 ABPremium
join:2006-04-04
Leesburg, VA
kudos:3
 ·Verizon Online DSL
| reply to Mele20
Re: A Letter to DSLR Security Enthusiasts said by Mele20:. . You and others here who are so quick to criticize should remember that many of us use virtual machines and the rules that you play by do not apply there. And you would do well to remember that the personal set of rules by which you play have no relevance whatsoever to the huge majority of computer users in this world.
. . What in the heck are you guys doing to be so terrified? Who said anybody's terrified? Besides you saying it, that is.
Just because I prefer to do what I consider to be the wise thing and lock my doors before going to sleep doesn't mean that I'm terrified of something-- it simply means that I prefer to sleep with my doors locked. |
|
|
|
 Bubba17Less is MorePremium
join:2006-09-21 | reply to La Luna
said by La Luna:Please, not *the eyes* again....I hate those eyes, they scare me.   Well, due to my brower security settings (now IE7), I don't see any eyes at that link. 
--
"Fast is fine, but accuracy is everything" --Wyatt Earp |
|
 hpguruCurb Your DogmaPremium
join:2002-04-12 | reply to Mele20
said by Mele20:What in the heck are you guys doing to be so terrified?
I don't think anyone here who recommends the use of an LUA is "terrified". We do so because we understand it to be the most basic principle of security, namely The Principle of Least Privilege. On the contrary we have peace of mind knowing that if there is a security breach it will be contained and easily dealt with.
said by Mele20:Oh, also I rarely use IE
I suppose that is a good thing considering you refuse to run as an LU but it also suggests you don't really trust your third party security applications and VMs to protect you. Hmmmmm....
said by Mele20:... I have Process Guard to stop anything that tries to run without my permission...
Software Restriction Policy provides the same benefit at the OS level without any additional resource overhead. Besides PG is no longer supported and did you ever stop to think that it might be responsible your "hardware" problems?
said by Mele20:...and the Proxomitron to filter everything....
Proxomitron is not a security tool and Scott never promoted it as such. Simple fact of the matter is that it is relatively easy to serve up a page which Proxo will not recognize as html and thus will not filter but which your browser (any browser) will be more than happy to render. This is something which is very difficult to anticipate and write good filters for. Examples I have seen and worked on in the past do more to slow down filtering to an uncomfortable degree than they do to protect you.
said by Mele20:I just simply don't understand the fear mongering here.
This is because you see as fear what the rest of us know to be good common sense and the reasons are because you don't really understand security and you are not willing to study and learn more. Your knowledge of security is stagnating and so if anyone has a reason to fear, it is you my dear.
--
Gay Jesus: John 13:23
www.biblegateway.com/passage/?book_id=50&chapter=13&verse=23&version=8 |
|
 La LunaSurvived AshrafulPremium
join:2001-07-12
Warwick, NY
kudos:3
 ·Vonage
 ·Optimum Online
| reply to Bubba17
said by Bubba17:said by La Luna:Please, not *the eyes* again....I hate those eyes, they scare me. Well, due to my brower security settings (now IE7), I don't see any eyes at that link. Initially, I wanted to see what it was so I changed things...what a mistake. I had nightmares.
--
10,504 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore
|
|
La LunaSurvived AshrafulPremium
join:2001-07-12
Warwick, NY
kudos:3 Reviews:
·Vonage
·Optimum Online
1 edit | reply to Mele20
There you go again, exaggerating and putting words in others mouths.
No one, to my knowledge, including myself, said ALL your problems were your fault. On the flip side, you also NEVER admit that a good many of them could very well be caused by all your "tweaking" and trying to "force" things to work the way "you want" them to (whatever that is), even though they may NOT be designed to DO what you want. Even when you are told how and why that is the case with a specific problem....no. Can't possibly be something you did. I'm almost positive others often don't know where to start with helping you because you've done so much "tweaking", the oddball problems you suffer from defy conventional methods for finding a solution. If you have a problem with A, and B is the answer, but you've altered B in some unknown and unconventional way....good luck.
The proof lies in you're having more strange issues, even with your *newest* PC, than most of us have in a lifetime of owning the same PC.
Refusing to face the fact that you could very well be your own worst enemy in many cases makes you look "stupid".
