I'm sure the truly paranoid will never be able to sleep at night knowing this little tidbit.
Friday, September 23, 2005
Thursday, September 22, 2005
Even if you disagree (and I'm sure most people will, because the conclusions are quite disturbing), it's extremely thought provoking and should be read by as many people as possible.
Tuesday, September 13, 2005
All security for all operating systems must start and end with the user. If the user is knowledgeable and vigilant, then most security products are unnecessary. If he is not, then no amount of add-ons will protect him.
I use a wide variety of computers at home and at work, running a wide variety of operating systems, including Windows. I employ the following security measures for all of them:
- The networks (home and work) are behind hardware firewalls. The home LAN is behind a Linksys router with NAT turned on and all but one inbound port (SSH) blocked. The corporate LAN has its own firewall, administered by the IT department.
- Operating system software is kept up to date with all the latest patches. I use the auto-update facilities to inform me of updates, but not auto-install them. (I want to know what and when I'm installing these patches, even if I end up installing them all.
- I keep my applications (especially internet-using ones) up to date with the latest patches from their respective vendors.
- I only install software that I purchase or download from well-known sites. This is almost always the publisher's own site or a genuine not-pirated CD.
- I do not trade "warez"
- I do share my disk volumes over the LAN, but with some restrictions. At home, all volumes are exported as read-only (if I need to put a file on another computer, I log-in locally to that computer and use the network to fetch it from the file's source computer, which also exports its volumes as read-only.) At work, I use our network's domain-level security so that only my personal account can mount one of my volumes read-write - other domain users are read-only, and guest-access is blocked.
- I disable auto-installation in all programs, including web browsers, games, and the OS itself. I will let apps notify me when updates are available, but I must always give approval before download or installation. When stuff has certificates (like Windows updates), I review them to make sure the files come from where they are supposed to be coming from.
- I never run a program e-mailed to me. Never. Even if the message is expected and comes from someone I know, I won't trust it. If I want someone to give me a program (which happens very very infrequently), I'll have him put it on a known web server and send me a URL to it, or (even better) snail-mail me a CD or load it into a flash drive I always carry with me.
- I don't use known-insecure programs (like Outlook)
- Whenever possible/practical, I work from non-administrator accounts. Unfortunately, this usually isn't practical for Windows systems, but it is no big deal on other systems (including Linux and Mac OS.)
I do keep a virus scanner (provided by my employer) running on the Windows PC's just in case something should slip by my procedures. (The scanner updates itself every day at 1:00am and scans the local hard drives every day at 2:00am.) To date, I have gotten exactly one virus over the entire time I've had computers attached to the internet (which is as long as the internet has existed.) And this virus arrived via Microsoft's own Office Update server.
I also run AdAware and SpyBot S&D to scan for spyware on the PC's. I run these scans infrequently, but they have never found anything more intrusive than tracking cookies in my web browsers. (Which I make no attempt to block - I don't consider cookies a serious threat.)
I run the Microsoft software firewall on my Windows XP boxes, but I do not normally run software firewalls on any other computers, preferring to rely on the LAN's hardware firewall. I do keep a copy of Zone Alarm installed, but disabled on Windows laptops - I enable it when traveling in case other networks don't have proper firewalls in place.
Sometimes people ask if I should run antivirus software on my Mac. I tell them what I just wrote above. With proper security procedures, a virus scanner should not be necessary. If the Mac should ever become a target of intense malware activity (like Windows is), I will probably invest in antivirus software "just in case" it should be needed, but I intend on waiting until then.
Monday, September 05, 2005
Follow the link for the details.
Thursday, September 01, 2005
His analysis (which I won't repeat, because it is somewhat involved - go read the article) seems solid, but it does not leave me with a good feeling about the man.
While Card's analysis may make perfect sense from a global-politics point of view, ultimately, this policy boils down to forcing people out of their homes in order to create a PR campaign. This is especially disgusting and hypocritical when you note that Sharon (who was not Prime Minister at the time) was one of those trying to convince as many Jews as possible to move into Gaza.
My prediction (which is far from mine alone) is that this policy is not going to change a thing. The terrorists will continue to use Gaza as a base of operations for attacks against Israel. They will now start demanding more land, including Jerusalem (and based on recent reports of attacks there, this may already have begun.) And what is Israel going to do? They're either going to have to wage an all-out war (destroying any sympathy from the press) or they'll sit back and let their people be murdered (which seems to have been their policy up until now.)
PR stunts may work fine for drumming up global sympathy, but they won't do squat for bringing about peace. When you're dealing with an enemy that sincerely believes in victory-or-death, and victory means your complete annihilation, you only have one option - to give them death. Until Israel (regardless of who is in charge) faces this reality, every action they take is just another euphemism for surrender and suicide.
Maybe I'm being far too pessimistic here. I certainly hope I am. But so far, those who disagree with me can only point to wishful thinking to back up their arguments.