Is Obsolescence Good Computer Security?

caesar-auf-nihil asks: "I was recently considering a switch from dial-up to something faster (either cable or DSL) but my friend recommended against it since he said I was more secure staying with Dial-Up. His argument was that my connection's slowness and 'not always on' connection gave me better security since I was less of a target for many security threats. Now, I have never gotten infected, nor do I believe my machine is infested with spyware and/or controlling programs as it runs fine, but I wonder if the obsolescence argument is really good or not. Does Dial-Up really protect you or is this a false sense of security and I should just go ahead and pick a faster service and make sure my firewall is a good one and my virus definitions are always up to date?"

Odd Question

[XMilkProject]

Not quite sure how this question made its way to slashdot, since it seems sort of self-explanatory, but I suppose we can elaborate.

In short, I suppose you would be more secure on dial-up. Less data moving around, less access to situations which may be a threat, less up-time, etc.

That being said, most of the world is already using an always-on connection, and the vast majority of them manage just fine. It's not a daunting task to configure a setup that will secure your home computer to a suitable degree. Just your ordinary broadband router should include a firewall that should be sufficient, and the Windows firewall is also likely sufficient.

If you aren't an expert on setting up your network, then just find one of your more tech-savvy friends (not the one that told you to stay on dialup!) and have them check your router/firewall configuration. There are also websites you can visit (Symantec?) that will perform a check on various ports for basic vulnerabilities.

You protect others

[TheCarlMau]

In my opinion, the only thing that you are doing is protecting others. Your computer will probably not become a spam zombie, because transmitting outgoing data would be painfully slow (ie: spamming one address every 5 minutes). While you may be somewhat immune from other viruses, the trade-off of higher speeds is worth it.

Still at risk

[origin2k]

Just ask my neighbor who uses dial-up. I had to spend hours cleaning all the spyware and virus's on their computer system. If you are connected in any way you need to take the same precautions.

Low bandwidth denial of service attacks

[Gary Destruction]

Low Bandwidth Denial of Service attacks do exist. They've been mentioned on slashdot [slashdot.org] before. That link mentions a new type of attack. I'm not sure of its effectiveness now.

Re:Yikes

[BitterOak]

and not even having a computer practically guarantees that you won't get spyware and malware.

Would that were true, but unfortunately cell phones, pagers, and even cars are susceptible to malicious code, as I'm sure will the newer generation of high definition DVD players which need to fetch keys from the net every time a movie is played. I can envision the day when any appliance or device that is powered by electricity will capable of becoming infected.

Re:Dial-up does not make you more secure

[eneville]

NAT is just a state table, a combination of [ external ip, a source ip and source port ] with [ destination ip, destination port and NAT IP ]. What makes circumventing this hard is that only in a few cases do all ports forward to the destiantion NAT IP. The moment you redirect a port to a NAT IP you're effectively putting that host on the internet with a firewall that has just that port open. It's a layer of security just like a firewall, but not to be seen as any increase when compared to a firewall because it's all about how this is applied to your hosts.

Obscurity through Wikipedia

[fm6]

Lately, we've seen a lot of people employing catch phrases and jargon incorrectly, and I'm convinced that these people base their misunderstanding on muddled explanations in Wikipedia. The article you point to is technically correct, but it's full of convoluted arguments and trivia. No wonder you got the concept wrong.

(The one I'm getting pretty tired of is "ad hominem", which many people seem to think is Latin for "You hurt my feelings!")

Briefly put, Security Through Obscurity is the assumption that your security holes will not be found because they're in a place few people will think to look. That strategy was never a good one, but it used to be more effective than it is now. Back in the 50s, when few computers were online the effectiveness of STO was merely unacceptable. Nowadays, the effectiveness of STO is pretty much non-existant — as long as the computer is online.

Now a computer using dialup is less hackable than one using DSL, because it's not always available, and because it's harder to probe when it is. The difference has nothing to do with "obscurity" — there's just less bandwidth for a hacker to play with.

Of course, a dialup connection when no security measures is still pretty fucking dangerous. But you're wrong to claim that there's no difference at all.

