Is Obsolescence Good Computer Security? 490
caesar-auf-nihil asks: "I was recently considering a switch from dial-up to something faster (either cable or DSL) but my friend recommended against it since he said I was more secure staying with Dial-Up. His argument was that my connection's slowness and 'not always on' connection gave me better security since I was less of a target for many security threats. Now, I have never gotten infected, nor do I believe my machine is infested with spyware and/or controlling programs as it runs fine, but I wonder if the obsolescence argument is really good or not. Does Dial-Up really protect you or is this a false sense of security and I should just go ahead and pick a faster service and make sure my firewall is a good one and my virus definitions are always up to date?"
Dial-up does not make you more secure (Score:5, Insightful)
It sounds like your friend is advocating a type of security through obscurity [wikipedia.org] to me. Being on dial-up won't protect you. You should be using a firewall and have up to date virus definitions regardless of your type of connection to the internet.
Re:Dial-up does not make you more secure (Score:5, Insightful)
Being on dial-up might even be worse for your security, since most people who have only dial-up will ignore security updates. (Predictably enough, downloading large patches is more troublesome when you have a slow and infrequent network connection)
Re:Dial-up does not make you more secure (Score:4, Funny)
This is about like having sex without a condom and thinking 'well she is a little slow, so she probably doesn't have any diseases.'
Re:Dial-up does not make you more secure (Score:5, Informative)
Not to mention you can't exactly throw a Linksys router (hardware firewall) inbetween you and the wall when you are on dialup.
Perhaps you've never seen one of these [multitech.com].
We used to sell them to customers too far out in the sticks to get anything but dialup but whom wanted extra security or the ability to network multiple machines. We even had an entire office once that did all of their billing to an AS/400 via a dialup. It was all terminal based so the dialup worked just fine. At peak hours they had 11 people all doing billing at the same time. And you know what's really sad? They could do it faster on that terminal system then any GUI that has come since.
Ditto when I worked in the insurance field. We absoletely hated the new version of our agency management system when they moved to Windows. When will interface designers learn that it's faster if you don't have to take your hands off the keyboard every three seconds?
Re:Dial-up does not make you more secure (Score:4, Insightful)
soo, windows software doesn't have to be that way; just bad windows software does.
English is still in beta jack-ass! (Score:3, Interesting)
Well Linksys routers aren't the answer there... (Score:3, Interesting)
IPCop [ipcop.org] will do modem dialouts (manually initiated and on-demand) and provide firewalling, caching, etc. for the same with any hardware and many software Modems out there. In fact, when Verizon fubared my DSL pending my FiOS install, I had to resort to that by popping in a hardware PCI modem (yeah, they DO make 'em) into the box instead of my Red NIC and plugged in my road warrior ISP. While it was dialup (w
Very good point (Score:3, Informative)
Besides, the dialup doesn't really make you more secure. It's slower, so the amount of harm you can do to others by some worm is lower, but I can assure you, you can still get infected. I bought a new laptop while I was on a trip
Re:Dial-up does not make you more secure (Score:3, Informative)
Re:Dial-up does not make you more secure (Score:3, Interesting)
Re:Dial-up does not make you more secure (Score:3, Insightful)
Re:Dial-up does not make you more secure (Score:5, Insightful)
But is that really how you get virii & spyware? I think not. The same access points are still there. A website that installs spyware thu activex doesn't care that you're on dial up. The trojan in the warez you (patiently) downloaded doesn't care either. Accessing the Internet puts you at risk. Thinking that a slow connection is the sole determinant of your value is naieve.
off-topic: 'security through obscurity' (Score:2)
Sure.. you can have a 256-bit key encrypted thingamabob - but the obscurity lays in the fact that you should be the only person with the key. If somebody else, in whatever way, gets at the key, they can get in just like you did.
It's just a -better- form of security than, say, putting a file on a server, not indexing it, and leaving it with a random name. Yes, if somebody were to try all possible filenames on your server, they'll hit it e
Re:Dial-up does not make you more secure (Score:3, Insightful)
So yes, it's a good idea to not be connected when you don't need to be connected, but it's a terrible idea to rely on it to protect you.
