Your opinions may vary ;-)

Martin,

I'm sorely tempted to buy you a copy of "The Art of Deception" by Kevin Mitnick.

That (and "Takedown" by Tsutomu Shimomura) are must-read for anyone doing computer security.

Kevin Mitnick is the most notorious hacker of all time. He's the only person I've ever heard of that hacked his way out of prison.

As it turns out, he really isn't much of a technologist. Instead, he attacked the most vulnerable link in the system, and it's the one component that is truly "common" between *nix and Windows.

His gifts are in social engineering, not technology. He targets the users, not the systems.

-- Ned

Agreed, but that wasn't the most humorous part of the post.

Work simply!!??

I don't think that's ever been in the nix lexicon. Powerful, yes... Simple, No. ;-)

Alinator

Several decades ago, I used a text editor called TECO.

The interface is best described as baroque. Commands in TECO looked like line noise. All of the commands were single letters, and "Y" meant read file ("yank" the file into the buffer).

... and yet, it was powerful and "simple" once you learned it.

---

... Commands in TECO looked like line noise. All of the commands were single letters, and "Y" meant read file ("yank" the file into the buffer).

... and yet, it was powerful and "simple" once you learned it.

Similarly so for EMACS and Vi/Vim. You can navigate the text and functions faster than moving your fingers from the keyboard to the mouse.

But then... That's just like the "shortcut" keys or "power features" you get on the GUI editors...


It all depends on what sort of interface you prefer for what you are doing, and whether or not you have a choice. I moved from EMACS to Vim to avoid twisted fingers! On one extended occasion for a certain task, I've also edited LaTeX using MSWord!! (The LaTeX typesetting proved to be awesome and way beyond anything that might be hoped for from the MSWord at the time or likely now.)

LaTeX is in itself a very good example for comparing 'commandline' vs 'WYSIWIG' and for how best to work depending on the task at hand. Some GUIs are just a recipe for RSI! But then, some commandline environments require far to much abstract thought to follow what is happening. I can well see why the more 'intuitive' type people view the commandline as "obscure" and "alien". (Sorry for the bad multiple puns there... :-p )

But this is veering off for another thread...

Regards,
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

... Work simply!!??

I don't think that's ever been in the nix lexicon. Powerful, yes... Simple, No. ;-)

Take a look at three of the latest mainstream Linux distros and see if they are simple enough for you?

Supposedly, a complaint for some of the Linux NetBook distros is that the interface is too simple! (Yet a pop-up menu is too complicated?!)

You have a choice in which distro to try for whatever look 'n' feel you might wish.

You certainly can't please everyone. I'm happy that Linux isn't trying to for that!


Keep searchin',
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Sounds cheesy but here's my preferred ones :

Common Sense(tm) V1.0
Experience(tm) V36.1
...

Cool, that's what I am using too - well, they introduced CommonSense 1.45 lately so I upgraded mine :-)

... Commands in TECO looked like line noise. All of the commands were single letters, and "Y" meant read file ("yank" the file into the buffer).

... and yet, it was powerful and "simple" once you learned it.

Similarly so for EMACS and Vi/Vim. You can navigate the text and functions faster than moving your fingers from the keyboard to the mouse.

But then... That's just like the "shortcut" keys or "power features" you get on the GUI editors...

My comment was less about user interface design, and more on the amazing adaptability of human intelligence.

Most anything can become intuitive if you use it long enough.

---

... Work simply!!??

I don't think that's ever been in the nix lexicon. Powerful, yes... Simple, No. ;-)

Take a look at three of the latest mainstream Linux distros and see if they are simple enough for you?

A surprise article on a pro-Windows website:

Desktop Linux For The Windows Power User

... So that's one example (perhaps try Kubuntu (the "K" is the "KDE" desktop) if you want more of a Windows-esq desktop layout).

Cheers,
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

A heads up on ZoneAlarm. I used it exclusively for a few years, on many computers. After experiencing multiple, strange problems with hard drives, system stability, disk corruption, etc., I tried removing ZoneAlarm. The problems went away. SATA hard drives that failed in the past suddenly worked correctly.

