Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Computer Security for the Home and Small Office

timothy posted more than 10 years ago | from the opposite-of-obscurity dept.

Security 146

Andrew Murphy writes " The Register's security guru Thomas Greene has written a book for the average computer user, though it contains a great deal of information that professionals need to know. It's insightful, instructive, and calls for open source software even on Windows for enhanced security. The single most interesting feature is the author's emphasis on open source software as a security feature per se. He rightly notes that there are no secrets in OSs, and teaches users to leverage this transparency regardless of their platform. As early as the introduction, Mozilla is urged as a secure replacement for IE and OE, and this came before the Scob outbreak." Read on for the rest of Murphy's review.

The book covers popular OSs replacements for Windows applications and utilities; it explains vulnerabilities; it offers practical setup information for both Windows and Linux to harden a system and make it extremely difficult to attack.

The Preface describes the book in general terms. The Introduction explains firewalls and their limitations, and explains how to install Mozilla to limit email and http exploits and spam.

Chapter One debunks the malicious-hacker mythology and shows that most so-called hackers are only script kiddies who are easily thwarted with commonsense tactics.

Chapter Two explains malware, spyware, bad system configurations, and the scores of other routes to system exploitation and privacy invasion that firewalls and antivirus software don't address. It includes a step-by-step guide to simplifying and hardening a system. Most importantly, it offers a useful guide to turning off unnecessary services and networking components for both Windows and Linux, and setting sensible user permissions, and is liberally illustrated with screen shots.

Chapter Three offers a good breakdown of social engineering and phishing scams, and how to defend against them.

Chapter Four is about using common tools, like Ethereal, Netstat, PGP, etc. It explains how to monitor an Internet connection to spot software secretly reaching out or phoning home to remote servers; how to monitor your system for signs of malicious processes; and how to use PGP and GnuPG to encrypt sensitive files and Internet correspondence. This is one of the best introductions to using encryption available anywhere.

Chapter Five explains how to eliminate all traces of Web activity from your computer and defeat forensic recovery of stored data; how to surf the Web anonymously using an encrypted connection and defeat remote monitoring; how to set up and use SSH (SecureShell) to conceal both your identity, and the data content of your Internet sessions from all third parties, including your ISP. The many hiding places of sensitive or incriminating data are revealed for both Windows and Linux users.

Chapter Six explains the advantages and disadvantages of migrating from Windows to Linux; why Linux is easier to configure for security, and why it's better suited to less technically-inclined users; how to judge whether Linux is right for you, and the issues you should consider before migrating. The author is clearly biased towards Linux, but he understands that most users will stick with Windows. Hence the emphasis on tools that run on Windows.

Chapter Seven is a catchall essay explaining security from an anecdotal point of view. There were places where it got a bit tedious, but the idea is to look at security as a process or a frame of mind, not a specific series of computer settings. The material in this section is informative in only a general sense. The real configuration information comes in chapters Two, Four, and Five.

There are several indexes with useful information on firewalls, ports, Trojan activity, sources of information, and more. Most of this information is conveniently located and linked at the author's website, BasicSec.org

Overall, the book is exceptionally well written for a tech manual. The author is a good writer and his prose flows nicely. The book is highly readable, and even witty in parts. I found myself laughing aloud on several occasions. The author has the art of The Register's irreverent presentation. I enjoyed reading it. But it is not perfect, so I give it a 9 out of 10.

My biggest criticism is that the book shifts back and forth from practice to theory and back again. It's good that readers learn the reasons for the (very sensible) procedures and settings listed; but I felt that the book was organized wrong. This is a minor issue, and the book remains exceptionally useful; but instead of interlacing the various parts, theory and practice might better have been separated in two distinct sections. It's difficult simply to flip to a section of this book and learn what needs to be done: there is a lot of theoretical talk between each practical item. It's very good talk, and very instructive talk, all right, but I would have preferred that it be located in a particular place. I would rather not have to read the entire book through in order to tweak my system for good security. Unfortunately, the author has structured the book so that a read-through is necessary.

Overall, this book will tell professionals what they need to do, and novices everything that professionals ought to know, but probably don't. It's in plain English, so no one should worry that they can't grasp it. You can make your computer, or your network, very hard to attack, whether you use Windows or Linux. This book will show you how in excellent detail. You've got to read the whole thing, unfortunately -- but it will work nicely for you, casual user and sysadmin alike.


You can purchase Computer Security for the Home and Small Office from bn.com. Slashdot welcomes readers' book reviews. To see your own review here, carefully read the book review guidelines, then visit the submission page.

cancel ×

146 comments

Sorry! There are no comments related to the filter you selected.

First Post (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9941654)

I rule. heh.

_
Free Cursors [paware.com]

NO: I rulez : +10 , Hyper-Patriotic (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9941962)

because I [whitehouse.org] 'm the king of the castle and the rest of you are dirt.

Thanks in advance,
Your acting "President"

my first first post (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9941659)

to everybody else:
rtfa

fp! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9941664)

I'm sad ok?

The problem with security books for the home user (5, Insightful)

prostoalex (308614) | more than 10 years ago | (#9941665)

...is that few people ever read them.

The banner urging you to install the latest Internet optimizer or a totally free peer-to-peer app is so much more convincing.

Re:The problem with security books for the home us (4, Insightful)

CrazyTiger (797612) | more than 10 years ago | (#9941698)

Exactly.Too many people lack common sense.The only people with common sense (like us) go online to get info for free.

Re:The problem with security books for the home us (1)

digitalsushi (137809) | more than 10 years ago | (#9941893)

yeah but each of us that gets it for free knows a guy who does nothing but buy brand new tech manuals and then stuff them under the passenger seat of their car three nights later.

Re:The problem with security books for the home us (1)

pinchhazard (728983) | more than 10 years ago | (#9941910)

Definitely. Free information online is teh best and guaranteed reliable or your MONEY BACK!

Re: The book is missing "dummies" in the title (5, Insightful)

Alwin Henseler (640539) | more than 10 years ago | (#9941981)

Too many people lack common sense.

No, they don't. They just don't (and/or don't want to) understand all the inner workings of technology they use every day. That's true for computers, cars, kitchen appliances, VCR's, whatever.

So in terms of computer security, an average user behaves like a dummie. The book should have been named "Computer security for Dummies" or something like that, to appeal more to the target audience. Isn't this "... for dummies" series of books very popular [google.com] anyway?

Re: The book is missing "dummies" in the title (2, Insightful)

jadenyk (764614) | more than 10 years ago | (#9942170)

But if you lack the understanding of the inner workings of your car, you go to a mechanic or, even better, buy a book to learn all about it so you can fix it yourself. This is common sense.