Security through lack of reward. (Score:4, Insightful)
A dial up connections obviously can't put out the same load that a broad band connection can. So it would stand to reason that a zombie net creater would be less interested in the computer. But most zombie net creater's are trying to get a huge number of PCs over a wide region, so while your PC isn't is sweet as a Win 98 box on a 5 meg DSL line, it is still another zombie. and it would likely be harder for the creators to make a filter to ignore your machine.
Same for spy/adware. Your machine isn't the best, but it is another machine.
so this is not obscurity he was preaching, it was desirablility he was preaching, albeit incorrectly.
-Rick
Re:Security through lack of reward. (Score:4, Interesting)
The zombie masters don't give two shits about the size of your connection. They do is to release their infections into the wild and will add any and all to their zombie horde. Whether you are blessed with a 5 meg DSL, or have the misfortune of sitting on a 26k dialup connction is unimportant to them. The infection of you machine will be accomplished through an automated process that doesn't care about how you are connected to the internet.
I speak from personal experience. I thought exactly as you did, and my box was infected within a week of getting a dialup connection. I didn't think I'd need that firewall for a piddly 28.8k dialup line that was only going to be used to check email until the broadband was installed. When I finally got the box cleaned and back on line with a firewall, I logged over 300 intrusion attempts in the first hour.
Obscurity through Wikipedia (Score:4, Interesting)
(The one I'm getting pretty tired of is "ad hominem", which many people seem to think is Latin for "You hurt my feelings!")
Briefly put, Security Through Obscurity is the assumption that your security holes will not be found because they're in a place few people will think to look. That strategy was never a good one, but it used to be more effective than it is now. Back in the 50s, when few computers were online the effectiveness of STO was merely unacceptable. Nowadays, the effectiveness of STO is pretty much non-existant — as long as the computer is online.
Now a computer using dialup is less hackable than one using DSL, because it's not always available, and because it's harder to probe when it is. The difference has nothing to do with "obscurity" — there's just less bandwidth for a hacker to play with.
Of course, a dialup connection when no security measures is still pretty fucking dangerous. But you're wrong to claim that there's no difference at all.
Re:Dial-up does not make you more secure (Score:2)
Re:Dial-up does not make you more secure (Score:3, Informative)
Re:Dial-up does not make you more secure (Score:5, Informative)
Generally speaking, sharing any connection is best achieved with an external router and not via a computer. That way if your Gentoo machine falls over or you need to reboot, it won't take out the connection for everyone else. YMMV.
Generally speaking, sharing a connection with Linux will give you useful hands on experience with iptables and it's a million times more flexable then any hardware router and about $60 cheaper.
Re:Dial-up does not make you more secure (Score:5, Funny)
Now THAT is good advice! Best buddy stole my router forcing me to turn my under used linux machine into a router/firewall.... I am twice the tech I was (now i canplay minesweeper AND manipulate text based routing tables)
Well, if you can play minesweeper you are well on your way to a MCSE certification :)
*duck*
Re:Dial-up does not make you more secure (Score:5, Informative)
Re:Dial-up does not make you more secure (Score:3, Funny)
Yikes (Score:5, Insightful)
Re:Yikes (Score:4, Informative)
Dude, wow, wow, wow... Is all this supposed to make him switch to broadband with an easier mind?
You don't need to freak him out. All this can be said in a much simpler fashion:
- Leave autoupdates on your windows ON, it'll take care of itself
- Download and install : ZoneAlarm for your firewall, and AVG Free for antivirus. Both free, user friendly and do their job.
- Download and install Firefox for your browsing needs.
And dial-up is indeed fake sense of security, so there.
That's
Re:Yikes (Score:3, Interesting)
Would that were true, but unfortunately cell phones, pagers, and even cars are susceptible to malicious code, as I'm sure will the newer generation of high definition DVD players which need to fetch keys from the net every time a movie is played. I can envision the day when any appliance or device that is powered by electricity will capable of becoming infected.
Not true (Score:5, Informative)
Re:Not true (Score:5, Funny)
"Give me your wallet!"
"What wallet?"