Calling others "stupid" (something you do frequently in one way or another, by the way....subtlety is not one of your strong points) will also not garner you any support. It just shows you really have no logical or valid argument to back up your position.
Daniel  has given some very good advice, there is no fear mongering here, except maybe on your part....some irrational fear about being "controlled" I think it was.
--
10,504 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore
|
|
| reply to Mele20
quote:
As for the host computer, I use TI so I can just re image the machine. But I am quite careful on the host as I have the virtual machines for anything risky. I am reminded of Dadkins who goes everywhere as Admin, etc. and never has any problems so I really don't understand the terror that the OP and others in this thread have expressed. What in the heck are you guys doing to be so terrified? Oh, also I rarely use IE... I have Process Guard to stop anything that tries to run without my permission and the Proxomitron to filter everything....I just simply don't understand the fear mongering here.
I know what I'm terrified of. I'm terrified of running an endless amount of security applications and even running virtual machines just for security's sake, and wasting computing power that I could actually use for something that's useful or fun on said security apps and virtualization software! I'm absolutely terrified. I'm terrified of wasting my computer's processing power on security apps, when I could be using it all (and more!) for business and pleasure. I'm also terrified of trusting third party software to work as it should, and without any bugs and flaws. I'm terrified it might decide to bug out and accidentally delete stuff that shouldn't be deleted.
Fortunately, I don't have to be terrified, because they invented limited user accounts. Because I use a limited user account, I don't even have to think of using virtual machines for security, or using process guards and registry protectors and esoteric security gizmos. I can just use the computer the way I want to use it. I don't have to fear of third party software screwing up and deleting important stuff, because it can't do so, because it doesn't have the access rights required to do it. Even my antivirus software works better on limited user accounts, because it has a higher privilege level (admin) than any malware that possibly runs while I'm logged in as a limited user, and because of this can kill malicious stuff easier.
Windows 98 is stone age. Single user operating systems are stone age. This is 2008. Get on with the program, Mele98. Limited user accounts aren't about Microsoft controlling you (especially not since limited user accounts existed before Microsoft existed). They are about YOU controlling YOUR system, instead of surrendering the control to some third party application or a bunch of resource eating security crap. |
|
| reply to Daniel
I have a question. If one runs as admin than slaps on things like ProcessGuard and her "HIPS" cousins which effectively restrict what can be done anyway, is that the same as "principle of least previlage" ? |
|
La LunaSurvived AshrafulPremium
join:2001-07-12
Warwick, NY
kudos:3 Reviews:
·Vonage
·Optimum Online
| said by RobertLudlum:I have a question. If one runs as admin than slaps on things like ProcessGuard and her "HIPS" cousins which effectively restrict what can be done anyway, is that the same as "principle of least previlage" ? Probably, but that apparently takes away that feeling of being "controlled", even though those methods are more complicated and prone to user error causing other issues.
--
10,504 DEADLY TERROR ATTACKS SINCE 9/11~~TEAM DISCOVERY
Can't feel you anymore, don't need you anymore, don't believe you anymore, I don't need you anymore
|
|
 Khaine
join:2003-03-03
Australia | said by La Luna:said by RobertLudlum:I have a question. If one runs as admin than slaps on things like ProcessGuard and her "HIPS" cousins which effectively restrict what can be done anyway, is that the same as "principle of least previlage" ? Probably, but that apparently takes away that feeling of being "controlled", even though those methods are more complicated and prone to user error causing other issues. said by Daniel:•Know Thy System
•Least Priviledge
•Defense in Depth
•Prevention is Ideal, But Detection is a Must Ironically, Mele20 does everyone on daniel's list.
Know Thy System
She constantly uses VM's to understand how things in windows work and knows every installed program on her computer
Least Priviledge
As stated above, using processguard can be considered a form of least priviledge.
Defense in Depth
Processguard
Proxomitron
an AV
a Router
Looks like depth to me
Prevention is Ideal, But Detection is a Must
Using an AV is a form of detection.
So although she may believe that what Daniel says is a load of hogwash, at some level she follows the same basic principles. Which shows the importance of understanding the principles behind things, rather then on the latest and greatest tools. |
|
hpguruCurb Your DogmaPremium
join:2002-04-12
1 edit | reply to RobertLudlum
said by RobertLudlum:I have a question. If one runs as admin than slaps on things like ProcessGuard and her "HIPS" cousins which effectively restrict what can be done anyway, is that the same as "principle of least previlage" ? No it is not. Any normal application which is allowed to install and run within the scope of those applications still run with more privileges than they require to accomplish their tasks.
