Is Obsolescence Good Computer Security? 490
caesar-auf-nihil asks: "I was recently considering a switch from dial-up to something faster (either cable or DSL) but my friend recommended against it since he said I was more secure staying with Dial-Up. His argument was that my connection's slowness and 'not always on' connection gave me better security since I was less of a target for many security threats. Now, I have never gotten infected, nor do I believe my machine is infested with spyware and/or controlling programs as it runs fine, but I wonder if the obsolescence argument is really good or not. Does Dial-Up really protect you or is this a false sense of security and I should just go ahead and pick a faster service and make sure my firewall is a good one and my virus definitions are always up to date?"
Dial-up does not make you more secure (Score:5, Insightful)
It sounds like your friend is advocating a type of security through obscurity [wikipedia.org] to me. Being on dial-up won't protect you. You should be using a firewall and have up to date virus definitions regardless of your type of connection to the internet.
Yikes (Score:5, Insightful)
Errr no (Score:1, Insightful)
I use my router on my broadband connection as a firewall - works great. Even in Windows I have no problems.
BS (Score:2, Insightful)
How can you not have spyware? (Score:4, Insightful)
1) Don't download things unless you know what they do.
2) Get rid of IE
3) have a good virus scanner/spyware scanner
Staying on dialup is like saying that a bike is more reliable and therefore better than a car. Cars might break down every once in a while but if you need to get somewhere they're much better than bikes.
Re:Oh dear god what a stupid idea/concept (Score:5, Insightful)
Is there an argument for this? No.
You can simply unplug your net cable at night. So why be stuck with an expensive slow connection?
I think this ask slashdot question was a trolling experiment.
Broadband Plus OS X (Score:3, Insightful)
Buy a Mac (Score:3, Insightful)
I agree with everyone else here. That may be technically true, but it's stupid. All you need is a firewall and a little common sense and you are practically invulnerable to most of the attacks out there.
Get broadband. Get a firewall. Enjoy.
Bin the dial-up (Score:4, Insightful)
Enjoy the speed and "almost" always on. broadband
Re:Dial-up does not make you more secure (Score:5, Insightful)
Being on dial-up might even be worse for your security, since most people who have only dial-up will ignore security updates. (Predictably enough, downloading large patches is more troublesome when you have a slow and infrequent network connection)
Re:Broadband Plus OS X (Score:3, Insightful)
Speaking as a Mac user and security researcher, your post is completely retarded.
1) OSX is no more or less inherently secure than Windows.
2) It's currently far more profitable for me to discover a flaw in MS than it is in OSX. Almost 10x more actually.
Re:Dial-up does not make you more secure (Score:5, Insightful)
But is that really how you get virii & spyware? I think not. The same access points are still there. A website that installs spyware thu activex doesn't care that you're on dial up. The trojan in the warez you (patiently) downloaded doesn't care either. Accessing the Internet puts you at risk. Thinking that a slow connection is the sole determinant of your value is naieve.
Pretty dumb infosec tips, time for a list? (Score:3, Insightful)
1 - dumb. Use dial-up instead of Cable or DSL because being connected to the internet all the time is a security risk.
1 - smart. Go get Cable or DSL, your life will improve (barring bad service). If you want to nullify the increased threat from being constantly online, buy a router that does NAT for you. Now you aren't always connected, your router is, and it's providing statefull firewalling for you.
2 - dumb. Never run anything you want secure on Windows. Use Linux, or even better OpenBSD.
2 - smart. OpenBSD rocks on security, but if you have no bloody idea how to use it you'll do something dumb that will compromise security or, more likely, uptime. Use the OS you know how to configure, and learn how to configure is securely and properly. You can research new OSs from your now-secure platform.
Please, kind readers, add to this list.
Dial up hijacking (Score:5, Insightful)
Re:Pretty dumb infosec tips, time for a list? (Score:3, Insightful)
3 - smart. Modifying your habits, educating and empowering yourself (even just a little) will help. Having the right tools is only half of it.
I've seen all too often people get confused by the fact they have tons of spyware/viruses/trojans on their system, yet have *no idea* how they got there. Yet when you dig deeper, you see twelve different filesharing programs, virus software updated (but disabled) and 258 porn sites in their history (from yesterday alone) where they clicked the banner that said "click here to get naked bodies for free!".
People will often do on the internet what they won't do "in real life" because there's this false sense of obscurity, anonymnity and privacy. This equates to poor habits and poor security. There are places to get the things you're looking for without having to install viruses to get them. In reality, you wouldn't buy a car from a dealership none of your friends has ever heard of, out in the middle of nowhere, that you came across by chance, and had to give your singature fifty times... why is the Internet any different?
