Forget the security industry!

Dear Mr. Higgins,

I do not know you from Adam. How do you imply that you need tofilter e-mail coming from me. I never heard of you, never corresponded with you and have no desire to be in contact with you and your rants.

GR.

Der Jens,

Same old nonsense in your reply.

Remember I and millions of others PAID: paid for PCs, paid for DSLs, paid for Modems, paid for OSs (I paid for

95,98,NT,2K) paid for AVs,for the whole thing. Did we get security? No. Now you security people want more money, more, more, more

WILL YOU DELIVER SECURITY. NOOOO!

Sounds to me like you are planning on an eternal war with eternal tribute to security.

GR.

Hi GR, I believe it is incorrect to blame PC users for not being sufficiently knowledgable to operate their PC's without running the risk of having data stolen, operating system corrupted or be bombarded with unwanted advertising. The argument they are too ignorant is often founded on a type of elitism that would hold computer development back by many years. It is all those people who have not got time to study the intricacies of computer security that provide the revenue to fund software and hardware development. Often it is not ignorance founded on stupidity but a choice to spend the time that would be needed obtain the knowlegde to 'surf safely' on other areas: going to the pub, studying art/mathematics, etc. Therefore, should be about producing products that can be used by as many consumers as possible. However, for the reasons mentioned in previous posts that is not what all software and hardware manufactures believe in. Add to this the FUD peddled by many 'security advisors' and you have a multi-million dollar industry that counters the efforts of others to increase the percentage of populations that use computer based technologies.

Of course there are degrees of culpability and compromises that need to be made between usability, knowledge and security, but these should not result the extremes we are now experiencing. Finally, I do agree with an earlier person who posted stating that ISP's could resolve many of these problems.

Yours respectfully,

ST

NoSpam wrote:

Same old nonsense in yours.

What you fail to understand is this: security is not a product. It's not something you can install on your computer to keep you secure for all time and under all circumstances. To achieve security YOU will have to actively participate in the process, no matter if you like that or not.

cu

59cobalt

No, you're confused again, there is no "Internet Highway Tax", you are paying for a provider to give you a connection, much like you pay for a Driveway from your house to the street - once you are on the street your taxes pay for the limited amount of safety that is provided on the public roads.

Something else you forget, it's your legal responsibility to maintain your vehicle in SAFE OPERATIONAL STATE. If you don't personally know how to do that you pay others to do it for you - same with a computer.

Think before you play with the experts.

It wasn't secure before you bought it, never has been, and there are no expectations that it would be secure - any person in their half-right mind knows that computers are not secure.

So, since you started with 95, you should have already known that the OS is not secure, not on any platform by default, except maybe BSD, not even HPUX or AIX is secure by default.

You can secure you computer without paying anyone, you just don't appear to be smart enough and don't appear to understand what you've been told, you appear to have a Zealots mindset.

If you are smart enough to purchase a PC then you're smart enough to secure it - it's really that simple. The difference between someone that properly secures their PC and someone that doesn't is that the person that doesn't didn't care.

Dear Shaun,

I finally met an understanding person in this news group and I am glad you formulated the problem so well. It may be too much to hope that your contributiion will be understood. There are quite a few participating here who can only communicate in terms of simplistic or ambiguous sentences or in outright ad hominem attacks. There are certainly also those who try to be of help.

I like to now state what I understand to be elitism. Elitism for me is wanting to or actually belonging to a group of people who wish to conduct themselves in an ethical way, respectful of others and their needs. It is not elitism to applaud the develop- ment of a Babel of computer languages and to possible master one or two of them and use that as justification to look down upon those who have not invested the time to emulate such behavior.

Those who claim that the industry is doing all it can do to save the PC user from disruption, unnecessary expense, data loss and data theft and dumb advertisments should prove their point by providing data on the number of people working at major ISPs in fighting spam and compare that to the number of staff working on collecting money, selling accounts and advertising.

How much does the federal government offer in terms of grants and development money to develop strategies to trace and finally convict spammers and hackers?

I have no doubt that such abilities exist already. Take a threat to security and life originating somewhere in the net! I believe the culprit would be identified and arrested in less than a day. Do the same to the million a day spammers and watch the volume drop.