When it comes to computers, security included, I would say that 90% of your average consumers (not your average /.er) does lack common sense. Before buying and/or using a computer, they should either get the proper manuals (books like the one reviewed here, though I didn't RTFA at all) or retain the services of someone who will keep their computer safe, secure and running correctly.

Re: The book is missing "dummies" in the title (4, Insightful)

GTRacer (234395) | more than 10 years ago | (#9942303)

But here's the rub, at least as I see it...The average person treats a PC like a VCR, as an appliance. However, they need to treat a PC like a heart-lung machine. At least in terms of respecting the danger that misuse can bring.

A badly programmed VCR won't do anything other than tape over something or tape the wrong thing. A microvave (for the most part) is point-and-cook. A computer is far-too multi-purpose and essential to be treated like a run-of-the mill appliance.

I'm not saying all casual users need to get certifications, but having a higher expectation of responsibility wouldn't hurt.

BUT, on the flipside, soft- and hardware makers need to be held to higher standards. Cars have to meet government standards, as do medical devices. PCs need to, also!

GTRacer
- Who do you want to DDoS Today?

Re: The book is missing "dummies" in the title (2, Interesting)

jadenyk (764614) | more than 10 years ago | (#9942540)

Do you really think it's a hardware issue? I think that we should leave hardware the way it is. Most people have no idea what's in the case of the computer and really, they have no need to know.

To use my car analogy again, the owner needs to know how to check the oil, tranny fluid, washer fluid and how to drive it safely. They don't need to know how to replace the drive shaft.

I think the government needs to regulate for safety, which, in computer terms, basically = security. The government should regulate Microsoft, Apple, SCO, etc. They should regulate AIM, Yahoo, Gain, etc... When you have Wind...erm...I mean Security Holes on your machine, you can fall victim to something like identity theft or, you could be used in part of a larger attack on another server.

I think most users would be "safe" and happy to leave replacing HD's or upgrading RAM to the "mechanics". The users who want to learn, well, it's much like a car - get in there and do it.

Re: The book is missing "dummies" in the title (4, Insightful)

swv3752 (187722) | more than 10 years ago | (#9942731)

It is more like a car or boat. It needs regular maintance; while misuse is not lethal yet, it can have legal ramifications; and a certain amount of training is needed to just use them.

BTW, PCs do meet certain standards, as electrical devices they need to meet certain FCC regs, of course this is not much different than an FM stereo...

Re: The book is missing "dummies" in the title (1)

Dego (182553) | more than 10 years ago | (#9942735)

Dude you are taking your computer far too seriously. Heart-lung machine? Go outside.

Re: The book is missing "dummies" in the title (2, Insightful)

PitaBred (632671) | more than 10 years ago | (#9942251)

As an aside, I refuse to buy any "For Dummies" or "For Idiots" books, because I don't believe I am either.
I'm perfectly capable of understanding most anything, give me a reference manual or a "for beginners" type of book. I'm not dumb simply because I don't have the information. I'm dumb if I'm not able to absorb the information.

Re: The book is missing "dummies" in the title (2, Interesting)

two_socks (516862) | more than 10 years ago | (#9942339)

Too many people lack common sense.

No, they don't. They just don't (and/or don't want to) understand all the inner workings of technology they use every day.


Considering that most of these people have to use computers at work on a daily basis, and probably use them at home at least every few days, isn't refusing to learn about the technology, by definition, lacking common sense?

Re:The problem with security books for the home us (5, Informative)

lukewarmfusion (726141) | more than 10 years ago | (#9941735)

The parent post is actually insightful (as well as funny). So many of us have tried to tell our parents, friends, relatives - even complete strangers - about the importance of security. But they still download Kazaa (not lite), they still choose a password named after their dog, and they still open every damn attachment they get.

Security = extra work, confusing settings, and ways to mess things up
Insecurity = identity theft, loss of property or information, and probably cancer

It sounds like a pretty easy choice to me.

But on the upside... (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9941969)

Insecurity will also bring you helpful information about your small penis, inadaquacy as a love, hot young teens (who appearently want to be disappointed sexually), and (in case you give up?) your very own boob implants.

Turns out I'm lucky, my man-boobs are firm, yet supple and decidedly above average.

Re:The problem with security books for the home us (2, Interesting)

NineNine (235196) | more than 10 years ago | (#9942187)

Security = extra work, confusing settings, and ways to mess things up

Insecurity = identity theft, loss of property or information, and probably cancer


Well, you also have to consider that for all of the screaming privacy/security insanity on Slashdot, that security isn't important to most home users. Of course people get fucked over, but not everybody running unpatched Windows 98 is fucked. Even if a large % of users have backdoors, etc. installed, what % of those users have something worth stealing? It comes down to if the extra time, money and effort in securing a computer is really worth it to them.

Marketing security. (2, Insightful)

Anonymous Coward | more than 10 years ago | (#9941751)

"The banner urging you to install the latest Internet optimizer or a totally free peer-to-peer app is so much more convincing."

BANNER:
"Would you like to be secure from spyware? Would you like to keep the government from spying on you? Would you like to be free from unwanted advertising? How about viruses and blue screens? Click HERE to find out more."

Re:The problem with security books for the home us (4, Interesting)

Anonymous Coward | more than 10 years ago | (#9941799)

The banner urging you to install the latest Internet optimizer or a totally free peer-to-peer app is so much more convincing.

To whom? This sounds like a totally elitist attitude to me! I consult for a number of small business owners that depend on their computers for business. When things are explained to them so that they understand (none of this "Just do this and shut up" crap) I have never had one of them that insisted on practicing unsafe computer acts again. I suspect that more of the problem lies in presentation than in stubborn/stupid computer users!

Remember; ignorance can be cured, stupidity can't!

Re:The problem with security books for the home us (4, Insightful)

buchan232 (655996) | more than 10 years ago | (#9942154)

Nope I'm sorry but the original poster is right. The users I deal with day in and day out want NOTHING to do with security.
We have tried to explain both nicely and in the "Just do this and shut up" way.

No matter how we try and tell them they do not care.

"Thats not my job"

I have dealt with a very wide range of users and for the most part it has nothing to do with the sysadmins presentation more the users lack of knowledge.