ZoneAlarm seems to be fine for very standard PC installations, such as a non-modified laptop. In more advanced installations, I suffered with numerous compatibility issues. This might just be an isolated experience, but it cost me countless hours of troubleshooting.

I like middle of the road stuff, stable and having a large installed base. So I switched to Norton 360. All the hardware issues went away, plus Norton has a 64-bit version. It has worked well so far.

Bob

---

Opinion stated as fact? Who, me?

I used AVG for a few years until my ISP gave me Norton free which then I had to take, now it says that Norton is being cancelled and I should use McAfee. NOt thinking of using it going back to AVG and just need a good firewall thinking of Zone Alarm or will be router be ok without one.

---

What everyone on here commonly calls a "router" is really a pretty decent SOHO firewall.

What they do is assign addresses (typically 192.168.1.x) that are not globally routable to the devices behind the firewall.

When your computer wants to connect out, it puts a mapping into a table, and translates the IP headers to put in a public IP, and track what private IP goes with that particular connection.

If something "out there" tries to connect in, and there is no mapping in the table for their outside IP/port to some inside IP/port, the packets are generally simply dropped.

In other words, it is a one-way mirror -- you can see out, but the bad guys can't see in.

If you don't have any exceptions (i.e. a "DMZ host" -- another misused term) then the only remaining threat is from you connecting out. If you aren't likely to open trojan horses, and avoid browsers and mail clients with huge security holes (i.e. the ones from Redmond, WA) you'll be perfectly safe.

If you download programs, exercise caution. Most programs are what they seem, but not all of them.

A software firewall on your computer won't add a lot of protection on a home network if you already have a "router."

A good antivirus/anti-spyware package is a good idea, but it's only needed to catch momentary lapses.

If you have teenagers, that is different. They'll download and run anything, and if your antivirus/anti-spyware objects, they'll likely turn it off.

Give them their own computers, and buy two routers -- put them on the first one, and use the second one to protect your computer from your kids.

---

Thanks it is only myself on the computer and I have got a Belkin router.

---

Thanx Ned for the bit on routers - kinda wondered why the hits on my AV stuff dropped after I started using it.

My line up includes Spyware Blaster, Spybot Search and Destroy, Ad-Aware, Windows Defender, Cookiewall, Shoot the Messenger, Avira (on XP) or AVG (on Vista] and the installed MS firewall.

I have a few older systems (98, ME, and 2000) that run the old Sygate SPF Firewall system but updates are hard to find anymore.

I am often called upon to de-louse my friends systems after their kids trash them and I'll pass along your observations to them.

I wonder if it might be worthwhile to start a thread on WHAT DO YOU THINK ABOUT IE/8? - I describe it as !@#$%^&&*()_+

---

Classic WU= 7,237 Classic Hours= 42,079

What everyone on here commonly calls a "router" is really a pretty decent SOHO firewall. ...

That is all well and good and a very good solution for blocking all the 'cold calling attacks' from the "Bad Outside".

However, no router or firewall has any effect for stopping the very many exploits against IE (and ActiveX) whereby a user just merely browsing a (malicious) webpage or even just a 3rd party (malicious) advertisement on an innocent and trusted web page can then compromise the OS.

There are even websites that deliberately use IE ActiveX or web browser scripting to set up a http tunnel to completely "bypass" your firewall to then do clever 'sharing' tricks.

That will continue to be a problem and an infection vector until Windows implements complete sandboxing for the web browser and whatever scripting is (automatically) called up.

Giving a web browser or web browser components full control of the host computer is... Note that no other operating system does that for very good reasons.


For (only) one family of OSes, (3rd party and/or now the OS vendor's) 'security' interception to vet and chaperone (almost?) every executable is a must. Especially so when various media can automatically have (arbitrarily inserted) code executed.


Unless that is, that system is a stand-alone system that has no interaction with the outside world in any form...


Good luck,
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

... I am often called upon to de-louse my friends systems after...

I get called upon to do that for far too many (Windows) systems. Sometimes repeatedly for the same systems. Rather exasperating...

