Stories
Slash Boxes
Comments

SoylentNews is people

AskSoylent: I Give Up - How Do We Achieve Good Security?

posted by janrinok on Monday October 05 2015, @12:09PM   Printer-friendly
from the heartfelt-plea dept.

I'm just informed enough about IT security to know that I really know very very little about it. That said, I probably know ten times as much as do 99% of people. I'm an expert in my field, and while I've been a jack of all trades on many fronts, today's threats to privacy and IT security require expert knowledge to combat.

I do not have time.

  • For example, I hear that Microsoft added updates to Win7/8 that threaten my family's privacy...yet I have not yet gone and removed the offending updates. I moved myself to Ubuntu/xfce, but my son is still using Win8. I'll get to it eventually.
  • For example, java script is a security risk, and I have No-Script, turn off 3rd party cookies, etc, but invariably I have to turn it off for some website (i.e. to pay my bill), and eventually, I stop turning it back to full security.
  • I installed Cyanogenmod and Fdroid on my phone. And for the most part its great..and I have very few apps with permissive permissions settings....but my wife is still using an iphone and ipad, with all sorts of apps...with ridiculous permission leaks..and that is a struggle.

The long winded point I have is that it is now just too damn much work to do it all right. I'm tired after a 10 hour workday. I've obviously taken more steps than most, but it is still leaky as hell...

I need a company/organization that I can reasonably trust to manage my information security/property, to manage my computers, manage my vpns, e.g., to isolate my web browser windows over multiple vpns, ... all of it, and it can't be GOOGLE. My data is my property, as long as I can hold it, so it needs to be a company/organization that built in privacy obligations (like lawyers and doctors supposedly do).

-Signed: A Frustrated Tired Old Nerd (with children)

[Ed's Comment: Does such a company exist? Is it even possible to provide such a service? Or have we just identified a niche in the market for some enterprising person to fill?]

Original Submission

 
This discussion has been archived. No new comments can be posted.
AskSoylent: I Give Up - How Do We Achieve Good Security? | Log In/Create an Account | Top | 79 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by mtrycz on Monday October 05 2015, @02:48PM

    by mtrycz (60) on Monday October 05 2015, @02:48PM (#245647)

    I find it strange that the savvy populace of SN hasn't pointed it out first. I'll try to be concise and straight to the point.

    There is no such thing as "Good Security". There is "good enough security" for a set of requirements or constraints. You can't have a "measure" of security without stating what the requirements are.

    There is always a tradeoff between convenience and security. Examples: most precise search engines, social networks make it easier to stay in thouch and share, payment platforms are hella convenient, etc. (I'm going through a "private person" concerns here). (THIS is where the border between "security" and "privacy" blurs in our common language. If you just don't want your machines owned by viri, then you're good with Win10 and an antivirus. If your concerned with your privacy, then you should just go off the net.)

    You have to sit down and state your requirements and the level of convenience you wish to scarifice. I've read good insights about this from both Krebs and Shneier (the biggest security publicists), even tho I can't find a good, comprehensive guide right now, But do check their sites, and subscribe to their newsletters. Shneier uses Windows (for convenience) but he'd advise for a FOSS OS. Krebs recently wrote on his blog that, if you're American, your personal data have already been leaked to some extent in the bazillion leaks that happen daily.

    The sad truth in 2015 is that the balance between convenience and security is soooo skewed that a single person, even an informed professional, will have a hard (I argue: impossibile) time to secure his machines and his private life. You HAVE to settle for (some level of) "good enough" if you want to stay on the net.

    --
    In capitalist America, ads view YOU!
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2) by Beryllium Sphere (r) on Monday October 05 2015, @05:37PM

    by Beryllium Sphere (r) (5062) on Monday October 05 2015, @05:37PM (#245731)

    Think carefully, not just about how "secure" you want to be, but about what you need to protect.

    Your online banking password? Critical if your bank doesn't offer 2-factor authentication. Your credit card number? Much less so, actually. When it gets compromised, a matter NOT under your control, the cost is minor inconvenience as you get the first trivial fraudulent test charge reversed and update all your $#@! recurring payments.

    (Of course never use your debit card online unless it's tied to a separate small account not at your usual bank).

    Do you need to protect your location information? Even if you live a vanilla life, there are states and towns where it really matters where you are on Sunday morning. Being in the wrong church could cost you a job, and if it's no church at all... If nobody cares and you're not visiting crime scenes, the priority goes way down.