We are developing the social individualist meta-context for the future. From the very serious to the extremely frivolous... lets see what is on the mind of the Samizdata people.

Samizdata, derived from Samizdat /n. - a system of clandestine publication of banned literature in the USSR [Russ.,= self-publishing house]

How not to be a victim of computer malware

[A slightly unusual topic for this blog, but I was assured by the powers that be that it was of interest.]

For my friends who don’t know much about computers:

I do computer security work professionally. People always ask in the wake of yet another internet attack “what should I do to protect myself.”

The advice is always the same. Do what computer professionals do. Don’t do what you imagine computer professionals do, because you’re probably wrong.

  1. Always run the latest version of the OS and software.
  2. When security updates appear for your operating system or software, apply them as soon as possible, meaning that day. Configure your system to automatically apply updates if possible.
  3. Back up your computer frequently. Since normal humans cannot remember to do that, get software and/or a service to do it for you.
  4. Don’t use the same password with two different services, period. Since you cannot remember hundreds of different passwords, use a password safe, and remember only the password for it.
  5. If a web site offers two factor authentication (that is, you can set it up so it both requires a password and a code your phone generates), turn that on.

Every professional security person does those things.

If you ignore my advice, you’re going to get screwed one day, period. You might still get screwed even if you do follow my advice because the world is dangerous, but I can guarantee you’ll get screwed if you don’t.

Every organization that got infected recently by the ransomware worm was ignoring (1) and (2). Their suffering was avoidable. Do you want to suffer like them? Those that forgot (3) are really suffering because they have no way to recover. Why do you want to suffer? Every day, people get badly, badly screwed because the password that they use everywhere gets stolen and it is de facto impossible to remember every place you use it. Why set yourself up to suffer?

As to the question “who would attack me? No one is going to attack my computer, I’m unimportant”, the answer is that it isn’t individuals doing the attacks, it’s machines that are programmed to try to attack other machines by the hundreds of millions. You’re not being personally targeted, but that hardly matters when everyone on earth is being attacked. Your obscurity will not protect you. Even if you think there is nothing for the attacker to gain by taking over your machine, they’ll want it anyway, so they can set up a botnet to send spam from it, or use it to bring down other people’s web sites, or to take over yet more people’s machines.

And some corollaries:

1a. If your machine is too obsolete to run the latest OS, replace it. Quit being the jerk who won’t replace their eight or twelve year old computer and complains that the manufacturer “owes” you updates as you shake your fist at heaven. It isn’t even possible for them to support everything they ever made forever, let alone sane. Stop being that person.

1b. When Microsoft kept offering to give you Windows 10 for free, and you got angry at them for offering to give you a much more secure system FOR FREE, and when you got onto Facebook to post “stop bothering me, Microsoft, I don’t want to get a free, much more secure update to my buggy older OS”, you were the one who was being annoying and stupid, not Microsoft.

2a. When you get upset that the phone or computer that asked you to update is asking you to update, and you refuse to update because you find it “irritating”, what you’re basically saying is “I find it irritating that the manufacturer is trying to protect me from getting my machine taken over and all my work destroyed. I’ll show them, I’ll refuse so that some asshole in Kazakhstan can steal the contents of my bank account. That will teach Microsoft a thing or two!” Quit being an idiot. If someone pulled you out of the way of an oncoming car you wouldn’t get angry with them for it, so don’t get angry with the vendor for doing the equivalent for you.

3a. Backing up your computer can be done automatically. It isn’t even painful to get going. If you find this irritating to set up, imagine how irritating it will be to have none of your data after you have lost everything.

4a. No, your really clever password is not actually unguessable to a machine that can check tens of millions of passwords a second.

And finally, every once in a while, I hear from someone, generally an older person, that they’re just unable to keep up with new software and the like. “The new version looks different. I don’t want to update because the buttons might be in different places.” My advice, my sincere advice, is that if you can’t keep up with small changes like that, or if you can’t figure out how to use two factor authentication for your bank account and the like, get rid of your computer. It’s not safe for you to use one. Really. People still can live good lives without them. You can get the news by newspaper, you can talk to your grandchildren on the telephone. Not being able to keep up with this stuff is kind of like not being able to safely drive a car. If you’ve got a problem with your eyesight and can’t drive safely, the answer isn’t that you keep driving and kill people on the road, the answer is you stop driving.