Re:The problem with security books for the home us (2, Insightful)

somegeekgirl (801145) | more than 10 years ago | (#9942447)

Unfortunately, it's true. My father runs a small business and is constantly plagued by spyware, malware, viruses and so on. I've tried and tried and tried and tried to get him to switch to Firefox and Thunderbird. Even after running Spybot and showing him how much spyware he had on his system, he has yet to switch over. This isn't a matter of him not knowing how things work, or understanding the technical end of things. He simply doesn't want to deal with a process that he thinks (no matter what I tell him) is going to cost him a lot of time and energy switching over and getting used to. I would imagine that a lot of people are the same way. The flaws drive them nuts, but they're convinced that the solution is just too complicated and time-consuming to find.

Re:The problem with security books for the home us (0)

Anonymous Coward | more than 10 years ago | (#9941811)

Or reading any book for that matter. That goes for users in the workplace..Who happen to be home users

Re:The problem with security books for the home us (3, Insightful)

Hexedian (626557) | more than 10 years ago | (#9942031)

In my opinion, the real problem is that computers aren't MADE for the average user. An average user should not have to worry about firewalls, security exploits and the like, just like an average driver does not have to worry that his engine or breaks might malfunction.

Build It In or Legislate It, Don't Wait for Users (1)

reallocate (142797) | more than 10 years ago | (#9942285)

Few of us read books about auto safety, either, but automobiles and the roads they travel on are demonstrably safer than in years past. This happened because manufacturers designed and built safer cars. Sometimes legislation mandated those improvements, other times the market mandated the changes.

Imagine if someone started selling a hardware or software gizmo that promised to keep your machine free of all spam and viruses, forever, period. Imagine that this gizmo actually worked. Imagine the sales boost for PC's that sell with this gizmo built in.

Ditto for computer security. The best way to make home and SOHO computing more secure is to build that security into the hardware and software we use and in the networks are traffic moves on. And, yes, some of that will be legislated as the net becomes increasingly critical to our daily wellbeing.

We can't expect any but a tiny fraction of computer users to "learn" their way to better security. Nor can we pretend that the wide open and unregulated nature of the infant internet will survive.

i'll be buying several copies... (4, Interesting)

wwest4 (183559) | more than 10 years ago | (#9941675)

...at the company's expense. Everyone stumbles into the IT office and asks these questions, and the answer doesn't exactly fit in an FAQ because everyone has a slightly different situation.

And save your breath about whether or not it's my job to answer such questions. I probably don't work where you do.

Re:i'll be buying several copies... (0, Flamebait)

Anonymous Coward | more than 10 years ago | (#9941739)

So isn't answering those questions your job?

Re:i'll be buying several copies... (2, Insightful)

Saeed al-Sahaf (665390) | more than 10 years ago | (#9941911)

So isn't answering those questions your job?

The book is for the "home user". Most help desk / IT shop guys get asked a lot of questions by fellow employees that are not work related, and in those cases, no prob. not his job. On the other hand, is the boss going to want to pay for these books?

Re:i'll be buying several copies... (1)

wwest4 (183559) | more than 10 years ago | (#9942059)

> is the boss going to want to pay for these books?

that depends on how much you bill out per hour, if the "boss" is one of the users asking the questions, and if it's worth the ROI in terms of user satisfaction. in the case of most IT generalists, the cost is trivial compared to the time spent studying each individual case, or compared to giving a cold shoulder to the guys that ultimately fund your paycheck.

in a similar move, we initially bought AV software for them as well (though eventually the client made a deal w/ NAI, now McAfee, who offers "enterprise" deals including home user licensing benefits). it makes sense for us - instead of letting this expected service pull time away from more complicated work, we come up with ways to push the responsibility back onto the users without completely ignoring their needs.

This book should be open source (5, Insightful)

TheSpoom (715771) | more than 10 years ago | (#9941680)

Really, I'd LOVE to be able to point one of my tech support callers to a free online version of this book. It would be very helpful because I wouldn't have to explain to them why Firefox is better than Internet Explorer, and then have them think I'm just paranoid when I tell them all the ways spyware can get in their system.

Re:This book should be open source (1, Insightful)

Anonymous Coward | more than 10 years ago | (#9941819)

...and then have them think I'm just paranoid when I tell them all the ways spyware can get in their system.

I get this a lot from my boss. My response is always one of my favorite quotes: "It isn't paranoia when they really are out to get you!"

Re:This book should be open source (4, Interesting)

Anonymous Coward | more than 10 years ago | (#9941826)

Try doing what I do--I teach a free class, open to the public, at our local library.

I didn't start this, they already had classes set up which I started helping out with, but I *did* create the class on security for average folks.

Just be prepared to supply a bit of free tech support :)

Re:This book should be open source (1, Funny)

Anonymous Coward | more than 10 years ago | (#9942205)

Also, with a bit of subtle social engineering, I bet you can determine a lot of passwords...

Re:This book should be open source (1)

sp00 (639381) | more than 10 years ago | (#9941848)

This birngs up another good question... Are there any open source books on security (I haven't ever really looked)? I would guess that even if there are, they aren't aimed and the "home" or casual user.

Other useful info at cert.org (4, Insightful)

sczimme (603413) | more than 10 years ago | (#9942006)


CERT.org's tips for home network security [cert.org] . It's very basic but might help.

They also offer The Home Computer Security guide [cert.org] , which seems to parallel Mr. Greene's book in some key areas. This page includes a link to a pdf [cert.org] which goes into detail on the examples (encryption, firewall, anti-virus, patches, ACLs).

Point your tech support callers to these free docs - or others easily available via your favorite search engine - if the idea of a commercial book bothers you that much. Not everything has to be open source. Alternatively, why don't you write the open source manual that you need? Isn't that the idea behind F/OSS?

Re:Other useful info at cert.org (1)

CobaltBlue612 (804022) | more than 10 years ago | (#9942746)

I do tech work sometime, and its flat out stupid of anyone to trying pushing the open source line in places where people just want a fix, not a migration strategy. People call support because of what they have is broken, they dont want it replaced, they want it fixed. If they wanted something new they'd be calling the sales department. I'm not saying we shouldnt try to promote OSS, but why not promote it when people are arguing about why their pc crashes, since then you appear more objective, and gain a receptive audience. The first words out of a customers mouth if you told them to swap IE for a more secure browser created by a community of developers in their spare time would be "Heh, dork", and they'd ask me to fix the problem they have ;)

Re:This book should be open source (2, Insightful)

DP (11614) | more than 10 years ago | (#9942028)

If a tech support guy ever did that to me, I'd make sure he got fired for it. That is not doing your job, that is shirking your duty. If you're getting paid to do tech support, you better damn well be ready to give tech support, not say "RTFM, lamer."

If you can't explain the advantages of security without sounding paranoid, it's your problem, not the customer's.

Re:This book should be open source (1)

cpeterso (19082) | more than 10 years ago | (#9942183)


I'd LOVE to be able to point one of my tech support callers to a free online version of this book.

