[LINK] Consumer computer security
Craig Sanders
cas at taz.net.au
Tue Jan 23 10:27:29 AEDT 2007
On Tue, Jan 23, 2007 at 09:35:38AM +1100, Roger Clarke wrote:
> [Karen Dearne's piece in Oz IT this morning includes this quote:
> "It is generally that insecurity of end-user equipment is a major
> source of vulnerability to malicious software, and a properly secured
> PC is one of the best defences available," [ASIC's discussion paper]
> says.
>
> [Can anyone envision this chimera 'a properly secured PC'?]
i can.
to start with, it would be running linux (or freebsd or even mac osx but
linux is less hassle and there are a number of freely available live-CD
linux distros to choose from) rather than windows.
secondly, it would have java, flash, and other executable web content
disabled.
even something as simple as a bootable linux CD or USB flash-drive
or dual-boot partition (running, say, Ubuntu) for internet banking
and other security-sensitive sites would protect most users....as
long as they developed the habit of NEVER using windows for anything
security-sensitive. they could play games, browse the web, whatever else
they need in windows, but use ONLY linux for logging in to their bank.
most people don't have the skill or the knowledge to even begin to
secure a windows box....and of the few that do, even they can't
absolutely secure it because it is fundamentally insecure (the best they
can do is patch up all of the currently known holes and hope they hear
about any future holes before they get compromised).
a linux box, OTOH, is reasonably secure out-of-the-box...you have to
actually work hard at misconfiguring it to undermine its security. and
an expert CAN absolutely secure it.
craig
ps: another part of the problem has nothing to do with technological
security, it has to do with user stupidity and ignorance - e.g. clicking
on links in email to visit their "banking" site and typing in their
login & password. even a secure OS won't protect users from their own
actions.
--
craig sanders <cas at taz.net.au> (part time cyborg)
More information about the Link
mailing list