Woody79_00I run Linux am I still a PC?Premium
|reply to Blackbird |
Re: Think layers of security is all that? Think again
Very good points Blackbird! The human behind the controls is the number one determining factor.
Just some food for thought, but I think "The Law of Diminishing Marginal Returns" is something that is overlooked by the layered security approach and its advocates.
I think its plausible that at some point we need to ask ourselves "at what points does adding additional security layers actually begin to generate negative returns"
As with all things, cpu cycles, power, etc are not free. So I do think how many and which layers a person uses should be taken into consideration along with the complexity each layer adds to the system. Exploits in security products such as the ones in the past with Trend, McAfee, Symantec, and others with their AV engine should also be considered.
I personally have moved to the following security model:
1. Whitelisting via Software Restriction Policies --- Administrator approval (A password only I know) is required to run any executable outside of the Windows or Program Files Directories that I haven't explicitly whitelisted...simply put they won't run. It has virually no overhead, takes about 20 minutes to set up, is easy to learn, and stops most potential problems.
2. EMET --- I use Enhanced Mitigation Expereince Toolkit to force all my programs to run under DEP, ASLR, and SEHOP, and other such program hardening rules. Requires no real overhead, its not too hard to setup, and just works.
3. I run 1 real time security product...in this case Vipre because it was cheap. It works, has built in firewall, does its job, which is not really much considering i practice safe hex and nothing seems to get past 1 or 2....especially since all non-whitelisted executables require admin approval with a password to even execute.
4. I scan with Malwarebytes once a week. It never finds anything.
I feel in terms of The Law of Diminishing Marginal Returns...this is the best setup for "me". As adding any other layers would not yield enough of a security benefits for the costs in time, and hardware to be worth it which would make the returns on the investment dwindle down too far towards the negative side of the scale for my likings...not enough benefit for resources expended both real in human and hardware.
Again everyone's needs and system requirements are different. I doubt anyone is going to have the same set up if they think out and design their own plan.
I do think it is prudent to protect yourself in the best and most efficient manner possible. That is going to be different for everyone of course. However, I also believe with layers it can be overdone and using too much results in too little.
I think this type of efficiency is a conversation worth having among professional like all of us fine folks who frequent these forums. I also think whitelisting is something more home users should learn and take advantage of.