|
Computer Security
(From WINXP News) November 2008
I'm one of those folks who's old enough to remember when we would have laughed at the idea of locking our cars while they sat in the driveway or even in a public parking lot. We didn't even always lock up the house when we left for a short jaunt to the grocery store. If we did, it was easy enough to pick the lock to the front door with a credit card; I know because I did it a few times when I locked myself out.
Today I live in a much nicer neighborhood than I did back then - but we have deadbolts on the doors, a security alarm system that monitors all the doors and windows, and are seriously considering a video door intercom so we can check out and talk to whomever's ringing the bell without opening it. When I was a kid, our oversized chow was the closest thing we had to a home security solution. Today, instead, we have a Mossberg, an HK and a couple of S&Ws. Has the world grown that much more dangerous or are we all just a lot more paranoid?
Probably a little bit of both. Plenty has happened over the years to engender that paranoia. Back when I worked the streets as a police officer, I got plenty of eye-openers that made me far more cautious than I'd previously been. And of course, September 11, 2001 served as a wakeup call to the whole nation (indeed, the world) that we aren't as safe in our homes and workplaces as we might have once believed.
Many people reacted to 9/11 by stockpiling food, water and ammunition, buying gas masks and Ciprofloxacin (antibiotic used to treat exposure to anthrax). Some drastically altered their ways of life, stopped going to malls or large public gatherings, stopped flying on commercial airliners, even quit their jobs to avoid working in tall buildings. Of course, this wasn't the first time a big scare permeated the population; that's evidenced by all those backyard bomb shelters that can still be seen in some neighborhoods of homes that date from the 1950s and 60s Cold War era.
Today we have not just physical threats to worry about, but virtual ones, too. Just as our lives have long been dependent on the physical infrastructure of roads, water and sewer lines and power grids, they are now in many ways dependent on the vast network infrastructure that connects us to one another and enables the operations of so many of our essential systems.
At the personal level, most of us would survive without our computers and/or Internet connectivity, but our lives would be badly disrupted. However, it's not so much a complete network outage that we worry about, as the potential for harm that comes with this open conduit into our homes. Our computers, after all, often contain the most intimate details of our lives. Information that may be stored there includes email messages and chat logs that record our discussions with family, friends and business associates, tax returns that hold the minute details of our financial status, passwords that serve as the key to our banking and credit card accounts, the histories of our web browsing habits that hold clues to our interests, plans and desires.
No wonder some of us are a little paranoid about protecting all this vital information from prying eyes. So we install firewalls, anti-virus, anti- spyware, and all manner of security software. We clear our browser cache, delete our cookies, move our sensitive data to offline removable drives. We create complex passwords and change them often. We avoid going to web sites we don't know and trust, are afraid to click on attachments our friends send us, set our email clients to display only plain text and block HTML. We turn off scripting, Java and ActiveX out of fear that they'll provide a way for someone to run malicious code and take over our machines. Some people even shut down their computers completely or unplug them from the 'Net, unwilling to take the risk.
How much security is too much? Is it possible to have too much security? I postulate that it is. In my opinion, it's when security measures start to disrupt your life that it's time to step back and do a risk assessment and determine whether the benefits of your security measures are really worth the cost. Filling your basement with MREs (assuming you can afford them) might be waste of money, but it falls into the "better safe than sorry" category. Having a basement full of non-perishable food doesn't take anything away from your quality of life. Hiding out in that basement and never leaving the house, on the other hand, probably does.
Likewise, taking common sense security precautions regarding passwords, applying security patches, encrypting sensitive data or keeping it on a thumb drive, and running protective programs don't hinder your ability to use the Internet. Shutting off technologies that are widely used on the web sites you visit, refusing to use credit cards over the 'Net (when you're fine with handing over that same card to a restaurant employee you don't know), or disconnecting from the network entirely keeps you from taking advantage of the convenience that the Internet has to offer.
Of course, security isn't a "one size fits all" thing. How much security you need depends on the value of the item (in this case, your data) you're protecting along with the level of the threat to you. If you have nothing important on your machine, your security needs are lower. If you regularly visit potentially dangerous web sites (warez, porn, illegal music download sites) or use P2P software, the threat level is higher. It's up to you to determine what particular threats are most relevant to you.
Recently, we spent almost $1200 for a new locking mailbox. The cost was so high because the existing brick column had to be torn down and rebuilt to accommodate the larger box. It seems like a lot of money for a mailbox, and it might not be justified under other circumstances, but our mailboxes are out at the curb (the Postal Service won't deliver to the door). Our community isn't gated, and we live in a neighborhood that's relatively attractive to thieves because most people are gone during the day, or spend most of their time when they're home at the backs of their houses where the lake is. There have been a number of instances of mailbox theft in the DFW area, and we have a credit card company that keeps sending statements to our home address even though we've told them to use our P.O. Box address. A single instance of identity theft could easily cost many times the price of the new mailbox. So to us, the cost was worth it. Now if we're away for a couple of days, we can let the mail pile up in the large box without worrying about someone taking it. Even though we, personally, had never fallen victim to an ID thief because of our insecure mailbox, the peace of mind we have now is well worth the cost.
That's a key factor in choosing your security measures. They should give you enough protection to provide peace of mind, without making you feel like a slave to the security system. I think that's one of the reasons many people resisted using Vista. It wasn't that the OS has too much security, but that the security measures (UAC, in particular) caused too much disruption to their computing lives. Only the most paranoid don't mind putting up with major inconveniences for the sake of security. If your motion detector is so sensitive that your alarm keeps going off in the middle of the night for no good reason, eventually you'll just turn the thing off. That's what many of our readers say they've done with UAC. And that makes you less secure.
Microsoft has recognized that and addressed it in Windows 7, giving us more options for configuring how UAC works so we can set it to reflect our own individual levels of paranoia. That's how security ought to be.
|