Who wouldn't like free stuff? But since this information has obvious value to you and your tech support callers. If your time is worth something, then saving your time (by buying this book) should be worth something, too.

Oh (1, Insightful)

ParticleMan911 (688473) | more than 10 years ago | (#9941692)

So basically, this book contains all the information that the average /. reader already knows.

Re:Oh (5, Funny)

Anonymous Coward | more than 10 years ago | (#9941709)

Don't misoverestimate this place.

It contains all of the information that the average /. reader claims to already know and/or brags about knowing.

Re:Oh (0)

Anonymous Coward | more than 10 years ago | (#9942017)

Don't misoverestimate the book. I happen to know all sorts of things that aren't covered in the book, such as how to tie my shoes, what to do in case of fire and how to prepare hot grits.

misoverestimations (0)

Anonymous Coward | more than 10 years ago | (#9942086)

But can you ride a Segway without falling over? Finish a bag of pretzels without need of the Heimlich maneuver?

Re:misoverestimations (1)

ParticleMan911 (688473) | more than 10 years ago | (#9942117)

Yes. But I can't ride my bike without falling off it...

Re:Oh (0)

Anonymous Coward | more than 10 years ago | (#9942320)

how to prepare hot grits

Now there's a book I need. Ever thought of becoming an author?

Average user? (5, Insightful)

scowling (215030) | more than 10 years ago | (#9941716)

Chapter Four is about using common tools, like Ethereal, Netstat, PGP, etc. It explains how to monitor an Internet connection to spot software secretly reaching out or phoning home to remote servers; how to monitor your system for signs of malicious processes; and how to use PGP and GnuPG to encrypt sensitive files and Internet correspondence. This is one of the best introductions to using encryption available anywhere.

(And so on.) It looks to me as if the book has failed completely as a guide for the average home or small office user. Your mom is the average user. Your mom plays Pogo all evening and clicks on every mail she receives. You need to explain security to her in such a way that it can fit on both sides of an index card. GnuPG? I think not.

Average user?-Hidden security. (0)

Anonymous Coward | more than 10 years ago | (#9941783)

"You need to explain security to her in such a way that it can fit on both sides of an index card. GnuPG? I think not."

PGP can be made a transparent part of the process of using your computer.

Re:Average user?-Hidden security. (3, Informative)

Beryllium Sphere(tm) (193358) | more than 10 years ago | (#9941972)

>PGP can be made a transparent part of the process of using your computer.

Only at the expense of security.

Unless you verify key fingerprints out of band you're getting very little protection. That's not transparent and I've never found an easy way to explain it.

Then there's backing up keyrings and choosing a meaningfully strong passphrase.

Re:Average user? (1)

wwest4 (183559) | more than 10 years ago | (#9941791)

You're right. But I still advocate a book of this sort because it targets a second tier of power users who are competent, if not truly advanced/pro. They can read the book and coddle the cluebies. Many who might call themselves advanced or professional find themselves in the potentially insufferable position of being responsible for answering questions like these. Some natural teacher/prophet types may love it, I'm sure, but for those who don't, this book is a means to delegate to the "power users."

Re:Average user? (1)

jollyhockysticks (799569) | more than 10 years ago | (#9941902)

Chapter Four is about using common tools, like Ethereal, Netstat, PGP, etc.

Indeed the last thing I want is for more "average users" playing with ethereal, oh sure its not so dangerous now but once they've tried the soft drugs you know that leads onto the hard stuff!

netstat sure, go for your life with netstat and PGP , ok generate your keys and get the email plugins installed if you will, spend some more cpu cycles for someone somewhere... but really, why ethereal?

Are we really expecting average users to dissect their packets to stay secure?

Re:Average user? (5, Interesting)

stratjakt (596332) | more than 10 years ago | (#9942021)

Well, as the lead-in says, this was written by the "guru at theregister.com", or translated, by an out-of-touch linux zealot.

By out-of-touch, I mean he has no idea what an average user is, or what they're willing to do. Ethereal is next to useless as a security tool, it's a great tool for troubleshooting complex networking setups, but a box with XP Home that dials into AOL is hardly a complex network.

They might as well suggest the "average user" set up an elaborate honeynet.

A security book for the average user probably could fit on both sides on an index card, hell one side: Know what a firewall is and how to configure it. Know not to run executable code unless you trust the source. Keep your machine up to date, and scan for viruses reguarly.

That's about it, at least, thats about all I'd expect out of an average user, and that's about all I'm willing to do myself. I've never cracked out ehtereal to "secure my box". Thats ridiculous.

The "dont run executables" is a tricky one under Windows, because it's no longer clear to the average user what's executable or not. It used to be simple: files that end in .bat, .com or .exe. Now it could be .vbs or a macro in a .doc or .xls. How many average users know what .msi means?

Not that it's easier for the average user to know in the unix world, where they have to "ls -l" to see if the executable bit is set.

A Most important home-use chapter (1)

grunt107 (739510) | more than 10 years ago | (#9941720)

IMO is Ch5: Chapter Five explains how to eliminate all traces of Web activity from your computer and defeat forensic recovery of stored data; how to surf the Web anonymously using an encrypted connection and defeat remote monitoring; how to set up and use SSH (SecureShell) to conceal both your identity, and the data content of your Internet sessions from all third parties, including your ISP. The many hiding places of sensitive or incriminating data are revealed for both Windows and Linux users.

This will help the casual web users who get bashed by the spyware-grabbers. Like my parents.

Re:A Most important home-use chapter (5, Insightful)

Pidder (736678) | more than 10 years ago | (#9941889)

Just because the book contains more advanced topics doesn't mean it can't be aimed at the casual user. To me it seems that the book is aimed at the casual but interested user. Someone who's not the least interested in security will not pick this up no matter how basic it is. As Joe Sixpack starts reading this book he will learn more and more and by the time he comes to chapter 5 he will hardly be Joe Sixpack anymore.

Is it ironic, hypocritical or neither? (2, Insightful)

Soukyan (613538) | more than 10 years ago | (#9941723)

An open source advocate won't just give away the book for free. So why again should source code be made free? Just a thought.

Re:Is it ironic, hypocritical or neither? (3, Informative)

TheSpoom (715771) | more than 10 years ago | (#9941786)

That's the classic "free as in beer vs. free as in freedom" argument, and has been argued on Slashdot too many times to count. Just take a look at the GNU philosophy [gnu.org] section for the answer to your question.

And just in case you're wondering, the GNU also publishes the Free Documentation License [gnu.org] .