Tweet about this on TwitterShare on FacebookShare on LinkedInShare on TumblrShare on RedditShare on Google+Share on VKEmail this to someone

67 comments to How not to be a victim of computer malware

  • AGN

    Actually, the first rule is: do not ever, ever, click on any link in an e-mail, nor open any attachment, unless you are absolutely sure it is genuine. Do not truat unexpected e-mails, even if they appear to be from your contacts. If in any doubt whatsoever, ring them up and check they have sent the mail.

    Even this latest attack only got started through an infected e-mail attachment of some kind – it then spread very quickly on local networks because of unpatched out-of-date software.

  • john

    I understand and agree with much of what you say, but would like to point out that MS and Apple (and Google) go to great lengths to deter people from keeping up with security patches by mixing them with unwanted changes to the functionality of the OS. In effect, they use the malefactors of the world as a threat to force their customers into accepting or purchasing products which they do not want or need and as a way of extorting personal information. I’m hardly a technophobe (I’ve worked in the field for over 20 years) but they are rapidly driving me toward your last suggestion. When will we as consumers put our feet down and say, “enough is enough?”

  • Perry Metzger (New York, USA)

    Actually, the first rule is: do not ever, ever, click on any link in an e-mail, nor open any attachment, unless you are absolutely sure it is genuine

    You are imagining what the first rule is. As a computer security professional, let me say very clearly this is not the first rule.

    Sure, it’s reasonable to be cautious with attachments, as they’re a prime infection vector. However, I routinely examine them even when they’re clearly malware (because I examine such things for a living) and if you know what you’re doing it isn’t dangerous. I don’t recommend normal people do it, of course, but the underlying real issue is bugs, and you need to patch to get rid of them.

    Even this latest attack only got started through an infected e-mail attachment of some kind

    In fact, it spreads over the network via the SMB service, though it can “hop” over firewalls via email. There are many other common attack vectors for malware as well: web sites get taken over and used to do “drive by” infections of unpatched machines browsing them, machines can get attacked over wireless networks because of bugs in the network drivers, you name it. Blocking all vectors is kind of hopeless if your software is not up to date.

    The most important things you can do are on my list. I will find you an endless line of other people who do this for a living who agree with me.

  • Perry Metzger (New York, USA)

    I understand and agree with much of what you say, but would like to point out that MS and Apple (and Google) go to great lengths to deter people from keeping up with security patches by mixing them with unwanted changes to the functionality of the OS.

    […]

    In effect, they use the malefactors of the world as a threat to force their customers into accepting or purchasing products which they do not want or need

    Quit being “that guy”. No, really, quit it. Windows 10 was FREE to anyone who had bought Windows since 2000 or so. All Mac OS updates are FREE.

    This isn’t a conspiracy by the evil computer manufacturers, this is the problem that you simply cannot successfully manage eighty branches of your operating system source tree in order to make sure that people using hardware your lab no longer maintains with an operating system from fifteen or twenty years ago still can keep going.

    Keep your machine up to date. It costs no money to update your software. If you don’t like the fact that the buttons have moved around and you don’t like the fact that the new OS changed the feature you really loved, well, I get that, I get irritated by such things too, but that’s still no excuse not to update.

  • Alex

    I completely agree with this post. However, even as an IT professional myself, I have a lot of sympathy with John’s comment. Microsoft particularly does push unwanted UI and UX changes through Windows Update and there’s really no practical way to simply just get security updates without UI updates. The recent “Creators Edition” update actually bricked a not-very-old machine in my office, thankfully I’m a developer not front-line support so it wasn’t my job to work out why.

    Professional IT departments really have no excuse not to be following the rules as you laid them out, however.

  • Runcie Balspune

    Unless you need a PC to run specific software, use a tablet.

  • Thailover

    I would also add, use a password(s) that is 12 to 14 characters, preferably 14 or so, and include symbols and numbers. Even using computers powerful enough that they would be considered “super” 10 years ago, getting a 14 digit PW by brute force would take decades or more in their attempt.

  • Alisa

    Thanks for the useful advice, Perry.

  • Rob Fisher

    I’m just a plain old developer and Perry M is right. You have to make new features because you need an income and your competitors are making new features. You can’t apply security patches to every previous version of your software. It’s just the nature of the universe.

