our own choice of products. My parents and my brother have computers but they are not computer literate. I made sure they are protected. Where do you think the majority of SPAM comes from? People who are doing it intentionally? Or from people's computers that have 'been taken over' by malicious code? I would guess it's the latter.

    -SQLBill

  • Hear, Hear.

    I've got my home network behind the router firewall and anti-virus, spybot, firewall etc on each pc.

    It's not myself bringing in a virus/trojan etc I'm concerned about, it's what my daughter might pick up, as she's the computer illiterate of the family. If she gets anything on her machine, it could affect mine and I haven't the spare time to waste on re-building all our machines, let alone trying to recover all the data.

    Then what if it got to the web sites I run....

    So yes, I keep my insurance up to date.

  • As part of our company's VPN policy, any non-corporate assets used to connect to the VPN must demonstrate that they have firewall and anti-virus software installed before provision to connect will be granted. That may cause some folks to be 'forced' to be protected, but I don't see that as a bad thing.

    Many people who choose to never run this software may never have a problem. Lucky them. After 20 years in this business that is not a chance I am prepared to take, any moreso than I would willingly choose to go without homeowner's insurance.

    ------------
    Buy the ticket, take the ride. -- Hunter S. Thompson

  • I am curious about how you would feel if the internet providers were forced to police the machines that they give Internet access to.  If they detected unusual activity then they could cut off that machines access to the Internet until it has been determined to be safe.  Most of the people that I am aware of do not send hundreds of emails a day from their home PCs let alone the hundreds of thousands that are sent out by spammers.  I know this will not cut out every problem but I would think that it could reduce at least one potential problem.

     

     

     

     

  • We're behind a router at home, with some security in place there.  My husband hasn't been running anti-virus on his PC for a long time now and has been one of those lucky guys who doesn't get caught.

    I personally run a free virus scanner (AVG from Grisoft) and their free anti-spyware. I also have Ad-Aware and Spybot for spyware sweeps.  I just don't trust websites anymore, so I make sure to have my protection up.

  • I guess we all learn from experience. I for one, had to learn the hard way. After leaving my home computer available for my kids to go on the internet I soon had a virus that destroyed my system. I had to rebuild the whole machine and lost many files.

    Today I manage multiple laptops for my spouse and kids and we are running all separate virus scan programs, ad/spy ware software and have individual firewalls. I also won't allow anyone else to log on my machine.

    All I can say is that you can leave your system unprotected and get away with it for a long time. But once your system is compromised you will think differently! 

     

  • I follow pretty much the exact same guidelines as SQLBill laid out in his post. Additionally, I do not use IE but that is a whole other story. The only virus I have ever had was one that came on an original Microsoft floppy disk way back before they used CD roms. Yes, an original MS floppy straight from MS. Go figure.

    Additionally, at work we will NOT allow any VPN connections from a machine that we consider even a remote security risk. It simply isn't worth it. Even as a small company we see so many attacks every single day that any security breach would be abused almost immediately. It is sad, really, what the net has come to.

  • Forcing people to implement security measures is yet another example of treating victims like criminals. The way to fight crime is to go after the criminals, not the victims. I'm getting pretty tired of this attitude, prevalent in many fields, that the victims are somehow responsible for the problems caused by criminals. Yes, you are partly at fault if your car gets stolen when you didn't lock it, but the crime was commited by someone else. We need to get serious about network security and start prosecuting the criminals, wherever they are. If they are operating in some lawless country, then I have no problem sending in the Navy SEALs to quietly and violently deal with the situation. We need to show the world that cyber-terrorism is serious business and we're not going to take it anymore. If there was a real threat of being caught and facing the consequences, these people might consider an honest living. Right now, there's usually no penalty for these criminals, so how can we expect them to stop it? We should try to deal with the source of the problem before we make things even worse for the victims.

  • The majority of spam actually does come from spammers. Spam is not really a security risk though, it's just annoying. The 'forward this worthless crap to all your friends' problem is caused by ignorant n00bz, but spam is sent intentionally by weak-minded fools trying to make a quick buck, or ruble or yuan or something. Spammers set up botnets and so on to try to gather email addresses and increase their sending volume, but they're going to send it anyway.

  • Solve the problem by getting rid of your PC!

    I think somewhere down the road you will only need an appliance to access the internet in a virtual way. Everyone will have the equivalent of a T1 to/ from their home and all your programs and files will be securely stored on a remote server that will filter everything for any type of problem. Your session is gone with no trace when you log off. You only see the screen shots (video) or what was sent to your printer.

    This is similar to today's use of thin clients and server hosted computing. Far easier to protect a single server than 100 PC's.

    All for $19.95 per month, tax extra.

     

  • Jasmine,

    So you support committing a crime to stop something legal but that you don't like?

    QUOTE: If they are operating in some lawless country, then I have no problem sending in the Navy SEALs to quietly and violently deal with the situation. ENDQUOTE

    Sending SPAM and/or malicious code is illegal in the U.S. but not in every other country. In some countries, SPAM is legal. Most countries don't even have laws governing SPAM or malicious code - so it's not illegal.

    This is why most of this activity begins outside of our country. It's also why on-line betting websites are moving 'off shore'.

    -SQLBill

  • Spam is initiated by spammers, but today between 80 and 90% of unwanted e-mail is being sent by compromised PCs.  That means yer average Joe is allowing spam to be sent and he could stop it by installing a free, unobtrusive application.

    And a the first e-mail a bot sends is a copy of itself, hoping to infect more machines.  How difficult do you think it is for the originator of this type of spyware to sell your machine co-ordinates to someone who wants to gather financial or other sensitive information about you? Or use your machine to break the law?  Or to harm children?

    I personally think it should be a crime to send these types of e-mails, even if you don't know you are doing it. It's like all those laws that require fences around pools, etc.  An unprotected machine is just as much an attractive nuisance as a pool.  And it is much, much cheaper to install a program than a pool.

    People who don't run anti-virus and anti-malware application are also enabling the exchange of child porn, scams, 419 letters, and other damaging files.  Why do you want to be part of all that?

    People who think running small applications are as much part of the problem as the scammers.

  • There are a couple of myths in your post. Some may have been true in the past, but they aren't any longer.

    Sending spam is not illegal in the US.  All you have to do is include valid headers, a working opt out and contact information.  The CAN-SPAM act allows just that: "you CAN SPAM", as long as you provide a mailing address and some form of an opt out mechanism (which never really work).

    Also, the vast majority of spam orginates from in the US:  http://www.spamhaus.org/rokso/ .

     

  • SET UNCOMMON_SENSE_MODE ON

    Stupid is as stupid does.

    SET UNCOMMON_SENSE_MODE OFF

     

    RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."

Viewing 15 posts - 1 through 15 (of 20 total)

You must be logged in to reply to this topic. Login to reply