New Computer? Six Steps to Safer Surfing

Sean Donelan sean at donelan.com
Mon Dec 20 02:17:47 UTC 2004


On Mon, 20 Dec 2004, Suresh Ramasubramanian wrote:
> er, so having no firewall or antivirus software on your home broadband
> connection with an XP box hooked onto it would be just as safe as an
> XP box having $software_fw and frontended by $hw_firewall that at
> least does NAT and a bit of packet filtering on the side?

No, that's not what I said.

The infection rate among all computers is abysmal.  It just happens to
be higher among computers with AV and/or firewalls. AV/Firewalls don't
seem to be making people safer from trojans, spyware, adware, etc. So
perhaps we need to look for other ways to improve things.

Why does it it happen?  I don't have the answers.

Are AV and firewalls too hard for the average user to install and
maintain? Many of them are improperly configured, mis-installed,
mis-managed, etc? Does a false sense of protection make things worse?

Do people with AV/firewalls engage in riskier behaivor because they
think they are protected?  Do people without AV/firewalls tend to
install less software of all types (good, bad and the ugly)?  Do
people without AV/firewalls take other protective measures, e.g.
disable unused services, patch more frequently, don't use the
administrator account, don't use Windows (e.g. Mac, Unix, etc)?

Do AV/firewalls miss the infection vector used by trojans, spyware,
adware?  Commercial AV vendors have only recently started adding other
forms of malware protection to their products.

Most trojans, spyware and adware is installed by the user. Through social
engineering the user is encourage to click on every button. A user
managed firewall's effectiveness is limited by the user managing it.

Do people buy AV/firewalls after they were already infected, but never
properly cure the original infection?  Essentially every brand-name
computer with a copy of Microsoft Windows sold in the USA includes at
least a 90-day AV product.  Are there fewer infections during the
first 90 days?

Is it darwin, and only the strong computers of any type survive.  Do
computers without AV/firewalls die faster when infected, and are either
cured or disappear; while computers with AV/firewalls tend to linger when
infected without being cured. It seems to be very difficult to convince
people with AV/firewalls that their computer could be infected.  They tend
to try to deny it much longer.

> I'd be interested in seeing the study you're quoting ..

I'd encourage researchers and grad students to look into it.

Security vendors are quick to sell new pills, but where are the studies
that show their products' safety and effectiveness in the real world?

If you are proposing all OEM's or broadband vendors include AV and
firewall with their products, show me the study that shows it makes a
difference.




More information about the NANOG mailing list