  • Microsoft particularly does push unwanted UI and UX changes through Windows Update and there’s really no practical way to simply just get security updates without UI updates.

    It’s not just the UI and UX changes, its the tracking that it does, which CANNOT be disabled, which is transmitted back to Microsoft in an encrypted form which we have to accept is anonymous usage information (but what can we really know)?

    Users end up being stuck between a rock and a hard place with the only alternatives being Unix platforms which are substantially different from Windows.

    Microsoft Admits Windows 10 Automatic Spying Cannot Be Stopped

  • Rob Fisher

    I don’t really like the last paragraph, though. Especially as I think computers have the potential to mitigate some of the big problems of old age, like mobility and isolation.

    Before giving up computing, do what you can to get help with the changes. But the changes are unavoidable so don’t fight it.

  • I agree with Alex.

    The latest update of the Gmail app on my phone, for example, made it a lot harder to find the “delete quoted material” option. The result is that on a Gmail-based discussion group, there were some threads where you’d have something like 10 levels deep of nested quoted information on how to unsubscribe from the group of change delivery options. It ought to be feasible for the companies to push security updates separately from application updates.

  • bobby b

    Ted Schuerzinger
    May 14, 2017 at 11:46 pm

    ” . . . It ought to be feasible for the companies to push security updates separately from application updates.”

    It ought to be, but remember that these aren’t public utilities – they’re for-profit entities, and many of their non-security updates involve new paths aimed at monetizing their customer base. Making new ways to tie together all of the strengths and apps of their system is what drives their growth. Their systems and markets would be decidedly smaller today if we always had the easy option to “only accept security updates.”

  • Their systems and markets would be decidedly smaller today if we always had the easy option to “only accept security updates.”

    Even that approach doesn’t work. I remember when Microsoft was pushing Windows Genuine Advantage (phone-home spyware/nagware to identify copies of Windows XP which it spuriously decided were unlicensed), but nobody would accept the patch, so they just upped it from a “Software Update” to a “Security Update” and then finally to a “Critical Update” (or some variant thereof)

    With behaviour like that, is it surprising that we don’t trust Microsoft?

    Not that Apple or Google are much better…

  • The don’t click on a link or open an attachment rules may not apply to this particular malware but they are exceedingly good advice in general.

    Another bit of good advice: don’t keep all your eggs in one baskent and use the exact same set of tools to both download that movie from dodgysite.ru and do your online banking. Assuming your PC is powerful enough I strongly recommend using one or more virtual machines. One VM is for “living dangerously” and the other(s) are for online banking etc. The VMs should not share passwords via a password manager and ideally the living dangerously one will be some version of linux, simply because linux is less of a target than windows or Mac OSX. Separate VMs do two things. First it is hard for malware to break out of one VM to infect the others (or the host) and secondly much malware has Vm detection code in it so that it will either not run or do something obviously destructive like deleting everything when it finds it is in one.

    If you can’t run VMs then at least consider using different browsers, say, Chrome for business and brave for pleasure (or vice versa) and having an ad blocker or similar running.

  • I’m using Windows 7, which I keep updated. I cloned my system disk and let that disk update to Windows 10. I don’t really like it that much, and while it may be more secure against intrusions, I don’t trust the way it phones home. I don’t use Siri or Alexa or the like, which send my voice off to a distant computer to be analyzed for meaning. I don’t have a microphone or camera on my main computer. Whenever I do something worthwhile, I back it up to a USB3 drive, which I then unplug until the next time.

    In short, I have well-calibrated paranoia which has saved my bacon several times.

    I first used computers in 1960, and while I’ve never been a professional I’ve been drafted into acting like one a number of times. Most of the assembly languages I’ve learned during that time are as dead as cuneiform, the higher-level languages are gathering dust, and unlike the Red Queen, I feel no desire to run as fast as I can to stay in the same place. When they stop updating Windows 7, then I’ll see how I like where Windows 10 has gone. And as a bonus, I completely avoided Windows 8.

  • Ian

    As yet another person with varied experience in computing and computer security from the perspective of the hound as well as the fox, I have to take issue with a few points, mainly because you claim the things on that list are what all security professionals do. I would suggest you should not generalise from the particular.

