On 7 Oct 2006 at 14:13, Wayne Johnson wrote: > In my book a good security practice is not opening email from people > you don't know & not launching unexpected email attachments which > takes daily effort as opposed to locking the barn door to all the > apps that I want to run freely & then forgetting about it being > locked so I suppose your analogy sound backwards to me in that I > don't want to lock everything down while keeping an ever watchful eye > out for the unanticipated bad guys but never once have I or people > like me advocated closing the barn door after the horse is out.
Right, and if you surfed to the wrong site with this 0day, your system is hosed. If some virus forges an email from someone you *DO* know or otherwise "social engineers" you and it slips past your guard... you're hosed. We all know that since virtually all client-system problems are self-inflicted, the primary, critical security component is a user-with-a- clue. BUT: if one makes a slipup they *could* have a couple of layers of additional protection helping; if *YOU* make a slipup your system is likely toast. I agree that degree-of-clue makes a difference, but few computer-security folk would agree with your assessment that "having a clue" is the sole security mechanism you need. And we need to keep in mind that virtually *NO* windows users [looking at the picture in-the- large] have any sort of clue at all]. Again, I can't quibble with you making security decisions for yourself that suit you, but I *will* quibble if you try to pass them off as sensible ones or "just matters of opinion" in a field with a lot is known and you're really an outlier. > ... What > the experts fail to see is that there is a difference between keeping > the horse in a barn where it will eventually die even tho there is > minimal risk or letting it out in the corral to get a little fresh > air & stretch it's legs. And what the novices fail to see is that if you let the horse run free and unsupervised 24/7, just to save you the trouble of opening the barn door those few times when you want to ride it, the horse will get into trouble, overeat and bloat, perhaps get shot if it strays into the woods and a hunter misidentifies it, run off, ... > ... OBTW if everyone was concerned about > yesterday's threat then everyone would update their security apps > daily & that doesn't happen. Right -- they're not *REALLY* concerned about security threats at all. They're the modern equivalent of the 'cargo cult', blindly going through the motions. Even if they updated it every *hour* or every *MINUTE* the "AV" approach to security still would be a tertiary-or-worse line of protection, but as usually handled it is really close to useless. Better than nothing, to be sure, but still pretty meager as such things go. We run AV on our main mail server with a continuous-update from the vendor and still viruses occasionally get through. But we need to do that because our customers are, in the large, clueless and if we didn't do at least reasonable-level filtering they'd be in trouble. But even with that they manage to find ways to infect and trash their systems... /Bernie\ -- Bernie Cosell Fantasy Farm Fibers mailto:[EMAIL PROTECTED] Pearisburg, VA --> Too many people, too few sheep <-- -- ---------------------------------------- WIN-HOME Archives: http://PEACH.EASE.LSOFT.COM/archives/WIN-HOME.html Contact the List Owner about anything: [EMAIL PROTECTED] Official Win-Home List Members Profiles Page http://www.besteffort.com/winhome/Profiles.html
