Security, security, security !

by Francois Joseph de Kermadec

Now that MyDoom, Novarg and others have begun to attack servers and break into Windows computers worldwide, serious newspapers are full of advice for business users and companies who want to protect their valuable assets...



Since I always find interesting to see what PC users are told to do, I read them carefully and, instead of the basic-but-correct advice I was expecting, I found that many publications had turned their computing pages into annoyingly long advertisements for anti-virus software and third-party firewalls. But apparently, they are not at fault -- and are merely following the latest trend.



You think I am exaggerating ? Well, read on !



No operating system is perfect, that's for sure, and they all have their security issues -- even the best, most bullet-proof ones. Therefore, I always advise users, on any platform, to indeed install anti-virus software and to purchase a good firewall. Knowing how to protect oneself is important and using the appropriate tools is the first step...



By the way, if you're a Mac user, this is what I usually recommend.



However, it seems that the Windows world is now going one step further and is expecting security companies to do most of the work that the OS and applications authors should have done.



Just have a look here : these posters are supposed to give users advice about how to protect themselves against viruses and hackers... The idea is good and they look quite nice...



But could someone tell me what McAfee and Symantec are doing here ? And why on earth are Dell and HP advertising next to them ? If these posters were designed with the user's security in mind, I would have expected to see the name of some industry-wide alliance or the address of the sites that, every day, list all the issues that are discovered ( on any platform ) and publish security advisories...



But to me, this means if you want your PC to be safe, install an application from a third-party company .



I have nothing against Symantec and McAfee -- I have used or am using products from both of them. However, the latest events have showed that, even with extensive resources, they cannot repair a faulty operating system and faulty applications. What they can do, however, is add a layer of security, in case the security systems put in place by the original vendor didn't work as expected.



In the real world, could a doctor tell a patient to keep on swallowing antibiotics to avoid catching something ? If a patient has a serious illness that would require him to do this in the short term, then, he is offered a better, long-term treatment that will actually help solve the issue.



As a Mac user, I am glad to see that Apple provides us with security updates ( when needed ) and information but doesn't ask security companies to do what it should do. I just hope that more companies could follow the same policy and provide their users with accurate information that would really help them avoid issues.



Until next time, dear Mac users, please enjoy thinking different !


5 Comments

gbshuler
2004-02-04 14:13:01
Virex? Really..?
I notice on your user contributes tips page that you advocate installing and using Virex.


Is this Really necessary? One of the reasons I switched to Mac was that on my Wintel Box I always had to wait 5 minutes for my machine to bootup while Norton AntiVirus went on and on. It seemed like every day I was updating my virus signatures, or paying $ to Mr. Norton for the newest version (including rebate forms, check deposits, etc). It seemed like I was becomming a slave to virus and firewall software. Nowaways you have to throw in spyware control as well..


The only way I could see getting a virus on a Mac is to download an obscure utility/game/etc and run it behind the firewall (trojan horse).


If a user has their firewall in place and runs only applications which came with their O/S (and perhaps a few other major applications like PhotoShop or Office) how can they become infected?


Also.. how much of a tax on the system resources (CPU, Disk and RAM) is Virex? Norton AntiVirus always seemed to be a resource "hog".

F.J.
2004-02-05 00:42:47
Virex? Really..?
Hi !


I recommend using Virex since this is the anti-virus software provided to all .Mac members and that most Mac users are therefore likely to have it.


As long as you are a .Mac member, you do not need to pay anything extra to download Virex and the associated definitions.


Unlike Norton, Virex does not do any background scanning and must be activated manually to scan files or the hard drive. While users who do not wish to have to remember to use it may see it as a drawback, it has the advantage of not consuming any resources until you launch the application and start a scan.


Programs like Office are known to spread macro viruses and are seen by some users as "dangerous" programs, requiring that you use an anti-virus software.


Unfortunately, I have not used Norton on Mac OS X in a long time now and cannot comment on the latest version. Of course, no anti-virus application is "better" than the others : they all have different feature sets and you are free to pick the one that will best suit your needs.


Let me know if this helps !


F.J.

gbshuler
2004-02-05 07:46:15
Thanks for the info
I was talking about Norton on the old Wintel box I abandoned two years ago. Norton was like a virus itself. On bootup it takes over and scans, and scans, and scans.. for about a minute. Then the "auto update check" begins, you can hear the drive thrashing as other programs fight Norton to go through login initialization. It made bootup intolerable, and using the PC a slower, more inconvenient process -- constantly getting in the way "to protect you" from a world where exploiting Wintel security holes is as easy as playing on your big brothers XBox..


Glad to hear Virex is an on-demand thing. Until a major virus hits the Unix world, I sleep well at night. I don't open Office files from wild sources, so it sounds like I perfectly safe running Virex occasionally. I'll check it out.


Thanks

musnat
2004-02-21 02:56:24
Why should I take you seriously?
You claim that windows is a faulty operating system. I think that pretty much nullifies your arguments.
I don't know your background, maybe you didn't get any computer science information, but viruses has nothing to do with operating systems. If you run a virus program in some way, even aciddently, operating system can not know whether the program you just ran is a virus or not. When you say that windows is a faulty operating system, you don't say the same thing for mac os x, where viruses also exist. So it seems that you are talking without much substance. So either you don't know much about computers, or that your whole article is political, maybe you want another company to earn more money or that you are getting donations from a specific anti-virus company.
F.J.
2004-02-21 08:31:26
It's up to you, of course !
Hi !


First of all, thanks for taking the time to send me your feedback, I really do appreciate it !


Indeed, operating systems cannot "know" if a program is a virus or not. However, some operating systems will warn the user before a program attempts to run an installer or alter system files while others won't. For example, Mac OS X will ask the user to type a password and confirm that he or she is willing to give an application the necessary privileges to perform the actions it wishes.


Also, I can assure you that I am not getting "donations" from any software company of any kind.


F.J.