Internet / Online Security for Home Users

Hi List;

I am asked to give a talk to a group of home computer users on Internet

or online security in the community. I am planning to focus on 5
major/critical threats/risks to them, the list is below. Would have I

missed some big ones for the home users? Your
suggestions/comments/input are appreciated.


SCAM
Phishing - Identify Theft, Social Engineering
Malicious Code - Spyware, Virus, Worms, etc.
P2P file sharing / download services
Privacy?

Many thanks in advance.

A Monk

Re: Internet / Online Security for Home Users

In article <1141670467.161650.74130@z34g2000cwc.googlegroups.com>,
a_monk wrote:
>Hi List;
>
>I am asked to give a talk to a group of home computer users on Internet
>
>or online security in the community. I am planning to focus on 5
>major/critical threats/risks to them, the list is below. Would have I
>
>missed some big ones for the home users? Your
>suggestions/comments/input are appreciated.
>
>
>SCAM
>Phishing - Identify Theft, Social Engineering
>Malicious Code - Spyware, Virus, Worms, etc.
>P2P file sharing / download services
>Privacy?
>

Securing home wireless nets.

Many, if not all wireless access points are wide
open out of the box...

Claude

Re: Internet / Online Security for Home Users

"Claude V. Lucas" wrote in message
news:440c8383$0$58069$742ec2ed@news.sonic.net...
> In article <1141670467.161650.74130@z34g2000cwc.googlegroups.com>,
> a_monk wrote:
> >Hi List;
> >
> >I am asked to give a talk to a group of home computer users on Internet
> >
> >or online security in the community. I am planning to focus on 5
> >major/critical threats/risks to them, the list is below. Would have I
> >
> >missed some big ones for the home users? Your
> >suggestions/comments/input are appreciated.
> >
> >
> >SCAM
> >Phishing - Identify Theft, Social Engineering
> >Malicious Code - Spyware, Virus, Worms, etc.
> >P2P file sharing / download services
> >Privacy?
> >
>
> Securing home wireless nets.
>
> Many, if not all wireless access points are wide
> open out of the box...
Encryption use & avoiding logs.
>
> Claude

Re: Internet / Online Security for Home Users

Would you please elaborate on the point of "avoiding logs"? Shouldn't
we have logging for auditing purpose?

Thanks,

Re: Internet / Online Security for Home Users

In article <1141676205.618011.25530@i39g2000cwa.googlegroups.com>,
a_monk wrote:
>Would you please elaborate on the point of "avoiding logs"? Shouldn't
>we have logging for auditing purpose?
>
>Thanks,
>

I'm not sure what that poster meant, but *managing* logs might
be worth touching on. If they are never cleaned out they can
consume space. If they aren't looked at then perhaps logging
is a waste of resources.

Claude

Re: Internet / Online Security for Home Users

a_monk wrote:
> Hi List;
>
> I am asked to give a talk to a group of home computer users on Internet
>
The biggest threat to home users is home users. If they want proper
security they will have to take the time to learn, and the vast majority
simply can't be bothered or don't care. All they want is a 'magic
bullet' solution to stop them having to think. This is why personal
firewalls are so popular with plebs.
Cheers,
E.

Re: Internet / Online Security for Home Users

In article <440ca84c$1@mail.netspeed.com.au>, "E." wrote:
>The biggest threat to home users is home users. If they want proper
>security they will have to take the time to learn, and the vast majority
>simply can't be bothered or don't care. All they want is a 'magic
>bullet' solution to stop them having to think. This is why personal
>firewalls are so popular with plebs.

When looking for a "silver bullet" solution to a problem, remember that silver
bullets are for werewolves - if vampires are your problem, you need a stake.

Seriously, though, user education hasn't worked yet, why believe that it's
going to work in future? It's important to make software that persuades the
user to make the right decision.

Email software, for instance, that doesn't say "From: Ed Smith", but says
"From: Someone claiming to be Ed Smith whom you have no reason to trust".

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | alun@wftpd.com.
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.

Re: Internet / Online Security for Home Users

E. wrote:
> The biggest threat to home users is home users. If they want proper
> security they will have to take the time to learn, and the vast majority
> simply can't be bothered or don't care. All they want is a 'magic
> bullet' solution to stop them having to think. This is why personal
> firewalls are so popular with plebs.

While I agree with you, that PEBKAC is the real problem, I cannot see
that common "Personal Firewalls" are fulfilling the requirements for a
system for a home user.

The b0rken concept of popups showing useless messages and even forcing
PEBKAC to decide is one of the worst drawbacks of "Personal Firewalls".