That's a flawed argument (Score:3, Insightful)
David
Sound advice (Score:2, Insightful)
Re:Dial-up does not make you more secure (Score:3, Insightful)
So yes, it's a good idea to not be connected when you don't need to be connected, but it's a terrible idea to rely on it to protect you.
Re:Dial-up does not make you more secure (Score:2, Insightful)
It didn't matter that he's the kind of guy who's got cookies and scripting disabled in his browser, who never downloads warez or music, who's always careful of the software he puts on his computer, etc. In fact, about all he uses his dialup connection for is email. But that was enough.
These days, you need to install a software firewall -- one that can block both incoming and outgoing connections -- before you connect to the Internet.
Another point: With each new version of Windows, Microsoft implements more Un*x-like security features. (They have to be "turned on," though. Most people still log in with Administrator rights, which defeats the purpose.) Also, Windows XP SP2 even includes a half-assed firewall. But in Windows 98, your entire filesystem is open to anyone who hacks in.
Point is, using an older version of Windows is probably going to make you more vulnerable, not less.
Re:Dial-up does not make you more secure (Score:4, Insightful)
soo, windows software doesn't have to be that way; just bad windows software does.
Re:You're not thinking big enough! (Score:2, Insightful)
Security through lack of reward. (Score:4, Insightful)
A dial up connections obviously can't put out the same load that a broad band connection can. So it would stand to reason that a zombie net creater would be less interested in the computer. But most zombie net creater's are trying to get a huge number of PCs over a wide region, so while your PC isn't is sweet as a Win 98 box on a 5 meg DSL line, it is still another zombie. and it would likely be harder for the creators to make a filter to ignore your machine.
Same for spy/adware. Your machine isn't the best, but it is another machine.
so this is not obscurity he was preaching, it was desirablility he was preaching, albeit incorrectly.
-Rick
Re:How can you not have spyware? (Score:4, Insightful)
Re:Crack my CPC-464! (Score:5, Insightful)
Remember Spindizzy, that isometric 3D game with all the different screens to explore? The whole map fit in 11 kiB.
They don't make them like they used to.
Re:Oh dear god what a stupid idea/concept (Score:2, Insightful)
Re:Oh dear god what a stupid idea/concept (Score:3, Insightful)
This is the dumbest thing evar (Score:3, Insightful)
Maybe he thinks using dialup will protect him from cookies too.
Nothing about dialup is safer (Score:3, Insightful)
You're less likely to download the large security updates because of time it takes.
'Always on' isn't a requirement. You can turn off the router or modem just like you can disconnect on dialup. I know people who do this.
Most exploits are quite small, and won't take long at all to install on your machine, even on dialup.
I've had 3 machines on cable behind a $25 belkin NAT firewall/router for over 5 years. I run zone alarm on the machines while I'm web surfing. I use mozilla because they seem to be more responsive to security issues than microsoft. I'm pretty lazy about patching, and I still haven't gotten any viruses, worms or trojans.
That aint friendly advice (Score:3, Insightful)
Re:Security through lack of reward. (Score:1, Insightful)
People forget most of this crap that infects PC's are automatic attacks. Some guy in a darkly lit basement doesnt connect to every IP manually to try to hack you, he writes scripts that blast out to tens of thousands of hosts.
You touched on this idea...but a lot of people seem to forget it.
Don't Drive (Score:3, Insightful)
Basically, his advice is simply to stay behind, because these new-fangled new technologies require you to actually increase your realm of understanding to use properly. If you are on a high-speed line, you actually have to care a little bit more about security, oh my! By by that same token, if you just stuck with a manual typewriter, you could avoid the threat of viruses altogether.
Re:Oh dear god what a stupid idea/concept (Score:2, Insightful)
Ok, lots of people said this is a stupid ideea, that a net connection is a net connection and so on. Fact is, I worked at an ISP for about half of last year, and what happened to me happened to most ou out new clients: soon after getting connected, we were hit by baf stuff. Really hard. Why? Several reasons, as far as I can tell. First, the dial-up ISP usually tends to do a lot of firewalling on your behalf. Second, the connection (especially local one) beeing a lot faster, hits came a lot sooner and more often. And third there is a lot of bad stuff on the local ethernet connection which cannot be firewalled in any way by the ISP (us), even if they wanted to.
Point is, I agree with what most people said: beeing on dial-up is not safe. However, getting a broadband connection is likely going to make things interesting in a very short time
Re:Dial-up does not make you more secure (Score:3, Insightful)