Are We Being Paranoid?

[Merisi]

I take my computer security fairly seriously as do a lot of people on this forum but I wonder at times whether I'm being over cautious or just making things more difficult for myself.

I have a relative and she uses Vista with no AV and she does everything online: banking, ebay, she even runs an online business. Despite not taking any precautions she's never been hacked or had any problems.

I also remember talking to someone at work and she was telling me how she downloads films and tv from illegal sites. I asked her if she was worried about trojans and she rather condescendingly explained how she has a Mac and how they don't get viruses.

While of course I appreciate the care I take with my computer ensures I'm less likely to get a virus, I can't help wondering based on these two examples and other people I know that I'd be ok without taking security measures.

So what does everyone else think? Does anyone else find that they know people with poor security habits that have no problems?

[TheFu]

You've discovered 2 sheep. Their computers will be hacked eventually.

I've had a 17 yr old relative crying because her PC was virus infected and the only solution was to wipe the HDD and reload. It had Vista and I refused to touch it, but I sat next to her and talked her through the reload. Before she was 100% finished, 100% patched, 100% AV installed and working, she decided to visit facebook.

At the end, we reran an AV scan and found a new virus that could not be cleaned. I had her restart from the beginning. It taught her a lesson that she would never have learned any other way.

My next visit, her younger brother had a virus that prevented his laptop from booting at all. It was bad. I made the same offer, but he decided it was easier to fail his classes - then his parents would buy a new PC for him.

For 80% of the computing world, if the PC boots, it is like a car that needs a oil change. It still works, so what's the issue? Your friends fall into that group. They don't know how dangerous the internet is, so they don't worry about the risks.

My 80 yr old Mother used WinXP happily for many years. I had her setup with ad blockers, huge /etc/hosts files to block bad parts of the internet, and she was trained to never click on links from unknown people. One day, she got an email from a grandchild with a link. The email subject was relevent to current things happening in her life, so Mom clicked the link. Before she could do anything, 50 other popup windows were displayed and lots of viri were installed, downloading, it was bad. This was 2010.

We are all 1 click from this.

Mom switched to Linux in 2010. No more viri have been seen, but that is part of why we all run Linux, right? Linux is less likely to get normal viruses, but it can be hacked. I've been hacked twice over the years, so the danger **is** real for Linux users.

[Merisi]

You've discovered 2 sheep. Their computers will be hacked eventually.

I've had a 17 yr old relative crying because her PC was virus infected and the only solution was to wipe the HDD and reload. It had Vista and I refused to touch it, but I sat next to her and talked her through the reload. Before she was 100% finished, 100% patched, 100% AV installed and working, she decided to visit facebook.

At the end, we reran an AV scan and found a new virus that could not be cleaned. I had her restart from the beginning. It taught her a lesson that she would never have learned any other way.

My next visit, her younger brother had a virus that prevented his laptop from booting at all. It was bad. I made the same offer, but he decided it was easier to fail his classes - then his parents would buy a new PC for him.

For 80% of the computing world, if the PC boots, it is like a car that needs a oil change. It still works, so what's the issue? Your friends fall into that group. They don't know how dangerous the internet is, so they don't worry about the risks.

My 80 yr old Mother used WinXP happily for many years. I had her setup with ad blockers, huge /etc/hosts files to block bad parts of the internet, and she was trained to never click on links from unknown people. One day, she got an email from a grandchild with a link. The email subject was relevent to current things happening in her life, so Mom clicked the link. Before she could do anything, 50 other popup windows were displayed and lots of viri were installed, downloading, it was bad. This was 2010.

We are all 1 click from this.

Mom switched to Linux in 2010. No more viri have been seen, but that is part of why we all run Linux, right? Linux is less likely to get normal viruses, but it can be hacked. I've been hacked twice over the years, so the danger **is** real for Linux users.

The last computer I had which was ten years ago pretty much got wiped out by viruses and other nasties which is why I take my security so seriously now. People who see my security set up think I'm excessive but it's pretty standard for most people on the forum.

It's pretty shocking that your young relative thought the solution was just to have a new computer bought for him. Thanks for sharing examples with me about how people's carelessness has led to them getting viruses as it indicates that I'm right to take security precautions. Still I find it quite worrying that you've been hacked twice, but I guess you have been running Linux for quite a while.

[TheFu]

The last computer I had which was ten years ago pretty much got wiped out by viruses and other nasties which is why I take my security so seriously now. People who see my security set up think I'm excessive but it's pretty standard for most people on the forum.

It's pretty shocking that your young relative thought the solution was just to have a new computer bought for him. Thanks for sharing examples with me about how people's carelessness has led to them getting viruses as it indicates that I'm right to take security precautions. Still I find it quite worrying that you've been hacked twice, but I guess you have been running Linux for quite a while.

It has been over a decade since I was hacked. I've described both situations on here before.

Once was in 1993, before anyone really had firewalls. and the other time was in 2000 when I was running a 3 month out of date BIND version.

The 1st time I was on a government network using an early, very easy to use linux with X/Windows install. They came into my machine, changed the root login and deleted my user account. It was probably an internet script searching for default root logins. I was much younger and much less informed back then. No data was lost and the remote machines I was connected into were not impacted in any way either.

