12 Comments

  • I am no expert in this field but I have always thought that any ‘baddie’ who knows what they are doing will be able to get past any firewall, anti-spyware or anti-virus we could throw against them. This does not mean that we can go without these things. Fortunately the ‘baddies’ are not always all that clever and these ‘not-so-clever’ guys can be stopped via the conventional means.

  • @Lyndi

    Yeah, conventional means are important.

    However good security thoughts like “what do you need antivirus for” are often substituted with crap like “I have good antivirus so I have nothing to fear”.

    The whole argument of which software is “better” draws attention from how any of it should be used to be efficient.

  • “Six Dumbest ideas” was a great read and I have to agree with a lot that was said. This “allow all” and blacklist approach to security hasn’t been working which is why we now have the different approaches of white listing and behaviour blocking.

    Vista UAC is a great idea – don’t allow things to run without explicit consent – but ends up being really annoying. UAC is more turd polishing though. Hopefully windows 7 may have some better answers.

  • @Jonny

    Yeah, Vista got UAC terribly wrong. It’s actually standard Linux approach – want to do something advanced, get asked about admin credentials. How complex was to copy that?..

    Vista managed to educate users that first thing they must do is to go and disable part of security so it stops interfering every minute.

  • Ha Ha yeah, I disabled mine ages ago and rely on comodo defence + which is just as annoying but picks up more.

  • @Jonny

    Comodo can be educated and is pretty flexible at that. :) But in paranoid mode it can drive users nuts even faster than UAC.

  • Great article… Best tool out there is “common sense”!

    One product I endorse to greet the bad guy at the front door is Web of Trust (WOT) – browser add on.

  • @Rick

    Isn’t WOT exactly one of those dumb security ideas? Enumerating badness? :) And resorting to crowd wisdom – which ranks high on my personal list of dumb ideas.

    I am not saying it is bad, quite opposite. But it is definitely not approach I am willing to rely on.

  • Rarst–
    Thank you for posting a link to this article. I had not found it before in the course of my studies.
    The author does an excellent job.

    BTW.. I too have advocated the WOT toolbar/plug-in to my readers, yet I have always had the same belief that you do — the model has quite serious flaws.
    Yes.. that’s contradictory.. I know. But I believe that its “good” outweighs its “bad” and I don’t advise relying on it either. Personally, I combine it with SiteAdvisor or LinkScanner..

  • @Paul

    Yeah, article is timeless and priceless. Years since it was written and not much changed – bit sad.

    And there is nothing wrong with solutions that are “good enough”. As long as we are aware about flaws and can balance them out.

  • Wow it’s been a long time since I’ve read an article all the way through down to the very last word AND the fine print at the bottom.

    Thanks for pointing this article out. I’ve got a whole different perspective on computer security now. Makes me want to learn more actually…

  • @Nick

    Yeah, it really shakes brain and suddenly “install antivirus, install firewall, feel safe” doesn’t feel so smart and smug anymore. :)

Comments are closed.