An overview of 2004 and a look ahead.

Full Story

Thanks IronMan; and happy new year!
Take care....

~Tommyo

While the Malware programmers have made progress, so have the defenders. There are a number of changes that many of us have been suggesting for years that are now starting to help.

Many of the major ISP's are now starting to screen for known virus and abusive Spam at their servers. Took expensive hardware upgrades, but they are starting to cut into the spread of such problems. Some are now requiring password and user ID verification before accepting e-mail from users, to cut off spammers who use fake ID's using their network to send. Some also screen all outgoing e-mail.

EarthLink recently made these changes, and on that account and I have seen a 10 fold drop in spam and infected files getting through. Spammers no longer have easy access onto their network as they have to use a valid ID and password to send e-mail, which then can be compared against what is in the e-mail, and can be traced back to them.

Next step is to stop accepting e-mail from "rogue" ISP servers and relays. Hopefully they will come up with a way to verify the source or return ID before excepting e-mail from non secure ISP networks.

The next level of protection the ISP's need to look at is some sort of "Firewalling" of their whole network and segments of it. ie. nothing gets in to one of their IP addresses unless a request from that IP address was made to that source IP address recently by the IP address.

I don't want my ISP screening my incoming or outgoing e-mail. I want to be able to recieve e-mail from anyone, including my friends, extremist political organizations, and some clueless broadband user's trojaned Windows XP machine. Censorship and false positives are unacceptable.

I like the Internet because it's open and free (in a free speech sense). I don't want to jump through hoops and buy software, pay fees, watch ads, or whatever to send e-mail. I'd rather put up with spam than have have greedy monopolies and overprotective governments ruin what is perhaps the only haven for free speech.

Value added ISPs are annoying enough already. They mislead people into thinking they need to install tons of junk and clutter, often including a custom-skinned version of IE, that may or may not be any better than the spyware it's supposed to be stopping. If I need an answer to a simple question, I need to call tech support and pretend to reinstall the software for 5 minutes before I get any real help.

A stateful firewall would be even worse. I want SSH access from the outside. I want bittorrent to accept new connections so it uploads and downloads faster. I want to be able to run game servers.

It's the client side that needs the protection. If the clueless masses used cheap NAT routers, secured their wireless, didn't use IE or Outlook Express, ran some kind of antivirus, and knew enough not to download stupid junk, it wouldn't be an issue. Spam and dDOS attacks would be greatly reduced without armies of XP zombies, and the users themselves would have a better browsing and e-mailing experience.

I really hope the idiots out there don't ruin the Internet for those of us who actually know what we're doing.

It's the client side that needs the protection. If the clueless masses used cheap NAT routers, secured their wireless, didn't use IE or Outlook Express, ran some kind of antivirus, and knew enough not to download stupid junk, it wouldn't be an issue. Spam and dDOS attacks would be greatly reduced without armies of XP zombies, and the users themselves would have a better browsing and e-mailing experience."

Agreed.

You wouldn't buy a car without learning how to drive. You wouldn't fork out for a guitar without learning how to play (etc.) - So what makes people think they can connect to the net without learning how to use it?

It's a pretty naive attitude that most people have; thinking they can plug in the modem and everything will be fine from then on. It's not like there's a shortage of books or people to ask that can pass on a little bit of info to internet noobies.

Common sense and a little bit of net education would help so much. Unfortunately, the former seems to be frighteningly absent from so many people online.

Funny, it has only been in the last month or so that I've been beseiged by spam on my Earthlink box, after quite a long time of their server-side filtering blocking most of the spam. They do seem to block most phishing emails; those wind up in my Yahoo box. :)

And I wish people would stop blaming their video cards when they're using "browser speedup" software and their images come out aliased to death. :-P

Say something cryptic, then leave snickering.

So Grandma needs to learn how to fix the car she drives thus avoiding the fly by night repair shops? The homeowner should be able to replace the roof when its blown off by tornadoes so that scam artists cant rip him off?

Maybe wannabe computer geniuses should be required to take a 3 month course in proper computer handling before they can take it home.

I agree, no one should use any medicine without having gone through medical school and receiving their MD. Also no one should be allowed to get aboard a jet to Paris without having learned how to fly it. Never turn on a TV without knowing how to design one. If you can't work in DOS you shouldn't sit at a computer, any idiot knows that.

The underground is growing at twice or more the rate it used to and security groups cant keep up..They make a good program but other "users" break it down.The only good programs are the ones that you make and use by yourself becuase they wont be a main target if a target at all

31337

Wow... It's incredible how people can read something simple and interpret it in such a ridiculous (and unfunny) way.

To quote myself:

"You wouldn't buy a car without learning how to drive."

I must have missed my own references to "fly by night repair shops" and the other daft comments :-)

It's a simple point: You wouldn't buy a car without learning how to drive. A similar analogy can be applied to several situations and they all mean the same. ie. You should learn the basics of something before you venture into it.

The internet is no different and people should take a little bit of time to learn the basics things (such as you NEED a firewall, you NEED anti-virus software) before they go online. It's a naive attitude to assume you can connect to the WWW and everything will be bunnies, rainbows, singing and dancing.

A little bit of common sense would save a LOT of trouble.

Try. Reading. What. Is. Written.

Thank you :-)

"The underground is growing at twice or more the rate it used to and security groups cant keep up..They make a good program but other 'users' break it down.The only good programs are the ones that you make and use by yourself becuase they wont be a main target if a target at all"

Actually it seems to be mostly Microsoft having trouble keeping up. Their problem is focusing on backwards compatability and marketable features rather than security. XP SP2 broke some compatibility and didn't add many features, but it fixed numerous security holes.

On the opposite end of the spectrum, OpenBSD developers focus on security, and while they've only had one remote root hole in the default install in over 8 years, they only recently added support for multiple CPUs. Also, OpenBSD is notorious for supporting only old, proven versions of many software packages.

Anyway, the point of this post is that there are two ways to achieve client-side security. If users don't know what they're doing, they could still be secure if Microsoft would focus more on security.