Re:Is it ironic, hypocritical or neither? (0)

Anonymous Coward | more than 10 years ago | (#9941987)

That's the classic "free as in beer vs. free as in freedom" argument...

Yes, and this is neither.

Re:Is it ironic, hypocritical or neither? (1)

TheWingThing (686802) | more than 10 years ago | (#9941794)

Open source software != free of cost.

Any book or article is open source anyway - you can read it completely, unless it's a research article that publishes only the results and not the raw data.

Re:Is it ironic, hypocritical or neither? (0, Troll)

Soukyan (613538) | more than 10 years ago | (#9941838)

But if I were to take the book and reprint it under another name and ad a few chapters of my own and then proceed to sell it? Does open source not advocate this sort of use of source code? Are we speaking specifically of GNU or are we talking true open-source? I appreciate the replies and I understand those aspects, but while you can reference another's material in the book world, you can never legally profit from it. Also, open source licensing is ripe to turn into a quagmire of different types and freedom's of use. Is this better or worse? Does it cause more or less litigation? As was stated, this has been discussed many times. Just some more thoughts on the matter. "Open source" as it is touted is not the utopian answer to our problems. It has a bundle of problems on its own.

Re:Is it ironic, hypocritical or neither? (1)

jgoeres (622989) | more than 10 years ago | (#9941892)

Now you're offtopic. I'm not sure what your point is. I suggest you read the links already suggested above.

Re:Is it ironic, hypocritical or neither? (1)

Sasha Slutsker (799836) | more than 10 years ago | (#9941800)

Neither, this is a book. It was produced from trees and cost money to manufacture. Obviously, these expenses need to paid off. Plus, this is probably this guy's job. He needs money to put food on the table. No one can survive without money.

He is merely saying that free software is often very secure and advises to use it. He is not saying that everything in the world should be free in some sort of communistic world.

Re:Is it ironic, hypocritical or neither? (1)

The Master Control P (655590) | more than 10 years ago | (#9941854)

Because a book is a real-world item that is not effortlessly duplicated by every general purpose computer in existance.

Re:Is it ironic, hypocritical or neither? (1)

RatBastard (949) | more than 10 years ago | (#9941887)

Because a book is a real-world item that is not effortlessly duplicated by every general purpose computer in existance.

Which is completely irrelaivant and meaningless. The contents of the book could be released as a PDF file, series of HTML files, DOC file, RTF file, etc... which could be effortlessly duplicated.

But what does the effor involved to duplicate something matter?

Re:Is it ironic, hypocritical or neither? (1)

The Master Control P (655590) | more than 10 years ago | (#9942640)

"But what does the effort involved to duplicate something matter?"

Because as the amount of effort to duplicate something decreases, it's scarcity and therefore value decrease. The reason MS can sell Windows for thousands of dollars is because they impose artificial scarcity by hiding the source, which drives up cost.

If the book were released as as HTML/PDF/rtf/whatever, it too would be effortlessly duplicatable and therefore have almost no monetary cost beyond what we choose to pay for it, just as linux has no monetary cost unless you choose to pay your favorite distro vendor.

Re:Is it ironic, hypocritical or neither? (1)

jgoeres (622989) | more than 10 years ago | (#9941866)

You're confusing a free book with Free Software. A free book costs you nothing to buy. Once you buy it, you own that physical copy of the book. You don't have the right to, say, add a chapter to it and resell (or re-giveaway) it.

With Free Software, you can do exactly that (metaphorically speaking).

Re:Is it ironic, hypocritical or neither? (1)

symbeon (240420) | more than 10 years ago | (#9942026)

Actually, you're talking Open Source Software, not Free Software. Free Software, or Freeware, is something that is available for you to use free of charge. It doesn't entitle you to view the source code, it only says that you can use it for free. Open Source means that you can take the code, modify it and then redistribute it.

Re:Is it ironic, hypocritical or neither? (1)

jgoeres (622989) | more than 10 years ago | (#9942145)

Correct, but "Open Source" is a kind of "Free" software. If I had meant Freeware, I would've either said "Freeware," or "free software." Small F, and not just a semantic difference.

Additionally, the original poster was talking about Open Source Software.

In any case, I think the original poster was probably just trolling. If not, these replies have given him/her enough to read through.

Re:Is it ironic, hypocritical or neither? (1)

truthsearch (249536) | more than 10 years ago | (#9942732)

While he won't give you a paper copy of his books for free (limited commons), Eric S. Raymond [catb.org] , another open source advocate, publishes his paper books online for free - as in beer and speech. Some (all?) are under a Creative Commons license.

Main benefit I see (2, Insightful)

Anonymous Coward | more than 10 years ago | (#9941770)

I see the main benefit of a book like this
as something to take my less computer-literate friends past the basic steps of:
->install Firefox
->install firewall.
->install a/v software (and run said software).
->install anti-spyware software (and run said software).
If it is as simple and clear as stated, it might
replace the wonderful calls I get during dinner from my new-to-computer friends/relatives along the lines of
"I was doing x to that firewall software, and
now nothing works".

And I didn't get my first first post... I suppose that's what I get for being off-topic...

something missing here... (5, Interesting)

kaan (88626) | more than 10 years ago | (#9941781)

"Overall, this book will tell professionals what they need to do, and novices everything that professioanls ought to know, but probably don't."

While I agree that novices probably ought to know a lot of the topics covered, there is something fundamentally missing when many (most?) novices still barely realize they have an alternative to using Windows. I interface with lots of people who basically think you have two choices - owning "a computer", or owning "a Mac" (as though owning a Mac wasn't a real computer).

The bigger problem, aside from addressing security problems, is educating the general public that they have choices, and there are different security impacts based on your choices. We live in a world where hundreds of thousands of Windows users don't even know about Windows Update, which is arguably the simplest thing you can do to avoid security vulnerabilities (yeah, yeah, I know sometimes they introduce problems through WU, but Microsoft seems to fix half a dozen "critical" security flaws per month).

So what novice out there is going to even take note that there's a book that covers security problems/issues and offers fixes for problems they're not even aware of?

something missing here...An Apple a day. (0)

Anonymous Coward | more than 10 years ago | (#9941865)

"While I agree that novices probably ought to know a lot of the topics covered, there is something fundamentally missing when many (most?) novices still barely realize they have an alternative to using Windows. I interface with lots of people who basically think you have two choices - owning "a computer", or owning "a Mac" (as though owning a Mac wasn't a real computer)."

Well I'll say two things about an Apple computer. One they do pay attention to security. Two they present security in such a way that it isn't the onerous burden like it is for other platforms.

