I love IP Tables....

[jdow]

From: "David G. Miller" <dave at davenjudy.org>

> Les <hlhowell at pacbell.net> wrote:
> 
>> One thing missing in this discussion is the scale of costs.  No
>> individual, outside of maybe Bill Gates could begin to repay for the
>> damage caused by a rogue computer spreading a virus.  Nor can one
>> individual be even considered of being capable of patching a flaw in a
>> piece of readily available software of proprietary nature (remember that
>> "reverse engineering" is banned by most user license agreements.)  So
>> lets say you get a law passed that puts the onus on an individual.  You
>> get hacked, and the hacker uses a bit of code inside your system to
>> "spiff up" his latest virus/worm program.  Your name is in the code
>> (courtesy of the memory map when your bit was built).  Now that code
>> breaks out and infects 200,000 systems, bringing them to their knees.
>> You had all the good AV stuff installed, the system had a firewall, but
>> this particular hacker managed to slip by
> As I have mentioned several times in my postings on this subject, the 
> law usually considers whether you have taken "reasonable and customary" 
> measures to protect against such things.  Especially, see my previous 
> posting regarding a joyrider stealing a car.
> 
> Self-propagating viruses act a lot like the real thing.  It doesn't take 
> a 100 percent inoculation rate to stop a real virus from spreading; only 
> getting enough of the population protected that the probability that the 
> infection can spread is low. One of the problems is that way too many 
> computer users don't understand their vulnerability and how harmful 
> having a vulnerable system is.  This is what needs to change.
> 
> We've already seen a number of attack vectors go out of favor as a 
> certain large software vendor has patched the security holes in it's 
> operating system and other products.  If a significantly larger 
> percentage of users were to install effective AV software, the problem 
> would drop significantly.  I'm not saying it would go away but we would 
> probably see the people who write such software look to other 
> approaches.  Some of these might initially be successful but having a 
> larger percentage of systems running effective AV software would mean 
> that such problems would rapidly be contained.
> 
> It would be nice if that same software vendor were to tighten up their 
> product rather than rely on after the fact patches like AV software.  
> Being as how their behavior has barely changed in over 25 years, I'm not 
> holding my breath.

Well, let's examine this with the automotive metaphor a little more.

An automobile has components that fail and can fail disastrously. A most
common example is the tire. But breaks er brakes {^_-} fail, gas pedal
linkages fail, batteries catch fire (in a Mercedes Benz no less), and
so forth. Some companies are really good making automobiles out of the
components available and inventing new components when needed. Some are
far better at making tires, enough better that BMW, GM, et al do not even
think of competing. But still, failures happen. A driver who gets behind
the car and in the blithe ass-u-me nothing will break (and everything
brake properly) state is negligent as I see it. Even an 80 year old
concert violinist can tell at a modest glance that the tires on his car
are getting a little old and <choke> tired - cracks in the sidewall or
on the tread-line are as bad as low tread. MOST reputable repair facilities
will check these things if you take the car in. In California, where I
live, a great many automobiles see someone aware of what can fail and in
a position to warn people once every two years. This is not enough for
tires, for our basic example.

(Here I am picking on Microsoft as something I know. I presume Apple is
not vastly different.)

Microsoft is cracking good at OS kernels these days. That does not say
anything about the gump and nonsense AROUND the kernel, the other maybe
648 Megabytes on a 650 megabyte disk. If you've noticed one statement
that is applied to Microsoft rather regularly is that they buy rather
than innovate. Well, that is something like OEM purchasing tires to put
on the automobiles Ford delivers. They also recycle a LOT of crufty old
code to maintain features customers like. That is like buying second
rate tires from an off brand dealer, perhaps. Microsoft's gewgaws are
like jacking a truck up so the tires are fully exposed but the view from
up there is wonderful. And Microsoft products have such a presence on the
web that they are the easy targets for maniacs who like shooting out the
tires on automobiles - or cracking into computer systems. Linux comes
with nice fender skirts that are protective, perhaps industrial ugly at
the street level, and leave very little of the tire to shoot out. That
does not say Linux has no tires - vulnerable spots.

For both Microsoft and Linux you do not have the same people who build
the kernel build the "fender skirts", the security that the user sees.
While I consider Norton to be second rate fender-skirts I note that for
Windows the companies like G-Data, F-Secure, Kaspersky, and others at or
very near the top level of protection, make very good fender-skirt that
do not SERIOUSLY uglify the whole product. They do include "idiot lights"
that light up when they detect something that might be undesirable. I
note Microsoft is being dumb enough to try to include a third rate AV
tool with their OS packaging. The other companies are MUCH better and
should be nurtured by Microsoft with extra help and details if they ask.
The Linux world has that level of cooperation given that it is open source.
But nobody seems to feel it's particularly profitable to build an AV tool
aimed at preventing viral takeovers of Linux machines. Not all that many
people are masochistic enough to use Linux as a desktop machine, yet.
(User frustration and Linux desktop capabilities are slowly converging
even as Microsoft tries to add new features to yank back people who want
the very latest "experience." But it ain't there yet.)

So at some level if a person is going to drive a car safely that person
must know of the possible failure modes and signs for all components
related to "go from here to there safely", including the organic parts -
like tires and drivers. At some level if a person is going to drive a
computer that person owes it to himself or herself to learn some basics
of computer security the same as he or she must become acquainted with
bald, split, or separating tires. Computers are not and never will be a
refrigerator which you get crammed into its nook in the kitchen, plugged
in, and stocked with beer - and maybe food. And even with a refrigerator
it helps to know that the cold goes away when you open the door and the
refrigerator needs gas or electricity. (Yeah, there ARE gas refrigerators.)
If it is an electric refrigerator and the lights will not turn on then if
you open the door on the refrigerator it's not going to keep the stuff
inside cold as long.

I figure a nightlight is about as close to the "ideal" plug and play and
forget the documentation as you can get. (Light-bulbs are not. Some of the
first few rounds of compact fluorescents turn your house into a superfund
site if the bulb breaks - mercury.)

If you're going to go on living you have rights and responsibilities.
Everybody seems to concentrate on the former and ignore the latter. One
of the responsibilities of life is to be educate enough that you are not
actively hazardous to yourself and others through your ignorance. Far too
many people ignore the responsibilities of computer ownership which is
one of their rights if they can afford one.

{^_^}