Err.. (Score:2)
Simple answer, no (Score:5, Informative)
You could get hit by a worm just as easily - they attack by IP address and are indescriminate about where they attack - they don't care how fast your connection is.
As for spyware and the rest, if you're using a slower net then probability is that you'll browse less and be subjected to less risk, but in general the argument used is complete and utter rubbish - there's no additional security to be gained by dialup.
Jolyon
You're not thinking big enough! (Score:5, Funny)
Forget dial-up. Hand floppies to your friends with instructions on what web pages you'd like to browse. They will return the floppies to you with the pages. You will be extremely secure from viruses... much better than dial-up. Think of it like Netflix for the web.
network security (Score:2)
Wha? (Score:2, Flamebait)
Re:Wha? (Score:2)
I thanked His Holyness The FSM that Slashdot is mostly text
Odd Question (Score:5, Interesting)
In short, I suppose you would be more secure on dial-up. Less data moving around, less access to situations which may be a threat, less up-time, etc.
That being said, most of the world is already using an always-on connection, and the vast majority of them manage just fine. It's not a daunting task to configure a setup that will secure your home computer to a suitable degree. Just your ordinary broadband router should include a firewall that should be sufficient, and the Windows firewall is also likely sufficient.
If you aren't an expert on setting up your network, then just find one of your more tech-savvy friends (not the one that told you to stay on dialup!) and have them check your router/firewall configuration. There are also websites you can visit (Symantec?) that will perform a check on various ports for basic vulnerabilities.
I think.... (Score:3, Informative)
Buy a router, your computer will have the SAME security it would have through dialup....
you'll still have to deal with viruses and backdoors from emails, malware, etc,
You protect others (Score:2, Interesting)
BS (Score:2, Insightful)
How can you not have spyware? (Score:4, Insightful)
1) Don't download things unless you know what they do.
2) Get rid of IE
3) have a good virus scanner/spyware scanner
Staying on dialup is like saying that a bike is more reliable and therefore better than a car. Cars might break down every once in a while but if you need to get somewhere they're much better than bikes.
Re:How can you not have spyware? (Score:4, Insightful)
Dial Up much more secure... (Score:5, Funny)
Its much more secure if you personally just dialup and squark and squeek at the handset processing all of the information yourself, you can't do this with DSL because its a digitial line so you can't hear what it is saying properly. Personally this form of internet communication, while a little slow (around 2 baud) has never resulted in any security problems.
In summary
Your friend is a muppet, probably Fozzy, potentially Gonzo.
Still at risk (Score:2, Interesting)
Broadband Plus OS X (Score:3, Insightful)
Re:Broadband Plus OS X (Score:3, Insightful)
Speaking as a Mac user and security researcher, your post is completely retarded.
1) OSX is no more or less inherently secure than Windows.
2) It's currently far more profitable for me to discover a flaw in MS than it is in OSX. Almost 10x more actually.
dial-up: the dry humping of internet connections? (Score:2, Funny)
Dial-up for security... don't count on it (Score:3, Informative)
One problem with dial-up is that you probably won't have a hardware firewall/router between your computer and the internet. Many folks with broadband access have some type of a router with a firewall/NAT built-in. Not everyone does, but some do, especially people with wireless setups, although that introduces its own security troubles.
The point is, if you think about security (which means you have to be aware of all the types of security threats to begin with, not just focusing on one or two that your friend told you about), you'll be able to take proactive steps to make your computer(s) more or less secure. Otherwise, you're leaving yourself open to becoming a zombie just as much as the other millions of computer users out there.
No, with a but. (Score:2)
Really though, broadband is worth far more than that minor feature, even if now all I have is a useless 'data' light thats constantly lit or blinking.
Re:No, with a but. (Score:2)
Buy a Mac (Score:3, Insightful)
I agree with everyone else here. That may be technically true, but it's stupid. All you need is a firewall and a little common sense and you are practically invulnerable to most of the attacks out there.
Get broadband. Get a firewall. Enjoy.
Bin the dial-up (Score:4, Insightful)
Enjoy the speed and "almost" always on. broadband
Re:Bin the dial-up (Score:2)
Re:Bin the dial-up (Score:2)
Not that I think this is really any form of security. It isn't. It is a nuisance and a great way to slow a computer down as most of the pppoe clients are poorly written.