Re:something missing here... (2, Insightful)

hal2814 (725639) | more than 10 years ago | (#9942276)

"I interface with lots of people who basically think you have two choices - owning "a computer", or owning "a Mac" (as though owning a Mac wasn't a real computer)."

I find this a bit annoying, but I would blame the software manufacturers and salesmen more than the ignorant users. How many times do you hear of a piece of software running of PC or MAC when they really mean it runs on Windows or OS X (or 9 or whatever)? I remember back when a Novell rep tried to claim that multiplatform meant Windows 98 AND Windows NT (x86 only of course). While it's good to see our previous file and print server overlords overcome such ignorance, the average user still has not. To them there is PC and Mac and as long as software reps perpetuate this view, it won't go away.

Re:something missing here... (1)

yopu (575433) | more than 10 years ago | (#9942654)

I'm curious: why do so many people insist on writing "MAC" (all caps), when (1) that stands for "Media Access Control;" and (2) "Mac" is short for "Macintosh"?

Re:something missing here... (1)

hal2814 (725639) | more than 10 years ago | (#9942700)

Because PC is not Pc. Therefore MAC cannot be Mac. If MACs were the dominant platform, we'd be talking about Pcs and Macs. You need to brush up on your sales logic.

Secrets? (1)

mboverload (657893) | more than 10 years ago | (#9941797)

Windows seems to have ALOT of secrets. I still don't know how to make that screensaver thingy turn on!

Impressive link collection (5, Informative)

Anonymous Coward | more than 10 years ago | (#9941798)

Just in case his site gets /.'ed, here is his impressive list of links. - Jonah Hex in non-karma whore mode.
Downloads
Linux Wipe Tools [slashdot.org] : Three shell scripts for securely wiping all data from the swap partition, wiping unused disk space on the root partition, or wiping an entire disk, by Thomas C. Greene.

No Messenger [slashdot.org] : A batch file that eliminates Windows Messenger and fixes the problem of Outlook Express loading slowly when Messenger is absent, by an anonymous friend of The Register.

FileCheck MD5 [slashdot.org] : A free, simple, lightweight MD5 utility for Windows, courtesy of Brandon Staggs.

Errata [slashdot.org] : A text file containing my various blunders and ommissions in the book (right-click and "save as," or view as HTML [slashdot.org] ). Last updated 6 June 2004.

Links to Other Goodies
Mozilla [mozilla.org] : A free, open source Web browser and e-mail client for Linux and Windows, feature rich and far more secure than Internet Explorer and Outlook Express. Recommended for novices.

Firefox [mozilla.org] : A free, open source, stand-alone Web browser for Linux and Windows. Very light and fast. Recommended for intermediate users.

Thunderbird [mozilla.org] : A free, open source e-mail and news client for Linux and Windows. Recommended for intermediate users.

GnuPG [gnupg.org] : Gnu Privacy Guard; a free, open source replacement for PGP, for Windows and Linux.

WinPT [sourceforge.net] : Windows Privacy Tools; a free, open source GUI frontend to GnuPG for Windows.

Anonymizer [anonymizer.com] : Various services for anonymous Web surfing, e-mail, chat, etc.

OpenSSH [openssh.org] : A free, open source SSH (Secure Shell) client and server for Windows and Linux.

PuTTY [greenend.org.uk] : A free, open source GUI frontend to OpenSSH for Windows.

Ethereal [ethereal.com] : A free, open source network traffic analyzer for Windows and Linux. Windows users will need to install WinPcap [polito.it] before installing Ethereal.

Ad-Aware [lavasoftusa.com] : A free, closed source adware/spyware scanner for Windows.

SpyBot Search & Destroy [safer-networking.org] : A free, closed source adware/spyware scanner for Windows.

Sam Spade [samspade.org] : CGI gateways to numerous online tools, such as whois, traceroute, etc.

SourceForge [sourceforge.net] : A vast repository of open-source software for Windows and Linux. The site can be overwhelming, but it has a search engine to help users locate packages.

GNU Project [gnu.org] : The home base of the open source movement. A repository of open source products, chiefly for UNIX-compatible systems.

Security Information
About Internet/Network Security [about.com] : An informative and useful site dealing with computer and Internet security, with reviews of security products and books, practical howtos and tips, and links to numerous tools and information resources, geared toward beginners and intermediate users.

SANS Institute [sans.org] : An educational and research organization with a vast archive of security research documents, news, and advisories, geared toward intermediate and advanced users.

CERT/CC [cert.org] : Computer Emergency Response Team Coordination Center at Carnegie Mellon University. An archive of advisories, statistics, and administrative worst and best practices, geared toward intermediate and advanced users.

NIST CSRC [nist.gov] : An archive of security research maintained by the NIST (National Institute of Standards and Technology) CSRC (Computer Security Resource Center). Recommended for advanced users and security professionals.

FAS [fas.org] : Federation of American Scientists; a site concerned with the social and political implications of technology and security. Not limited to computing.

Attrition [attrition.org] : A pleasantly quirky site offering a good deal of security information with a skeptical point of view.

F-Secure virus library [f-secure.com] : A searchable database of computer viruses.

Sophos virus library [sophos.com] : Another searchable database of computer viruses.

Simovits Consulting [simovits.com] : A list of ports used by Trojan backdoors and rootkits with brief descriptions.

WinGuides Registry library [winguides.com] : A large collection of Windows Registry tips, tweaks, and explanations.

LIiUtilities process library [liutilities.com] : A large, searchable collection of both malicious and normal Windows processes with brief descriptions.

Computer Bytes Man [computerbytesman.com] : A site detailing online privacy threats and political issues connected with technology.

CDT [cdt.org] : Center for Democracy and Technology, another site detailing online privacy threats and political issues connected with technology.

EFF [eff.org] : Electronic Frontier Foundation, yet another site detailing online privacy threats and political issues connected with technology.

Vmyths [vmyths.com] : Scathing criticism of the antivirus industry and media-hyped virus scares.

Consumer Alert [consumeralert.org] : A site dealng with privacy issues, IT politics, and official abuse of technology.

Cryptome [cryptome.org] : An online repository of government documents and anonymous submissions. Information is not checked for accuracy, by design.

Webopedia [webopedia.com] : A searchable online dictionary of computer terminology.

Wikipedia [wikipedia.org] : A searchable online encyclopedia. More detailed than Webopedia, and not limited to computing.

Acronym Finder [acronymfinder.com] : A searchable online database of acronyms, not limited to computing.

Victoria TelecommunityNet [niu.edu] : A glossary of technical terms chiefly related to security, maintained by Rob Slade, one of the better class of security expert.

Risks Digest [ncl.ac.uk] : An archive of general privacy, security, and safety articles. Not limited to computing.