    1. Just because something is the latest version of x, y or z, doesn’t make it more secure and doesn’t mean you should upgrade for the sake of it. This is “versionitis”. Should I throw out my tablet because it only has iOS 9? No, I don’t think so. Must I upgrade to the latest Linux kernel? :chortle: Do I need to use Apache 2.4 instead of 2.2? No. Should I use Office 2016? No, not necessarily — I presume they still do security updates for older versions, not that I use Office. There can be valid reasons not to upgrade a piece of software, as long as security updates are still provided or the software is not exposed to malicious exploitation.

    2. As for always installing security updates, there are plenty of security updates that have no bearing on anything that the machine is being used for, e.g. a security update to fix an issue with bluetooth on a machine without a bluetooth chip, or an update to some software that is not in use. It’s more “professional” to hold back pointless security updates — at least if one is maintaining a remote machine for production purposes, but the rule applies more generally.

    3a. As for backups being “[not] even painful”, jeez! Maintaining regular backups can be one of the most tedious and annoying things in computing. Whilst technically it can be possible to back up a home desktop/laptop computer automatically, in reality there can be all sorts of issues involved, like setting up and managing a NAS or an offsite/cloud backup service. OK, recently it’s become a lot easier to do this with some OSes, but it seems a little like the NHS thing has made it easy to have a go at the noobs.

    4. There aren’t that many circumstances where a machine is able to “check tens of millions of passwords a second”, simply because often an attack has to go through a network or application with inherent or programmed limits. I recently looked into the method EE uses to set passwords on the routers they send out to people: they use three English dictionary words of 3-5 letters separated by hyphens, e.g. “none-shall-pass”. Can you set up a machine to try enough passwords over WPA2/PSK to be able to crack this password in any reasonable length of time? I bet you can’t!

    One situation where a machine could be set up to check tens of millions of passwords a second is where a database of hashed passwords has been captured. In this case, assuming the website uses good hashing and salting, as long as you don’t use one of the common passwords (e.g., abcdef123), or a common/dictionary word, or a common/dictionary-word-with-numbers on the end, or v4r1ants thereof, actually the password is probably good enough in real life. And even if one is checking ten million possibilities a second, it would take on average two months to crack a simple nine-digit letter/number password. How many attackers are going to bother, even if it only takes a day to crack? There are plenty of databases going around that contain hashed passwords that nobody has bothered to crack, because it’s not worth the CPU time and the passwords are mostly worthless anyway, even if they are also used for that person’s facebook account (woo hoo!).

    5. Two Factor Authentication can be less “secure” under certain circumstances, in that mobile phone TFA has an inherent Denial of Service vulnerability, since one requires mobile phone reception. This was until recently a constant irritation to me, as I would have to drive for a few miles to a pub that had WiFi and mobile phone reception to do what I needed to do on some services. That’s not “security”.

    I could go on, but I simply felt I had to answer a sententious, and in the end rather hysterical harangue. There are really no hard-and-fast rules.

  • bobby b

    ” . . . do not ever, ever, click on any link in an e-mail, nor open any attachment, unless you are absolutely sure it is genuine.”

    You can avoid everyone who might possibly have polio, or you can get vaccinated for polio.

    Getting vaccinated is simpler, less time-consuming, and more effective. Keeping your computer updated is like being vaccinated.

  • bobby b

    “Ian
    May 15, 2017 at 12:56 am

    “There are really no hard-and-fast rules.”

    Sure there are. Here’s three:

    1. Unless one takes Ian’s advice and hires a full-time trained systems administrator for their home computer, it is generally wise for normal, average computer users to follow the advice given by Mr. Metzger.

    2. Any general explanation of best practices in a techie field can always be attacked at the fringes by pointing out specific exceptions and qualifications that could be more precisely addressed by “a Professional.”

    3. If you’re critiquing someone’s general security advice to noobs and your planned reply includes an insider’s chortle about the latest Linux kernel, you’re signaling, not helping.

  • gnealhou

    For the slightly more paranoid:
    1. Maintain two password vaults. An internet based one for non-critical financial passwords (facebook, a variety of site forums, utilities, etc.), and a local one for financial passwords (banks, 401k, etc.). The local vault lives on a USB key is backed up, and has one printout in a very secure location.
    2. Don’t keep your email password in your vault. Why remember email separately? Because every single account can be reset using my email, and on the unlikely chance someone breaks the vault, they don’t get my email.
    3. Set the email/vault password to prompt regularly (weekly, at least) so you don’t forget.