I suspect that some hackers spend their mornings fighting spam and their afternoons creating it and that they feel really good about how smart they are and about getting away wit burning the candle from both ends.

GR.

for.

Leythos,

Dear Leythos,

I am awed by your expertise. Expertise however needs to be properly applied and channeled to provide the benenfits it may be capable of rendering.

Let me continue and end our discussion with the following remarks.

Since I get a bill from the Internet Service Provider I know how much to pay and to whom.

I have never been informed by any ISP that I should pay an additional amount to anybody else. If you or the ISP or the security industry feel that they need even more money and that they think that the federal government should pay up, then they need to take necessary steps to collect from the Feds.

May be you should become a lobbyist for a new Tax, an Internet Security Tax, or IST. In the meantime I expect the ISPs and the softwareproviders to protect me from the punks. The software firms and the ISP should know their business, so that their security measures actually work

It is not ethical and in the long run probably counterpro- ductive to sell a dangerous vehicle and let each owner provide for his safety. This is not permissible for any product, but the Internet.

Your argument that each user should purchase additional hard and software to protect his PC if faulty. Look at the statistics at the Lavasoft site. There the claim is made that

9 out of 10 PCs are "infected". This is proof beyond any doubt that the idea that the public can provide for its own Internet safety is poppy c*ck .Since an infected computer can infect uninfected ones, it is essential that the internet vehicle be made safe by experts and it is clear that this job cant be left to the individual owner.

GR

Dear Leythos,

I do not appreciate your putting my intelligence into doubt. I also do not appreciate having my mindset evaluated in such a superficial fashion.

My computer experience goes almost certainly back to a time when you were not yet born or a toddler. (It started in 1958 on the largest machines available at that time. Please be careful with unsubstantiated statements, they will in the end reflect upon you, not upon the person you are abusing).

I have just posted my definitive summary of the problem as a response to another one of your posts and I invite you to study and to reflect upon it.

GR.

Yes, you got security. In fact, Windows 2K and its successors Windows XP and Server 2003 have been evaluated as NSA C2 and CC EAL4 Baseline Profile, which means that with adequate configuration you can build a very secure and reliable machine. But, of course, you should know what you're doing.

Oh, and sure by buying an AV program you didn't get any security. You just got an intrusion detection system which alerts on the most trivial break-ins only, just exactly as one should expect.

Actually I've seen quite the contrary: People would rather buy the common snake-oil pseudo security software rather than a competent security workman who would achieve permanent security by just once setting up an appropriate security configuration.

BTW, would you please cease your utterly stupid full-quotings with the broken quoting style? kthxbye

You are the one that started the games sonny.

And all of your comments point to your needing a Tin-Foil Hat.

No one is asking you to purchase anything, no one is protecting you, no one is scamming you, no one is causing you a problem.

I don't need those things to protect me because I know how to protect my networks and system and it works very well. The one I do purchase for customers are for their benefit in case I fail to see something, in case I fail to understand a threat base, in case I fail to properly configured their networks and security methods.

You seem to think that they are selling dangerous tools to people, but the fact is that a Drill is dangerous to most people, and only those that learn a little about its use will be able to use it safely - just like a computer, people CHOOSE TO NOT LEARN, they willingly, knowingly, refuse to learn in most cases. They know the threats are real, know that failure to secure their machines by simple means, without cost in most all cases, will cause them to be compromised....

You just seem to want to rant and spew a mantra that is unfounded, but you might learn, they say even an old-dog can learn, but you sure seem more confrontational that even SG is. Settle down, try, try and look at what everyone here has told you as though you are wrong, without being upset, and you might just come away with a better understanding.

You sound like the same mentally challenged KatMandu posting in alt.comp.freeware.

And you are positive this wasn't a GE. Where exactly did you gain this early "programming experience"? And what could that possibly have to do with securing your current computer that really does operate in a different manner?

Program in FORTRAN - yeah, I suppose that's correct. But it, and assembling your own PC is less common. Most computer users would have grave difficulty using a screw driver to open a case, never mind not knowing that the 'C' in column 1 meant the card was a comment. But doing the mechanical labor is relatively simple compared to actually configuring the software correctly. Or did you dump all of your Hollerith cards on the top of the stack and not worry about running things in a coherent manner - something like your top-posting replies so that people wonder what part of the article you include at the bottom without context you are responding to, or trimming the parts you of the article you aren't responding to.