Searchlores [searchlores.org] : A delightfully quirky site by the enigmatic Fravia+ filled with vast amounts of security and privacy information, and organized with much personal idiosyncrasy.

Security News
The Register [theregister.co.uk] : The most skeptical and perhaps the last fully independent tech news publication. Covers all aspects of the IT industry, including security and privacy. Shares content with SecurityFocus.

SecurityFocus [securityfocus.com] : Computer and network security are the only topics. Offers news articles, opinion columns, advisories, and technical howtos, ranging from newbie-friendly to advanced. Shares content with The Register.

Wired News [wired.com] : Owned by Lycos, but apparently enjoys considerable editorial independence. Covers all aspects of the IT industry, including security and privacy.

Linux Security [linuxsecurity.com] : A daily roundup of Linux security stories.

Linux Today [linuxtoday.com] : A daily roundup of Linux stories from the press, including security.

FreeOS [freeos.com] : News and resources for systems such as BSD and Linux.

Security News Portal [securitynewsportal.com] : A daily roundup of security news. Ironically, the site appears to be optimized for Internet Explorer, which is the least secure browser available, and displays poorly in Mozilla, which is immensely more secure.

Whitehats [whitehats.com] : A daily security news roundup.

SecuriTeam [securiteam.com] : A portal with security news, tools, and separate focus areas for Windows and *nix.

E-mail Lists
The Register: An e-mail roundup of the day's tech stories, including security and privacy. Sign up here [theregister.co.uk] .

Counterpane Crypto-Gram: A monthly e-mail newsletter by Bruce Schneier, one of the better class of security expert. Sign up here [counterpane.com] .

ISN (InfoSec News) from Attrition: A daily e-mail roundup of security news items. Sign up here [c4i.org] .

Sans Institute NewsBites: A weekly e-mail roundup of important security news items. Sign up here [sans.org] .

About Network Security: A weekly newsletter from Tony Bradley of About.com, summarizing his daily column. Sign up here. [about.com]

Politech: A list of news stories and topics concerning Internet privacy, free speech on line, and legislation related to technology, from Declan McCullagh of News.com. Sign up here [politechbot.com] .

SecurityFocus News: Sign up here [securityfocus.com] .

SecurityFocus Microsoft Security News: Sign up here [securityfocus.com] .

SecurityFocus Linux Security News: Sign up here [securityfocus.com] .

BugTraq: A high-volume mailing list of bugs and exploits geared towards security researchers. Sign up here [securityfocus.com] .

Focus on Microsoft: A high-volume mailing list of bugs and exploits geared towards Windows researchers. Sign up here [securityfocus.com] .

Focus on Linux: A high-volume mailing list of bugs and exploits geared towards Linux researchers. Sign up here [securityfocus.com] .

Re:Impressive link collection (1)

anomalous cohort (704239) | more than 10 years ago | (#9942215)

Why is Mozilla for novices and Firefox and Thunderbird for intermediate users?

Re:Impressive link collection (4, Funny)

downbad (793562) | more than 10 years ago | (#9942332)

Because Mozilla has bigger buttons.

Re:Impressive link collection (0)

Anonymous Coward | more than 10 years ago | (#9942229)

first 4 links are 404

Re:Impressive link collection (2, Informative)

Jonah Hex (651948) | more than 10 years ago | (#9942345)

first 4 links are 404
Yea, sorry about that, they link directly to the files on his site and thus he didn't have a "complete" link to them including the server info. Here's "fixed" links:

Linux Wipe Tools [basicsec.org] : Three shell scripts for securely wiping all data from the swap partition, wiping unused disk space on the root partition, or wiping an entire disk, by Thomas C. Greene.

No Messenger [basicsec.org] : A batch file that eliminates Windows Messenger and fixes the problem of Outlook Express loading slowly when Messenger is absent, by an anonymous friend of The Register.

FileCheck MD5 [basicsec.org] : A free, simple, lightweight MD5 utility for Windows, courtesy of Brandon Staggs.

Errata [basicsec.org] : A text file containing my various blunders and ommissions in the book (right-click and "save as," or view as HTML [basicsec.org] ). Last updated 6 June 2004.

Joanh Hex

Re:Impressive link collection (0)

Anonymous Coward | more than 10 years ago | (#9942433)

GNU Project: The home base of the open source movement. A repository of open source products, chiefly for UNIX-compatible systems.

I'd love to see RMS's face if he read that!

My limited experience (1)

truthsearch (249536) | more than 10 years ago | (#9942662)

Unfortunately I use Windows at work. I use WinPT and Putty frequently. They're great apps, although they're a bit unpolished. I know little of networking and security and have no problems using them. But I'm a developer. I think an average user would have a problem using either. They're both for people who know what GnuPG and OpenSSH are and how to use them. They don't hide the details, which is a good thing in general, but hard for beginners. I think an average user might get by with WinPT since it adds a toolbar button to Outlook. Luckily Putty is for secure terminal sessions and FTP so it's unlikely an average user would need to bother with it.

English (-1, Redundant)

Al Dimond (792444) | more than 10 years ago | (#9941810)

It's in plain English, so no one should worry that they can't grasp it.

What if I don't speak English, you insensitive clod?

Lesson 1 Install Service Pack 2 (2, Funny)

Raindeer (104129) | more than 10 years ago | (#9941815)

Simple

Re:Lesson 1 Install Service Pack 2 (2, Insightful)

Hockney Twang (769594) | more than 10 years ago | (#9941858)

Perhaps not so simple. I'm gonna go ahead and make the assumption that a large number of people will have(have had) serious stability issues as a result of SP2. Remember the 3 out of 5 figure that everyone blew off because it was related to some malware that's incompatible with SP2? Well most users have malware on their machines, that's just the way it is. They don't know or care enough to remove it, or buy this book. And if they install SP2, all they'll know is that their computer no longer wokrs.

Re:Lesson 1 Install Service Pack 2 (0)

Anonymous Coward | more than 10 years ago | (#9942733)

...ultimate Windows security for 2 of 5 users

there are no secrets in OSs (4, Insightful)

Junior J. Junior III (192702) | more than 10 years ago | (#9941899)

There are no secrets on library shelves, either, but if the populace never signs out a book and actually reads it, or if they try to read it and can't understand the language, what good does that do them? OSS isn't inherently secure. It has the opportunity to be peer-reviewed and pronounced "secure" by the peer reviewers. And even they can be wrong, if they're not clever enough to spot a hole.