Yours,
VB.
--
Wenn Du "Ich sehe die Mathematik als einzigen Bereich an, wo es klare
Beweise gibt." und "Ich fuehle mich in einem Anzug unwohl." als Aussagen
mit aequivalentem Meinungsinhalt betrachtest, hast Du mit Deinem Gleichnis
recht. (Michail Bachmann zu Thomas Wallutis in d.a.s.r)

Re: Internet / Online Security for Home Users

Volker Birk wrote:
> E. wrote:
>
>>The biggest threat to home users is home users. If they want proper
>>security they will have to take the time to learn, and the vast majority
>>simply can't be bothered or don't care. All they want is a 'magic
>>bullet' solution to stop them having to think. This is why personal
>>firewalls are so popular with plebs.
>
>
> While I agree with you, that PEBKAC is the real problem, I cannot see
> that common "Personal Firewalls" are fulfilling the requirements for a
> system for a home user.
>
> The b0rken concept of popups showing useless messages and even forcing
> PEBKAC to decide is one of the worst drawbacks of "Personal Firewalls".
>
> Yours,
> VB.

I didn't mean to imply that PFW's are fulfilling any requirement (apart
from revenue generation for PFW companies), rather the attitude of "I
have a PFW so i don't have to think" attitude of the average home user
is what makes them popular.

The options on ALL popups should be replaced with a simple "Sod off I am
too busy to read what you are saying you're interrupting my porno
session" which is what *really* happens with home users.

Cheers,
E.

Re: Internet / Online Security for Home Users

Alun Jones wrote:

> Seriously, though, user education hasn't worked yet, why believe that it's
> going to work in future? It's important to make software that persuades the
> user to make the right decision.
>
> Alun.

The problem as I see it is that users don't know enough to make the
right decision, and simply don;t want to know. Give them a bill for
cleaning up the same crapola 2 or 3 times and they get the message.

You can't protect people from themselves.

Maybe a human/machine/biometric interface so if they fooked their
machine thru stupidity it would fook them too might enhance the average
plebs desire to get a clue?
Cheers,
E.

Re: Internet / Online Security for Home Users

On 06 Mar 2006, in the Usenet newsgroup comp.security.misc, in article
<440c9e31$0$58072$742ec2ed@news.sonic.net>, Claude V. Lucas wrote:

>a_monk wrote:

>>Would you please elaborate on the point of "avoiding logs"? Shouldn't
>>we have logging for auditing purpose?

Mmmmm

>I'm not sure what that poster meant, but *managing* logs might
>be worth touching on. If they are never cleaned out they can
>consume space. If they aren't looked at then perhaps logging
>is a waste of resources.

If the logging is to "tight" (such as the all to common use of the word
"ATTACK"), the logs become quite useless.

Their main use is telling the ones who use it that some host in Korea or
Kenya attempted to connect to a trojan that they don't have installed.

That kind of pop-up garbage is as bad as the mal-ware it _claims_ to be
protecting against. I have better things for my CPU cycles and disk
space to be used for. I'm not running windoze, so the common noise
directed at windoze exploits are ineffective. Thus, there is no need for me
to know that every system on SBS, Comcast, USWorst or Cox tried to connect
to my non-existent windoze shares. Nothing to exploit means nothing to log.

Remember, there is no Internet Police who will go to the home of an "attacker"
and beat the crap out of him - never mind arrest or ever wag a finger.

The O/P should remind his target audience that there is no Mal-ware Fairy
that installs viruses/trojans/spyware/worms/etc. when they are not looking.
The mal-ware gets onto their systems because THEY actively or inactively
installed it - actively by installing some neat tool to make their surfing
easier or the computer _apparently_ easier to use - inactively by not making
any effort to learn what a computer is and what it's doing, and taking the
elementary precautions that are possible. Do you really need to share the
whole computer with the world? Do you really see a need to share your
printer with everyone? Why?

Do you reasonably expect that every driver knows how to change the oil on
their car? Of course not - but they certainly _should_ know that it has to
be changed on a regular basis, and that there are places that will do that
service.

Old guy

Re: Internet / Online Security for Home Users

a_monk wrote:
> Hi List;
>
> I am asked to give a talk to a group of home computer users on Internet
>
> or online security in the community. I am planning to focus on 5
> major/critical threats/risks to them, the list is below. Would have I
>
> missed some big ones for the home users? Your
> suggestions/comments/input are appreciated.
>
>
> SCAM
> Phishing - Identify Theft, Social Engineering
> Malicious Code - Spyware, Virus, Worms, etc.
> P2P file sharing / download services
> Privacy?
>
> Many thanks in advance.
>
> A Monk
>

Firewalls. Introduce sites that can probe for open ports. I know steve
at grc.com is one of the most self-opinionated people around, but his
'shields up' does a reasonable job. I know others have found it does
not, but it was always worked for me. If a port is open, it says so.

There are other similar sites i know.



--
Dave K

Minefield Consultant and Solitaire Expert (MCSE).

Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually.