Forget the security industry!

I think that in the 30+ years I've been using personal computers (not that we called them personal in the early days), that I've never personally been compromised, never had malware on any of my systems, and have entire networks that we manage that have no malware and no compromises, and we do it with a few simple tools, on the MS platforms, and it's really simple if you understand the threats.

Dear Leythos,

I appreciate your interest.

You did not offer any opinion regarding the value of my proposal, but said that you have never had a compromise of any of the systems under your care. Is this something you guarantee and if you do. at what price do you do it?

If the issue is so simple, why are there hundreds of companies and consultants offering their services for good money to defend the user from ever new and more sophisticated malware threats????

Finally what is the justification for the user of such widely sold gadgets as PCs to familiarize themselves with malware and defenses against them? Such defenses should be the task of the industry selling these gadgets and rendered without the yearly charges for protection services to one or several of these providers.

Cheer up, more malware is on its way. Business is good and is getting better. GR..

Leythos had the following to say:

The issue and solution is simple, implementation is next to impossible.

The problem is two things:

1) Ignorant users that believe a computer is like a toaster 2) People not willing to accept a complete change in OS Platforms that would invalidate all of their investment in software and vendors that would have useless software.

The above two reasons are why there are a few reputable companies defending the masses that care enough to be protected and why there are masses of companies feeding off of the rest.

Leythos,

Of course almost all computer users are ignorant and think their PC is similar to a toaster. Have the vendors of hard- and software not spent billions in ads to make them believe that this is so?

On the other hand if the public had been informed that they must study information technology or spend oodles of money to secure their PCs, only a fraction of the sales would have been made.

Most users have spent a bundle already and are not willing to spend another bundle to effect a "complete change in OS Platforms that would invalidate all of their invest- ment in software and vendors that would have useless software." And who can be certain that the next round will bring results different from the first round!?

No, the business is geared towards insecurity and derives its income from insecurity and no end is in sight. Get two PCs, one for the net, the other for record keeping and serious work and forget about the protection racket.

Cheers GR.

The business is there because the people that user computers and the vendors that have invested in programs (writing them) are not willing to accept what it would take to secure the computers. Take a look at Nix, while more secure than Windows in most cases, the apps are still being exploited on a daily basis.

To make things universal and also user configurable you have to accept that you're going to get people that exploit those things.

Most of the malware could be easily stopped if the businesses that provide internet services would implement security measures, but then people would complain about not being able to do something or about being monitored....

The industry is there because the people would rather pay someone to make them feel safe instead of taking the effort to be safe.

[snip]

I think the irresponsible attitude that it doesn't matter how infected a net-connected PC becomes is a major part of the reason so many infections are so easily spread. In your case you actively support the notion. In the case of most it just happens through sheer ignorance. Those so ignorant that they don't know or care what they spread are generally too ignorant to avoid infection. It's a vicious cycle and the malware writers thrive on it. So do many so-called security companies. Problem is that there's no guaranteed software solution to protect the ignorant from themselves. It's also why the rest of us have to worry about protecting ourselves against the ignorant.

Now the reply below is typical.

It blames the person who paid for his PC, paid for software, paid the ISP to be an IGNORAMUS if he can no longer afford the time or the money to secure his machine.

Listen carefully!

If the operators of a system are incompetent or unwilling to make it secure and earn billions in the process, dont blame the little guy who foots the bill for problems. The problem is generated by the greed and the unwillingness of those who profit, not by the little guy who suffers.

If an amusement park can't offer safe rides, is the visitor supposed to show up with helmet, ambulance and proper health insurance?

Yet if the internet is not safe, you do require the visitor to purchase protection contracts, pay for unnecessary repairs and ever new software and then call him an IGNORAMUS if he does not appreciate his role as the cow who gets milked.

GR.

You problem is trying to assign blame, when it is very simple if a person can't adequately provide for the administration of their computer they should pay someone else to take care of it.

John

Well, if he can't afford the ongoing cost associated with his purchase, then maybe he shouldn't make the purchase in first place.

Why don't I have a car? I could easily afford one. But the taxes and the fuel...

and it will never be safe. That's why it's your responsibility.

My Dear,

You said

This is: clearest form of protection racket. Pay and we shall protect you,... possibly.

Sounds like Chicago in the 20s.

I think we can expect to be safe on a public highway like the internet without paying out protection money.

GR.

----- Original Message ----- From: "John Mason Jr" Newsgroups: comp.security.firewalls Sent: Monday, July 02, 2007 11:29 AM Subject: Re: Forget the security industry!

Wrong, you pay a lot to be safe on the Public Highway, it's called Taxes, and unless you're a non-working slouch you pay for a safe highway

- and lets not forget the Illegals in this country that make our highways unsafe and dangerous - much like the Illegal actions on the Internet.

This is: clearest form of protection racket. Pay and we shall repair your car,... possibly, we'll best as we can. Car repair men really are scumbags, aren't they?

Sure, but not with incompetent fool like you running around.

Hi,

NoSpam schrieb:

And your attitude, too.

So, you see, we have to pay to make our cars secure. This bloody insecure streetnetwork! I pay taxes, so why don't they have automatic external guidance systems and some soft and fluffy airbags around my car?

Actually, over here you can go on rides with prett unsecure machines in amusement parks, and es, some of them need you to wear a helmet.

Once upon a time, when the internet was started, there was a little saying: "If you connect to the net, then you donate part of your machine to it". Even then, people where aware of the dangers an open connection imposes. But hey, it got dangerous, when the majorit of the system on the network belonged to IGNORAMI.

But, you know, the market mechanisms are brilliant. If your ISP doesn't offer you the kind of protection you want/need, swithc to a better fitting one.

Cheers, Jens

People like you who blame everything other than themselves are the ones who get infected and then pass it along to others. If you and those like you can't afford to protect their investments maybe they shouldn't be playing on the Internet in the first place.

My anti-virus software filters the trash from email from people like you - assuming RoadRunner doesn't already filter it - and then I don't click on every damn thing someone sends me. My software firewall rejects intrusion attempts from people like you infected up the wazoo

30 days after putting a new system on the Internet. And if I were to get infected it will throw up a warning that something is trying to get out. And I run an SPI router despite not having a home network. It's called being responsible. I do my best to protect myself and in the event I fail I try to protect others from me. I don't claim to have the best defenses possible, but I do claim to have never been infected. And when I say never I mean since the 70s when I built my first computer from a kit.

In short, if you're going to swim in white water you learn to swim before jumping in. You can blame your bathing suit if you wish, but that won't change the facts.

You probably don't remember the advertisements for the original IBM PC (not the XT or AT, but the original model 5150 with 256 KB of memory, and one or two 360K floppies and no hard disk) from 1981. It used a mime dressed and made up to look like Charlie Chaplin (movie star from the 1930s) - apparently in the business of selling hats, and he is prancing around his newly discovered PC. Pressing one key (almost certainly the Enter key), there magically appears (slowly) a pie chart showing some representations of data that is going to show this hat salesman how to improve his profits. Yeah, right. The "program" that was run was called PIECHART.BAS - a demonstration of Bill Gates wonderful programming capability (written in BASIC).

When was the last time you drove a car with a manual transmission and a clutch? It's to hard to learn how to use a clutch??? Obviously.

The inexpensive versions selling for under under ten bucks (perhaps with shipping not included - add two bucks as a wild guess) are all unlimited. That includes the office applications and everything except the un-needed anti-virus software. If you want to install the same CDs/DVD on ten thousand systems - go for it, as it is perfectly legal to do so. Want to give those CDs/DVD to anyone for free when you're finished installing? You can do that as well. Don't try that with Vista. And it works on the same hardware that your XP and W2K does, or even the systems you had to throw away because they lacked the horsepower to run XP/W2K. Spending money is not the barrier.

The real problem is resistance to change. You don't want to change what you are doing - heck, you _might_ actually be forced to read a pamphlet and NOBODY wants to do that. Geez, the icons are slightly different and are in a different place!!! THAT'S TO HARD!!!

Have you read the "instructions" that came with your toaster? Of course not - who needs to? Besides, they are just full of foolish instructions such as telling you not to wash the toaster in hot sudsy water in the sink or something.

Old guy

So does my spam filter. You need an additional software package for such a task?

So does my TCP/IP stack already. Why exactly do you duplicate this behaviour?

You'd wish. How should that work?

It's called stupid.

Obviously you don't. You're just doing nonsense without thinking about any actual concept.

Judging from the fact that you're a dirty spammer, this is very doubtful.

That reminds me of a joke:

Q: How many Virginians does it take to change a lightbulb?

A: What's wrong with the old lightbulb?

I do not know how the clutch of a motor car gets into our discourse on computer security, but you are herewith informed that I always drive a car with a clutch and a stick shift. My current one is a Toyota Camry with five forward and one reverse gear and I would not have it any other way. Now is your question and my reply going to resolve any security issue? Please reply stating your answer to this question.

Furthermore regarding your last few paragraphs which sound just a bit contemptuous of my initiative and intelligence, I like you to know that I programmed an IBM 635 machine in assembly language in 1959 and an IBM 704 in FORTRAN starting in the same year. I am still writing programs in FOR- TRAN and I am building my own PCs. NOT that I claim that it takes great intelligence or diligence to do these things, but they do seem to contradict you suspicions, dont they? Would you mind telling me what you did in those years and what makes you believe that you may look down upon me???

Since I am a very, very old guy, I do believe that the sellers, that is MS and the rest of the security and software business should deliver what they promised to deliver and not refer to the future, to new software, to new ways, to new gadgets. I am convinced that the current setup with proper enforcement of existing rules and persecution of offenders CAN BE MADE secure. That it is not done is related to the potential loss of busi- ness and not to unsurmountable technical difficulties. It is not the great new software invention which will bring about security but the WILL to achieve it.

From a very, very old guy to an old guy GR.

GR.

Leythos,

It is elementary. I pay the internethighway tax. It is called the monthly fee for ISP service. Think before you write.

GR.