SoylentNews is people
SoylentNews
I'm just informed enough about IT security to know that I really know very very little about it. That said, I probably know ten times as much as do 99% of people. I'm an expert in my field, and while I've been a jack of all trades on many fronts, today's threats to privacy and IT security require expert knowledge to combat.
I do not have time.
- For example, I hear that Microsoft added updates to Win7/8 that threaten my family's privacy...yet I have not yet gone and removed the offending updates. I moved myself to Ubuntu/xfce, but my son is still using Win8. I'll get to it eventually.
- For example, java script is a security risk, and I have No-Script, turn off 3rd party cookies, etc, but invariably I have to turn it off for some website (i.e. to pay my bill), and eventually, I stop turning it back to full security.
- I installed Cyanogenmod and Fdroid on my phone. And for the most part its great..and I have very few apps with permissive permissions settings....but my wife is still using an iphone and ipad, with all sorts of apps...with ridiculous permission leaks..and that is a struggle.
The long winded point I have is that it is now just too damn much work to do it all right. I'm tired after a 10 hour workday. I've obviously taken more steps than most, but it is still leaky as hell...
I need a company/organization that I can reasonably trust to manage my information security/property, to manage my computers, manage my vpns, e.g., to isolate my web browser windows over multiple vpns, ... all of it, and it can't be GOOGLE. My data is my property, as long as I can hold it, so it needs to be a company/organization that built in privacy obligations (like lawyers and doctors supposedly do).
-Signed: A Frustrated Tired Old Nerd (with children)
[Ed's Comment: Does such a company exist? Is it even possible to provide such a service? Or have we just identified a niche in the market for some enterprising person to fill?]
(Score: 2) by Hyperturtle on Monday October 05 2015, @01:22PM
You first have to care.
Knowing that there are issues but that you will "get to it eventually"...
Your priorities appear to be on self-indulgent desires, or maybe it's Monday and my mental filters are not in place and I am being rude. You moved yourself to Ubuntu, and I suspect that is because you personally wanted to do that and maybe learn something new that is useful, aside from the irritation of how to have less convenience by needing to learn something new that impacts others you know and love. Why did you not move everyone to Ubuntu?
It takes only a few minutes to remove the offending updates. This is presuming you know what ones to remove.
Perhaps your first step is to disable auto-updates; set it to notify you.
Then, when your PC (oh the one with linux won't work that way anymore, so you will now need to make an additional effort with a PC you regularly use to see this on) gets notified, make a list of the updates and look up EACH AND EVERY KB article. You can take MS at it's word (this optional yet very important update resolves issues in Windows; never mind the fact it is optional and part of Windows *update*). Or you can search around the internet.
Make a list and save it to something like a network share, a usb stick, a piece of paper, or if you are clouded, send it to somewhere else on the internet far away so you can then access a second PC in your home and access that same place far away to read the text file. Maybe you can email the list to yourself. Doesn't matter--make or obtain a list of the updates you do not want.
Then uninstall or refuse to install the same items on all of the machines in your home that you want to not have those updates on.
I am tired after a long work day too; and often feel like Indiana Jones in the Raiders of the Lost Ark, when finishes beating up a bunch of Nazi's inside of a camp where there is a bomber being worked on by mechanics, and just as he starts to rest, a big muscle bound guy walks out and bellows his challenge, and Indy has this look on his face like "oh man I just... ok... give me a second to catch my breath", all in gestures and facial expressions, since they speak different languages.
Then they do battle!
You can't use your own laziness as an excuse, because that is exactly why you are in the situation you are now. The only difference is that you aren't entirely oblivious.
Eventually you will get used to doing this, just like anyone that got used to using noscript and permitting things and seeing how things work, and being frustrated by the constant changes to the internet that breaks what you got used to. And, did you know you can simply permit/white list websites you want to permit? Why are you removing all security for everything? That is almost never required if you trust where you are going! If it's that much of a problem, do it the way I sometimes still do -- write a check. It takes discipline to beat back the convenience -- this whole personal/sharing economy is built upon the convenience to make it so easy to not be proactive that it now standard to require people to opt out, rather than opt in! And in some places, opting out isn't even an option. How is that for convenience?
I have been in the industry for a long time. With every convenience, some sort of other favorable item has been taken away. Like my free time when cell phones became ubiquitous, or quiet time at home when remote connectivity became fast enough to work away from work.
The fight for security will NEVER end; they will ALWAYS try to sell something to you, they will ALWAYS try to get a foot in the door to see what you want and NEVER leave you alone -- even if one does, the others are not required to do so. Never expect them to give up because you are tired.
The hydra of what we call the internet today, the many headed beast of distraction, convenience, and the enabler of compulsive behavior... will never be killed, no matter how many heads you cut off. Your best bet is to shield yourself and reduce the impact of the biting--but if you don't learn how to act defensively, then you'll get your ass handed to you by the big guy that walks out just as you thought you offensively took care of other problems at work.
I feel for you and the fact you are married and have kids, but I think that this just makes you more responsible to do the right thing than claim that because of them you are tired.
(Score: 2, Touché) by Anonymous Coward on Monday October 05 2015, @03:38PM
Do you have kids? If you do, do you spend time with them? It is not laziness. I work from morning until 7:30/at night 6 days a week. Sorry kids, I know daddy works a lot but now he needs to take your iPhone games away and patch my external firewall, inspect the new packets z software are sending to FU.com. wanna help?
Your arrogance is aggravating.
(Score: 3, Insightful) by Hyperturtle on Monday October 05 2015, @04:03PM
I work in security as my job; out of interest.
I outsource stuff -- I dont have time to fix plumbing or mow the lawn even. Or fix the hole in the roof the squirrels chewed their way in through (or created).
But I measure what's valuable to me... I'm just a jerk sometimes about what I take to be a priority.
I understand if you do not feel the same way, and that's fine. My issue is that I have been paid in the past to provide advice that various executives ignore as being too costly, or they hire an intern/nephew to reboot PCs after installing a free virus scanner, and call that the solution. Sometimes problems result.
I've been hired to be the scapegoat for problems, and so I have learned to be... quite defensive, and suspicious.
It tried to end that rant with humor, being out standing in my field with a tin foil hat, but it suppose it did not pave over the bumps I had in the road put down.
I'm sorry to have offended you; I still think that having a concern for security is great to start, but it needs to be encouraged -- either via my way, which you don't like or don't like my presentation of, or another way that works for you. Please don't rely on hardware, because that is not the way... a false sense of security. Maybe that's what a lot of people want, and maybe it is arrogant of me to yank that rug out from under some people... but education is key.
Teach your wife, teach your kids, teach the dangers of what conveniences coast in that trade for security and privacy, and use the same products and techniques you expect them to use, or they might not stick with it.