Stories
Slash Boxes
Comments

SoylentNews is people

AskSoylent: I Give Up - How Do We Achieve Good Security?

posted by janrinok on Monday October 05 2015, @12:09PM   Printer-friendly
from the heartfelt-plea dept.

I'm just informed enough about IT security to know that I really know very very little about it. That said, I probably know ten times as much as do 99% of people. I'm an expert in my field, and while I've been a jack of all trades on many fronts, today's threats to privacy and IT security require expert knowledge to combat.

I do not have time.

  • For example, I hear that Microsoft added updates to Win7/8 that threaten my family's privacy...yet I have not yet gone and removed the offending updates. I moved myself to Ubuntu/xfce, but my son is still using Win8. I'll get to it eventually.
  • For example, java script is a security risk, and I have No-Script, turn off 3rd party cookies, etc, but invariably I have to turn it off for some website (i.e. to pay my bill), and eventually, I stop turning it back to full security.
  • I installed Cyanogenmod and Fdroid on my phone. And for the most part its great..and I have very few apps with permissive permissions settings....but my wife is still using an iphone and ipad, with all sorts of apps...with ridiculous permission leaks..and that is a struggle.

The long winded point I have is that it is now just too damn much work to do it all right. I'm tired after a 10 hour workday. I've obviously taken more steps than most, but it is still leaky as hell...

I need a company/organization that I can reasonably trust to manage my information security/property, to manage my computers, manage my vpns, e.g., to isolate my web browser windows over multiple vpns, ... all of it, and it can't be GOOGLE. My data is my property, as long as I can hold it, so it needs to be a company/organization that built in privacy obligations (like lawyers and doctors supposedly do).

-Signed: A Frustrated Tired Old Nerd (with children)

[Ed's Comment: Does such a company exist? Is it even possible to provide such a service? Or have we just identified a niche in the market for some enterprising person to fill?]

Original Submission

 
This discussion has been archived. No new comments can be posted.
AskSoylent: I Give Up - How Do We Achieve Good Security? | Log In/Create an Account | Top | 79 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Monday October 05 2015, @12:34PM

    by Anonymous Coward on Monday October 05 2015, @12:34PM (#245576)

    For example, java script is a security risk, and I have No-Script, turn off 3rd party cookies, etc, but invariably I have to turn it off for some website (i.e. to pay my bill), and eventually, I stop turning it back to full security.

    While I cannot help you with the general question, this shouldn't be an issue. Personally I use Firefox with Noscript etc. for normal browsing and Chromium "private browsing" windows for my Javascript / youtube etc. needs, maybe something like that would work for you.

  • (Score: 4, Informative) by AndyTheAbsurd on Monday October 05 2015, @12:55PM

    by AndyTheAbsurd (3958) on Monday October 05 2015, @12:55PM (#245585) Journal

    Just as an FYI: You can create multiple profiles under Firefox, then start Firefox with "firefox -new-instance -p ProfileName" (replacing ProfileName with the name of the profile you want to start) and have a not-running-NoScript Firefox process running alongside your do-everything-else-while-running-NoScript normal Firefox.

    Also, there's a Firefox extension called Request Policy that gives you the ability to say "scripts from source A are allowed to run on webpages hosted on site B", which is much better than NoScript's "I trust scripts from source A and will allow them to run on every website" model, which really obviates the need for multiple Firefox processes, because now you know that the scripts aren't running on other webpages from other sites than the ones you've specifically allowed.

    --
    Please note my username before responding. You may have been trolled.

    • (Score: 1) by CaTfiSh on Tuesday October 06 2015, @07:54PM

      by CaTfiSh (5221) on Tuesday October 06 2015, @07:54PM (#246189)

      Rather than getting bogged down with multiple extensions, drop NoScript in favor of uMatrix and you'll have far more control of individual site permissions.

      • (Score: 2) by AndyTheAbsurd on Tuesday October 06 2015, @09:28PM

        by AndyTheAbsurd (3958) on Tuesday October 06 2015, @09:28PM (#246225) Journal

        uMatrix literally presented no UI on my system, making it entirely unusable. Probably something that I fucked up, but I'm happy with Request Policy (and NoScript has been removed).

        --
        Please note my username before responding. You may have been trolled.

        • (Score: 1) by CaTfiSh on Tuesday October 06 2015, @09:48PM

          by CaTfiSh (5221) on Tuesday October 06 2015, @09:48PM (#246229)

          Sorry to hear that. Possibly a problem with your profile? Do place it on the backburner and if you ever find yourself with a fresh install, take a look at it again. The documentation available is adequate and if one bothers to read and learn how to use it properly, it can be configured fairly rapidly and effectively.