Wrong type of obscurity (Score:2)
Re:Wrong type of obscurity (Score:2)
Yeah, try Plan9 [bell-labs.com], though it has no full-featured web browser ;-) A non-x86 CPU would help as well. Or one could just use OpenBSD [openbsd.org].
But some exploits are targetted at applications (say Firefox
upgrade (Score:3, Informative)
If you need (unsecure) windows for anything, use vmware player [vmware.com] (free), or wine [winehq.com] (free), or if you need to play games with 3D acceleration then cedega [transgaming.com] (nonfree).
Remember about http://www.openoffice.org/ [openoffice.org] for office work, http://www.gimp.org/ [gimp.org] for drawing, http://www.k3b.org/ [k3b.org] for burning DVDs... and the list goes on and on.
ps: I've got some karma to burn, so here I'm whoring
AOL and MSN (Score:2)
Absurd suggestion... (Score:2)
While this *might* be true, it does nothing to solve my desire to drive a fast race car.
I would assume the reason you'd go with broadband is because you want a FASTER connection. It can be argued that it's less safe, but it's und
Pretty dumb infosec tips, time for a list? (Score:3, Insightful)
1 - dumb. Use dial-up instead of Cable or DSL because being connected to the internet all the time is a security risk.
1 - smart. Go get Cable or DSL, your life will improve (barring bad service). If you want to nullify the increased threat from being constantly online, buy a router that does NAT for you. Now you aren't always connected, your router is, and it's providing statefull firewalling for you.
2 - dumb. Never run anything you want secure on Windows. Use Linux, or even better OpenBSD.
2 - smart. OpenBSD rocks on security, but if you have no bloody idea how to use it you'll do something dumb that will compromise security or, more likely, uptime. Use the OS you know how to configure, and learn how to configure is securely and properly. You can research new OSs from your now-secure platform.
Please, kind readers, add to this list.
Re:Pretty dumb infosec tips, time for a list? (Score:3, Insightful)
3 - smart. Modifying your habits, educating and empowering yourself (even just a little) will help. Having the right tools is only half of it.
I've seen all too often people get confused by the fact they have tons of spyware/viruses/trojans on their system, yet have *no idea* how they got there. Yet when you dig deepe
Your answer is No. (Score:2)
I work for
Broadband 1 / Dial-up 5 (Score:2)
Seriously, if my data proves anything, it's that it's not the connection, but the connector. If you haven't gotten viruses on dialup, you'll likely not get them on broadband.
No Offense (Score:2)
Conditional. (Score:2)
IMHO the argument should really be phrased as: If you don't need it, don't open yourself to security holes. If you run a PC don't run servers (or an OS that runs them without your consent) unless you need to. If you don't need always-on connections then don't get it. I
Does this person drive a car? (Score:2)
I think your friend considers ignorance to be a security shield. Unfortunately it's not.
Malware not connection aware (Score:2)
So considering the above, no, being on a slower connection effectively profides no extra protection. So continue your good security habits, get broadband, and buy router.
I'd say you're less protected (Score:2)
Pre SP2, I ran kerio firewall. The few times I had to connect to dialup (traveling for work, no hotel broadband) I got hundreds of "pokes" each hour for various exploits. I was suprised as, being used to being behind NAT, I hadn't even SEEN the "incoming bad connection" popup box for kerio before!
Dial up hijacking (Score:5, Insightful)
WRONG, WRONG, WRONG!! (Score:2)
The type of problem that having a not always on connection would help with is a remote attack.
A Broadband connection with a hardware router/firewall is much more secure against this type of attack. You are basically hoping that you win a Russian Roulette if you are hoping not to catch a worm by using dial up.
With a few of the more recent worms I have known more people with dial up to catch them then broadband users due to the fact that the broadband users had a hardware firewall (
Not at all.. (Score:2)
No (Score:2)
If you're on DSL or cable, you may also want to use a router that does NAT.