Cheers,
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

The Active X control is monitored by Spyware Blaster and it works GREAT - ANY Activex that tries to load you get a warning and an option to deny it - IT WORKS.
Of course there are RULES I employ - like NO BHOs, If it ain't on your browser toolbar YOU DON'T use it (especially Google}
And if you breaka da rules - I breaka you fingers :)

---

Classic WU= 7,237 Classic Hours= 42,079

. . . Windows XP Pro System Security w/ CA Security Suite Suite Plus 2009, CCleaner, HijackThis, cwshredder, EVEREST,

irfanview - [from gmx.net - used for converting files], PC Tools Registry Mechanic, idserve, & as well, [mi trusty ol' regedit]


[ADVISE - IF you don't know the Registry - Do Not make any changes]

---

BOINC Wiki . . .

Science Status Page . . .

What everyone on here commonly calls a "router" is really a pretty decent SOHO firewall. ...

That is all well and good and a very good solution for blocking all the 'cold calling attacks' from the "Bad Outside".

However, no router or firewall has any effect for stopping the very many exploits against IE (and ActiveX) whereby a user just merely browsing a (malicious) webpage or even just a 3rd party (malicious) advertisement on an innocent and trusted web page can then compromise the OS.

There are even websites that deliberately use IE ActiveX or web browser scripting to set up a http tunnel to completely "bypass" your firewall to then do clever 'sharing' tricks.

Which is why the whole post is important. I also said:

If you don't have any exceptions (i.e. a "DMZ host" -- another misused term) then the only remaining threat is from you connecting out. If you aren't likely to open trojan horses, and avoid browsers and mail clients with huge security holes (i.e. the ones from Redmond, WA) you'll be perfectly safe.

The key concept is avoid browsers and mail clients with huge security holes (i.e. the ones from Redmond, WA) because the vast majority of exploits will come in that way.

In my opinion, Active-X has to be the single dumbest idea ever conceived. Browse a web page and the browser permanently (and silently) installs native windows code and executes it.

So I use Thunderbird and Firefox (and the NoScript extension). I only use Internet Explorer on sites that I've helped develop (we avoid client-side scripting as much as possible).

---

The Active X control is monitored by Spyware Blaster and it works GREAT - ANY Activex that tries to load you get a warning and an option to deny it - IT WORKS.

Maybe so...

Unfortunately, some users learn an almost Pavlovian instant reaction to "click away" any and all pop-up dialogue boxes faster than a blink of an eye.

Not good if the Human is supposed to filter what the OS is allowed to do!

When debugging user problems and the user is recreating the error case, sometimes they have to be physically restrained to not do the magic click so that I can get a chance to see the error message! Perhaps some users have just learnt to click at anything to try to blindly blunder onwards...

Good luck,
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

The Active X control is monitored by Spyware Blaster and it works GREAT - ANY Activex that tries to load you get a warning and an option to deny it - IT WORKS.
Of course there are RULES I employ - like NO BHOs, If it ain't on your browser toolbar YOU DON'T use it (especially Google}
And if you breaka da rules - I breaka you fingers :)

I'd rather run a browser that doesn't know a thing about Active-X.

I know the technology, and I understand it. In a corporate environment, it's a fabulous way to develop some pretty significant applications and deploy them to company desktops.

On the public internet, there is no valid reason to ever use an Active-X control.

HTML should be rendered by an engine that does not recognize Active-X.

Don't overlook mail programs (like Outlook) which render HTML E-Mail.

So, I use Firefox and Thunderbird, because they don't do Active-X.

---

When debugging user problems and the user is recreating the error case, sometimes they have to be physically restrained to not do the magic click so that I can get a chance to see the error message! Perhaps some users have just learnt to click at anything to try to blindly blunder onwards...

... and Vista, with all the "security" pop-ups is training people to just click "ok."

---

... and Vista, with all the "security" pop-ups is training people to just click "ok."

I share your disdain for vista - I can't get it to start boinc without it being blocked at startup. Cookiewall however solves the pop-up problem for me - I determine which get always deleted, which get temporarily accepted, and which are always accepted. I also keep and occationally use Firefox as a backup in case someone clobbers my IE. AS WHEN MS TRIED TO FOIST IE8 on me through automatic updates.

---

Classic WU= 7,237 Classic Hours= 42,079