Re:Yikes

[rts008]

*claps hands!*

Well said. Knowledge, common sense, and being prepared is the majority of the battle.

Backups are not fun, but pay off sooo much in the long run! It's almost certain that sooner or later Some BAD Thing (tm) will happen: getting pwned, catching a bug, harddrive fail, etc. With a current backup....no worries, just a little lost time. :) ( take this from the perspective of the article- home user, not IT at X? Corp.)

like many have said above- get some good documentation on your setup (related to security), keep patched, "broadband" with router (*nix box as router or hardware routert with NAT, etc.), good AV and anti-spy/malware software, backups, common sense, and as stated ENJOY.

Re:Dial-up does not make you more secure

[Anonymous Coward]

They are DESIGNED for this type of application. If they weren't, do you really think the DHCP server would allow useage of 200+ IP's?

On a lot of these routers, the DHCP servers give out addresses from a pool of200+ addresses because they're preconfigured on 10.0.0.0/255.255.255.0 . Many people find it easier to allocate netmasks that only contain 255 and 0. My router would happily allocate DHCP from 10.0.0.3 up to 10.255.255.254. That doesn't mean that I can have 16,000,000+ machines connected to it.

Re:Oh dear god what a stupid idea/concept

[jeremyp]

From a practical perspective has anyone tryed to keep a PC "all patched up" over dial-up?

Yes, my parents until DSL arrived in their village last year. It was so hard to do that they mostly didn't bother and they used to get all kinds of vruses and worms. Now they are on ADSL, their Windows OS is right up to date and their AV is right up to date and they have a firewall in the router and they have had no security issues at all since they got ADSL.

Re:Security through lack of reward.

[lobsterGun]

That is some dangerous and irresponsible advice. Do not allow yourself to believe for an instant that you are below the radar of a zombie master.

The zombie masters don't give two shits about the size of your connection. They do is to release their infections into the wild and will add any and all to their zombie horde. Whether you are blessed with a 5 meg DSL, or have the misfortune of sitting on a 26k dialup connction is unimportant to them. The infection of you machine will be accomplished through an automated process that doesn't care about how you are connected to the internet.

I speak from personal experience. I thought exactly as you did, and my box was infected within a week of getting a dialup connection. I didn't think I'd need that firewall for a piddly 28.8k dialup line that was only going to be used to check email until the broadband was installed. When I finally got the box cleaned and back on line with a firewall, I logged over 300 intrusion attempts in the first hour.

Well Linksys routers aren't the answer there...

[Svartalf]

However, there is an answer if you can scare up a 486 or better with 32Mb of RAM, 400Mb of HD, etc.

IPCop [ipcop.org] will do modem dialouts (manually initiated and on-demand) and provide firewalling, caching, etc. for the same with any hardware and many software Modems out there. In fact, when Verizon fubared my DSL pending my FiOS install, I had to resort to that by popping in a hardware PCI modem (yeah, they DO make 'em) into the box instead of my Red NIC and plugged in my road warrior ISP. While it was dialup (with all the concomittant slowness...), it DID work well with all the setup in the house (incl. my firewalled and VPNed wireless leg...).

Basic configurations will work, esp. with an external modem and are largely no-brainer setups.

However, having said all the above, the original article poster's "friend" wasn't doing him any favors by making very misleading statements like he did. Most of the malware flatly doesn't care if you're not always on and high-speed. It'll zap you even on dialup (Remember Blaster?) and it may zap you in such a way that you can't even get on (Remember Blaster?). If your OS is insecure, it matters little what bandwidth you have- it's still insecure. Just because you're not as useful for a botnet doesn't mean you won't get trojaned or zoomed by a worm/virus all the same. The exploits and their use don't discriminate in a manner like dialup versus broadband- they attempt to zap EVERYONE .

The original poster should just get broadband of some kind- a goodly portion of the Internet has become painful to use because developers are assuming broadband like access and do all kinds of stupid things to their bandwidth and latency from off of their sites.

English is still in beta jack-ass!

[cheekyboy]

English is more like an intel chip, bad design, but still chugs along and works. We all can still use the minium instruction sets badly and people still understand.