There are not secrets... (1)

FerretFrottage (714136) | more than 10 years ago | (#9941961)

He rightly notes that there are no secrets in OSs

If only that we true for SOs!!!! "What do you mean you use to be a man? Nah, no big deal, I'm cool with that...although I did always wonder why I caught you reading /. --that explains it."

Re:There are not secrets... (2, Funny)

FooAtWFU (699187) | more than 10 years ago | (#9942034)

"What do you mean you use to be a man? Nah, no big deal, I'm cool with that...although I did always wonder why I caught you reading /. --that explains it."

Sir (or madam):
That was too much information.

Macs left out. (sigh) (3, Informative)

tb3 (313150) | more than 10 years ago | (#9942027)

It's a pity he covers Windows and Linux but completely ignores Macs. (I checked his website; I'm sure). There must be the same number of home/office users of Macs as Linux, probably more. Although the Mac is secure against spyware, malware and viruses at present, it would be useful to inform people about security considerations for the Mac, how the built-in firewall works, and so forth.

I.Q. Test (2, Funny)

Anonymous Coward | more than 10 years ago | (#9942054)

A more secure home user? Simple. Make Internet use dependant on the user's I.Q.

50 or below: Fox News, CNN, MSNBC, Hotmail, any .gov
75 or below: Microsoft, Dell, Compaq, etc.
100 or Below: Slashdot, any .net
125 or Below: Any .com, save....
150 or below: Apple.com

Pfeh. Letting blind people drive. Why, oh why are there so many accidents??

Re:I.Q. Test (1)

BarryNorton (778694) | more than 10 years ago | (#9942723)

Do I understand you to mean (which you've written) that Slashdot can only be read by the subnormal? Or are these disclusions?

Why am I seeing this? (0, Offtopic)

Snowgen (586732) | more than 10 years ago | (#9942077)

This strikes me as off-topic, but I can't think of anywhere to post it where it would be on-topic, and this is as close as it gets.

In my preferences, under "Exclude Stories from the Homepage", I have checked "Book Reviews". I just double-checked. So why does this story show up on my homepage?

Am I doing something wrong? Is there a bug in slashcode? Is this not really a book review, despite the words "Book Review"?

Can anyone help me out?

Re:Why am I seeing this? (1)

SuiteSisterMary (123932) | more than 10 years ago | (#9942199)

See the two icons listed beside the story; a lock and a stapler? Hover your mouse over each picture, and you'll see what the story is listed as; in this case 'security' and 'IT.'

Re:Why am I seeing this? (0)

Anonymous Coward | more than 10 years ago | (#9942491)

Then it would in fact appear to be a bug in Slashcode, somebody should fix it so if filters by Section OR Topic, not Section AND Topic.

Dummies Guides already do all this, better too... (2, Informative)

GuyFawkes (729054) | more than 10 years ago | (#9942088)

Tom Greene writing something insightful and instructive?

Well, that would be a first I suppose, him and Orlowski (sp?) are the two biggest problems the reg has IMHO.

For my money when there is already stuff like the Dummies Guide to Network Security (www.dummies.com) why bother?

For those that asked for online articles
http://www.dummies.com/WileyCDA/DummiesA rticle/id- 1983,subcat-NETWORKING.html
http://www.dummies.co m/WileyCDA/DummiesArticle/id- 1808,subcat-NETWORKING.html
http://www.dummies.co m/WileyCDA/DummiesArticle/id- 1518,subcat-NETWORKING.html

etc etc

Re:Dummies Guides already do all this, better too. (1)

TheClarkey (546286) | more than 10 years ago | (#9942420)

>Tom Greene writing something insightful and instructive?

>Well, that would be a first I suppose, him and Orlowski (sp?) are the two biggest problems the reg has IMHO.

Disagree, Greene is a great writer and has written excellent articles for the register explaining to newbies [theregister.co.uk] and power users [theregister.co.uk] how to secure linux You could say its "insightful" and maybe even "instructive"...

Me no want to read book... (1, Interesting)

Mr. Certainly (762748) | more than 10 years ago | (#9942354)

Wait...read a book?

*shudders*

Why can't they be more like Dell and have a 1 sheet poster with cute pictures telling us how to setup our computer?

Honestly, the majority of computer users -- Joe6Pack&SoccerMom (TM) -- are stupid. They don't read the manual to a machine that is more complex than their automobile.

We're not asking the normal user to be an expert in rebuilding their engine or to understand how a transister works...but seriously. Read a few books and learn where the hell the gas/brake/power button is located and what double clicking/opening programs/start menu/interet means.

Maybe it's M$'s fault for not providing an Operating System where flaws/problems/features don't cripple the non-savvy user.

Too bad no one makes a computer system for the non-savvy...something easy where there aren't 500 holes that need to be patched before you connect it to the internet...what did you say, Apple? Macs? Oh, I take that back then.

Security Book? (2)

hunterx11 (778171) | more than 10 years ago | (#9942438)

It's like a Service Patch for wetware!

Review of the review. (3, Funny)

veg_all (22581) | more than 10 years ago | (#9942459)

The first couple of paragraphs consist of an intro and a
description of the preface.

The third paragraph describes the first chapter.

The fourth paragraph describes the second chapter.

The fifth paragraph describes the third chapter.

The sixth paragraph describes the fourth chapter.

The seventh paragraph describes the fifth chapter.

The eight paragraph describes the sixth chapter.

The ninth paragraph describes the seventh chapter.

The tenth paragraph notes there are indexes.

Overall this review is skeletal at best.

I give it a 3 out of 10.

Overall, this review is useful for nearly some people, not so useful for others. It's
certainly written in English, so more than half of Slashdot's
readership will feel a vague sense of familiarity.

Impact (2, Insightful)

maximilln (654768) | more than 10 years ago | (#9942726)

I don't think that it's a problem to demonstrate the advantages of security. Everyone knows the advantages of security. The difficulty is demonstrating impact. The vast majority of people, since they don't understand computers, feel that the basic knowledge of how to crack security is enough of a deterrant and lock in and of itself. The general need for additional security measures is perceived to be paranoia.

Unless there's a widespread and media popularized outbreak of identity theft, or computer hijacking, or people who can't check their e-mail or browse the web, then computer security will continue to be perceived as a topic of paranoia.

Currently the impact of computer insecurity is considered to be an annoyance. Extrapolated damages of corporate insecurity are given the same regard as the extrapolated damages of trading mp3s. Until authorities take a tough stance on abusive network activities (spam, browser hijacking, unwanted pop-up advertising, unauthorized collection of consumer data) then the general populance will continue to accept a loose attitude towards computer security.

The fact is that insecurity is profitable as a business. There's no real motivation to protect the consumers so why should the consumers waste effort protecting themselves?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>