--
Gay Jesus: John 13:23
www.biblegateway.com/passage/?book_id=50&chapter=13&verse=23&version=8 |
|
Khaine
join:2003-03-03
Australia | said by hpguru:said by RobertLudlum:I have a question. If one runs as admin than slaps on things like ProcessGuard and her "HIPS" cousins which effectively restrict what can be done anyway, is that the same as "principle of least previlage" ? No it is not. Any normal application which is allowed to install and run within the scope of those applications still run with more privileges than they require to accomplish their tasks. That is true its not least privilege possible, it is a lessor privilege then without ProcessGuard. And in that sense is in someways following the same principle. Obviously using the least privilege possible is always better then granting extra and unneeded priviledges. |
|
hpguruCurb Your DogmaPremium
join:2002-04-12
1 edit | said by Khaine:And in that sense is in someways following the same principle. No, "Less" and "Least" are not the same. The idea with Least Priveledge is to grant rights based upon task requirements. Most tasks (web surfing, email, personal file management, Playing media, etc.) do not require administrative rights and so they should not be granted.
--
Gay Jesus: John 13:23
www.biblegateway.com/passage/?book_id=50&chapter=13&verse=23&version=8 |
|
| reply to RobertLudlum
There is a saying in design engineering: the only part that can't break is the part that isn't there. Sometimes it can't be avoided, but when you add things after the fact to increase reliability you often end up reducing reliability. Running as admin and then adding software to control processes is inherently less secure than running as LU. You have added software, increasing attack surface. Your failsafe position, in case of failure or misconfiguration has gone from LU to admin.
How secure is secure enough is an individual's choice, though. Unfortunately, more often than not, more secure translates to more difficult to use. Running as LU, or running as admin with correctly configured process control software is almost certainly secure enough for what most of us use our computers for.
For those that say that there is nothing to worry about at all: would you like for your bank to keep your account balance on a Win2k desktop that the sysadmin logs into as admin, and surfs the web on? You know, to some of his favorite sites like www.reallysickthings.ro? Hasn't run an update since 2004, no AV. He's an experienced sysadmin, he knows what he's doing. I sure hope that doesn't describe my bank, and it's probably not the best advice for someone that handles personal finances on their desktop. Novice users come here for advice. |
|
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:6 | reply to Daniel
Running limited user for everyone that has access to a single PC/laptop at home or in the workplace does have it's advantages..but don't get a false sense of security that will solve all your problems.
»Super Anti Spyware detecting itself as vundo
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
cleal
join:2000-08-24
Fort Worth, TX | reply to mikenolan7
said by mikenolan7:.............. For those that say that there is nothing to worry about at all: would you like for your bank to keep your account balance on a Win2k desktop that the sysadmin logs into as admin, and surfs the web on?............. I wouldn't like this but instead I'll give you a very real scenario, true from coast to coast this time of the year. Tens of thousands of tax preparers are using the "Pro" version or "Series" of the tax program made by the same big company that brings us the Turbocharged one.
All, except a tiny few, are running their computers with Administrator privileges and of course are connected to the web as well.
The same company only last year produced a version of their home/small business accounting software that could run LU.
Similar situations exist in the medical field. |
|
KiwiPremium
join:2003-05-26
USA/MidWest
kudos:1 Reviews:
·Comcast
| A relative point of interest, people around here are generally savvy enough to view source, research viable avenues and watch for locks and on the whole don't have some Nigerian watching out for them
I do sympathize with those that are so dang clueless that they get nailed every time, at this time of year. The electronic method of business requires people to understand what side of the road they drive on. Unfortunately that's a path of thorns for millions; many flat tires, lost hope and money.
Banks have learned, well a LOT have; but general users of the electronic freeway still have a long way to go. PC's are still the venue for idiots of all ilks, there are always those that will prosper from the ignorance of PC users. "That site is giving free tax rebates, free hardware, free software...*Wow*"...Right, exactly *Wow* when the piper gets paid for that visit!
--
384 BC. |
|