In other good advice .... (Score:3, Funny)
Re:In other good advice .... (Score:3, Informative)
Yeah it totally works (Score:5, Funny)
Hard to download patches (Score:2)
lol, i fixt my share of dial-up boxes (Score:2)
dialup and cable
why is cable always on? never switch off computers? electricity? energy? aaahh, i get it -> iraq
Oh for pity's sake (Score:2)
Anyone sniffing will get nowhere, and you can get out to the internet without any hassle.
I've always had this setup and never once had any of the problems my neighbors get.
Serious point... (Score:2)
Why? It take the users much much much too much time to download the security patches the need. Grabbing something like XP SP 2 is going to take goodness knows how many hours.
So they don't bother. So they get compromised.
Sure it does... (Score:2)
Never! [tinyurl.com]
Dialup is NOT safer (Score:2)
Nonsense (Score:2)
Your friend's advise is nonsense.
If your system is secure, you won't get anything bad, no matter how long you are online. If your system is insecure, you'll sooner or later get it, and the only thing you do by not being "always on" is pushing it towards later.
That's a flawed argument (Score:3, Insightful)
David
Crack my CPC-464! (Score:5, Funny)
Re:Crack my CPC-464! (Score:5, Insightful)
Remember Spindizzy, that isometric 3D game with all the different screens to explore? The whole map fit in 11 kiB.
They don't make them like they used to.
Low bandwidth denial of service attacks (Score:3, Interesting)
Re: (Score:2)
Grammar Nazi (Score:2)
Holy run-on sentence batman!
seriously, editors??
time is of the essence (Score:2)
You could just get Linux and DSL... (Score:3, Informative)
Not any safer (Score:5, Informative)
Time from dial up connection to blaster hit: 8 seconds
Time from dial up connection to Nimda Hit: Two and a half minutes
So no, it's not safer.
This is the dumbest thing evar (Score:3, Insightful)
Maybe he thinks using dialup will protect him from cookies too.
Nothing about dialup is safer (Score:3, Insightful)
You're less likely to download the large security updates because of time it takes.
'Always on' isn't a requirement. You can turn off the router or modem just like you can disconnect on dialup. I know people who do this.
Most exploits are quite small, and won't take long at all to install on your machine, even on dialup.
I've had 3 machines on cable behind a $25 belkin NAT firewall/router for over 5 years. I run zone alarm on the machines while I'm web surfing. I use mozilla because they seem to be more responsive to security issues than microsoft. I'm pretty lazy about patching, and I still haven't gotten any viruses, worms or trojans.
That aint friendly advice (Score:3, Insightful)
Don't Drive (Score:3, Insightful)
Basically, his advice is simply to stay behind, because these new-fangled new technologies require you to actually increase your realm of understanding to use properly. If you are on a high-speed line, you actually have to care a little bit more about security, oh my! By by that same token, if you just stuck with a manual typewriter, you could avoid the threat of viruses altogether.
Re:Oh dear god what a stupid idea/concept (Score:5, Insightful)
Is there an argument for this? No.
You can simply unplug your net cable at night. So why be stuck with an expensive slow connection?
I think this ask slashdot question was a trolling experiment.
Re:Oh dear god what a stupid idea/concept (Score:3, Insightful)
Re:Oh dear god what a stupid idea/concept (Score:3)
Re:Oh dear god what a stupid idea/concept (Score:4, Funny)
Re:Oh dear god what a stupid idea/concept (Score:4, Informative)
Well if the PC isn't connected, it can't download updates to Windows (patches) and its Anti-Virus/Firewall/Anti-Spam etc. So when it is connected it will probably be a poor position security wise. From a practical perspective has anyone tryed to keep a PC "all patched up" over dial-up? Takes forever to download the patches, it isn't actually practical. So no, getting proper security utilities in place (and setting them up correctly) then connecting via ADSL (or similar) will probably improve the security. One tip though - don't get your friend to set it up.
Re:Oh dear god what a stupid idea/concept (Score:3, Interesting)
Re:Oh dear god what a stupid idea/concept (Score:3, Funny)
"Did you know that with a high speed connection, you're more vulnerable to attacks? Get AOL Broadband to keep yourself safe! Just $15 on top of your DSL fee per month."