Not really - you haven't a clue how to operate a network connected computer, or you wouldn't be whining about your system being 0wn3d because you can't take elementary steps to secure it. Hoping that after-market crap is going to protect you (and you almost certainly have that mis-configured too) shows a serious lack of reality.

59? I was active Air Force at the time, working on fire control systems and nuclear weapons. I didn't get involved in digital computers until after I finished military service in '65 - there's not much of a civilian market for those skills. As for looking down upon you - read your whiny posts and think why everyone is laughing at you. Could it be that the rest of the world has some major clue that you're missing?

What in the WORLD do you think they promised? Security? What a major joke. Read the license agreement you have with your software supplier, not just microsoft. No, they didn't promise you one damn thing - even that the software might even work. Read that license again. Or you _could_ try suing then for failing to deliver on their "promise".

Certain rules in what country - or even what region of the world? You are SERIOUSLY out of touch with reality, and shouldn't be trying to use a computer connected on a network. Really.

A much simpler solution would be to fine anyone who has their computer infected (and detectable from the Internet) one months salary - with the proceeds going directly to the company or agency that discovers the infected system. Sort of like traffic fines you have to pay for being caught doing something st00pid on the the road. After a year or two, things might actually improve as the clueless either stop using computers, or learn HOW to use them in a safe manner. Users with clue wouldn't have a problem.

Actually it's quite feasible to achieve security, but no user wants to jump through the hoops to do so. They depend on the software vendors to supply something that is pre-configured to work - to do something that the user thinks they want to do. Can this be done in a safe manner? No, because the user doesn't want to learn one damn thing about using the software (and hardware for that matter) and there are so many DIFFERENT things that computers can be used for. I really haven't seen a "Windoze for FORTRAN Wankers" - have you? So there is an after-market in tools that purport to do something else that the user wants. Like those neat tool-bar thingies that include an icon you can click to connect directly to your favorite pr0n site (and see that your computer is properly 0wn3d at the same time - what a convenience). And who installed that crap? Do you think it's the Mal-Ware Fairy that sneaks up when you aren't looking, waves her magic wand, and P00F - your box is loaded once again with malware? I suppose you also blamed the same fairy for the bugs in your code.

Old guy

Doubting Thomas,

There is always one in a crowd.

I am a very polite person, unlike many in this newsgroup. I shall therefore bow to you very rude request for information and give you the info you are asking for. I do expect however the proper respect and now wisecracking reply.

I gained my early computer experience by doing work on various projects at General Electric's TEMPO in Santa Barbara. The work with this and assembly language were taught by IBM teachers.

I do agree with you that work with Fortran is not like work with the C-languages or Java or any of the many languages which are being used currently and with which the the young crop of program- mers are familiar. It is a fact however, that the logic and the basic principles of programming are present in all languages. Knowing one makes the appreciation of others easier.

And you are correct. In those early days we carried our programs in large cases to the computer center and these cases were filled with IBM cards some of which with a C punched for 'Comment' in column one.

I now refer to your rude remarks concerning my possible computing habits, which you call dumping the cards on top of the stack and not running things in a coherent manner.... ......... and admit that I just do not know how to reply to such an emotional discharge.

Furthermore I am awed by your experience with firecontrol and nuclear weapons and imagine that now, that you are in civilian life you are frustrated by a certain lack of feeling of power and have chosen me for target practice.

Regarding the rest of your comments I refer to a recent post of mine in which I said the following:

you to know that I programmed an IBM 635 machine in

Compare Prolog with XSLT ;-)

Yours, VB.

Dear Volker.

No question, there are differences between languages. However, if you have never learned any language you will have a hard time learning your first one. If you have learned your first language and master its grammar you will have an easier time with a second one. True of False?

I am however aware that modern computer languages can be obscure, possibly > > It is a fact however, that the logic and the

Usually true, because most programming languages have a procedural imperative paradigm. Most, but not Prolog and not XSLT ;-)

Don't think so. There are very good reasons for the two above. They're not Brainfuck or even Whitespace ;-)

Yours, VB.