The 2nd time, ZERO damage was done - I'm 100% positive because backups proved all other files to be unchanged. I was running a name server for my home network, but had allowed it to be seen from the internet. At the time, Bind and Sendmail were the most likely remote attack vectors into any UNIX system. I was just a few months behind on the Bind patches, but that was enough. They script that got in never broke out of the bind userid and only wrote files under /tmp. Then it tried to escalate privileges using a perl timing bug that the system had been patched to prevent. Every attempt caused an email to be sent to me - over 140,000 in a few hours. I disconnected from the internet and started my research using a 7 day old backup. It was pretty enlightening.

Versioned backups is the single best and most important solution for computer security. Nothing, NOTHING can solve all the problems that daily, weekly, monthly backups can solve. AV is nice, but never 100%. Most seem to be 50% in real world use, though the AV companies will claim 80-95% coverage. I think that is the marketing people.

A simple mirror backup is better than nothing, but doesn't handle all the times when file corruption occurs or all the times that many weeks pass before anyone notices a virus infestation.

Versioned backups are the best answer.

[haqking]

ahhh the old "never had a problem" most people who havent had one, dont know if they have or havent and wouldnt know what to look for anyways, not all security breaches result in damage to ones machine or software.

It is a process not a product, take the necessary steps whatever you run, keep an eye on logs etc etc and dont be paranoid but be prepared !

Peace

[mike acker]

the following is an interesting read:

http://news.techworld.com/security/3...hishing-email/

a couple quotes:

The most commonly used file types for spear phishing attacks accounted for 70% of them. The main file types were .RTF (38%), .XLS (15%) and .ZIP (13%).
Executable (.EXE) files were not as popular among cybercriminals because emails with .EXE file attachments are usually detected and blocked by security systems, said Trend.

I'm fond of noting that it is critical today to treat all modern documents (web pages, word processing, spread sheets, flash etc ) as executables.

This is why I run Firefox in that "AppArmor" profile (I am using the one supplied by Canonical ) .

I'm pretty satisfied right now that a script will have a hard time updating Linux or any installed app

"Security is a function of the resources your adversary is willing to commit," said Julian Sanchez, an attorney with the Cato Institute in Washington, D.C.

I think our biggest risk right now is that a script might corrupt a browser, most likely by adding some kind of plug-in. I'm told this is not allowed on the Linux version of Firefox ... what worries me is simple: If I can install a plug-in why can a script not do it ? obviously it has the needed file permissions ...

[offgridguy]

ahhh the old "never had a problem" most people who havent had one, dont know if they have or havent and wouldnt know what to look for anyways, not all security breaches result in damage to ones machine or software.

It is a process not a product, take the necessary steps whatever you run, keep an eye on logs etc etc and dont be paranoid but be prepared !

Peace

Totally agree here, myself i am not computer smart enough to know if i have been hacked or not. Paranoid or not i never bank online.

[Merisi]

It has been over a decade since I was hacked. I've described both situations on here before.

Once was in 1993, before anyone really had firewalls. and the other time was in 2000 when I was running a 3 month out of date BIND version.

The 1st time I was on a government network using an early, very easy to use linux with X/Windows install. They came into my machine, changed the root login and deleted my user account. It was probably an internet script searching for default root logins. I was much younger and much less informed back then. No data was lost and the remote machines I was connected into were not impacted in any way either.

The 2nd time, ZERO damage was done - I'm 100% positive because backups proved all other files to be unchanged. I was running a name server for my home network, but had allowed it to be seen from the internet. At the time, Bind and Sendmail were the most likely remote attack vectors into any UNIX system. I was just a few months behind on the Bind patches, but that was enough. They script that got in never broke out of the bind userid and only wrote files under /tmp. Then it tried to escalate privileges using a perl timing bug that the system had been patched to prevent. Every attempt caused an email to be sent to me - over 140,000 in a few hours. I disconnected from the internet and started my research using a 7 day old backup. It was pretty enlightening.

Versioned backups is the single best and most important solution for computer security. Nothing, NOTHING can solve all the problems that daily, weekly, monthly backups can solve. AV is nice, but never 100%. Most seem to be 50% in real world use, though the AV companies will claim 80-95% coverage. I think that is the marketing people.

A simple mirror backup is better than nothing, but doesn't handle all the times when file corruption occurs or all the times that many weeks pass before anyone notices a virus infestation.

Versioned backups are the best answer.

Sorry it's taken a while to reply to your post particularly as you made quite a big effort with it.

I guess 12 years of not being hacked is pretty good going. You say that firewalls weren't much used in 1993; I don't recall using one until 2003. I can only just imagine what my computer would have been like running Windows Millennium and Internet Explorer.

140,000 emails in a few hours. I think I'd have broken out into a cold sweat but still you stopped any damage.

Thanks for sharing that info with me, it's always good to learn about another persons experiences.

[LuciferRex]

I know plenty of people with poor security habits who don't have problems. However, for me, I would rather be overly protective and not even risk it.

[Merisi]

I know plenty of people with poor security habits who don't have problems. However, for me, I would rather be overly protective and not even risk it.

I totally I agree. I just experience people mocking me for the FF addons I use such as NoScript and Request Policy where I have to configure my pages.