  • Ian

    bobby b,

    1. This is not the case, since it puts the user to more trouble and expense than necessary, considering the risk. Also upgrading software is risky too.

    2. I don’t think I called myself “a Professional” with a capital “P” — that’s snark. In fact, I object to the tone adopted by Mr. Metzger who seeks to speak for All Professionals, and I think he’s wrong not at the fringes but in a few key areas.

    3. Yeah, I’m signalling that even the maintainers of the biggest Linux distros don’t automatically update the kernel – for security/stability reasons. But perhaps they’re not Professionals with a capital “P”.

  • Perry Metzger (New York, USA)

    Ian says:

    1. Just because something is the latest version of x, y or z, doesn’t make it more secure and doesn’t mean you should upgrade for the sake of it.

    No, it doesn’t inherently make it more secure, except I can name specific features in Windows 10 that make it dramatically more secure than Windows 8, and I can name specific features in MacOS Sierra that make it more secure than its predecessors. And, since you’re also an expert, or claim to be one, you should be able to name them.

    As for always installing security updates, there are plenty of security updates that have no bearing on anything that the machine is being used for, e.g. a security update to fix an issue with bluetooth on a machine without a bluetooth chip

    An interesting choice. Name a personal computer sold in recent years without bluetooth? You picked a fantastically bad example there. Regardless, it is not particularly easy for an individual home user to figure out that a patch doesn’t apply to them, and why would one even bother to find out?

    As for backups being “[not] even painful”, jeez! Maintaining regular backups can be one of the most tedious and annoying things in computing. Whilst technically it can be possible to back up a home desktop/laptop computer automatically, in reality there can be all sorts of issues involved

    Apple’s Time Machine automatically backs up Macs just fine, and automatically. Microsoft has similar software now. Third party solutions like Arq and the like are painless.

    There aren’t that many circumstances where a machine is able to “check tens of millions of passwords a second” simply because often an attack has to go through a network or application with inherent or programmed limits.[…] One situation where a machine could be set up to check tens of millions of passwords a second is where a database of hashed passwords has been captured

    Attackers do these cracks offline, not over the network. That “one situation” is the only situation that counts, but captures of full password databases are routine, and huge dumps online are one of the big sources researchers have for what passwords are in common use. Online, you can’t possibly operate at that rate. Offline, you can run as many cracks in parallel on your rented hardware as you like. And offline, passwords will fall fast, even if the systems people are using reasonably good hashes.

    Two Factor Authentication can be less “secure” under certain circumstances, in that mobile phone TFA has an inherent Denial of Service vulnerability, since one requires mobile phone reception

    Why would you need reception for your U2F app to work? And don’t tell me that someone who does security professionally actually uses SMS for 2FA.

    I would go on, but I see little point. Generally speaking, I disagree with more or less every point you made, which is unusual.

  • Eric

    If you’re critiquing someone’s general security advice to noobs and your planned reply includes an insider’s chortle about the latest Linux kernel, you’re signaling, not helping.

    This is very true, and that sort of nonsense comes up all the time. I’m a Linux guy myself, but I run Windows at home because it’s more convenient for the sorts of things I do at home. Perry’s advice is spot on for people who don’t have an IT department to manage their machine.

  • JB

    Although MS is offering Windows 10 for free, is that true for Enterprises? Or does it charge them for update. Also, regarding those businesses and organizations that were hit because they were running older versions of Windows – was MS collecting licensing fees for their use?

    I am not professional, so excuse this question if it seems silly.

  • Ian

    Perry,

    You are clearly trying really hard not to accept the obvious point that it doesn’t always pay to upgrade, e.g., FamilyTreeMaker. Sure, I get that you love Windows 10, but in your point (1) you massively overstated the case about what “[e]very professional security person does”. As for your security test, what would that prove?

    Lots of PCs have motherboards with bluetooth-capable chipsets but no antenna. So, yeah… carry on updating all that shizzle, “[e]very professional security person does”!

    Yes, I know Windows 10 now has a backup thing. I know this because I had to reinstall Windows 10 for a friend who got scammed by a browser popup window and actually phoned up the “helpline” number and gave them a remote desktop. And yes, I know Apple has that, heck I was considering moving everything over to Apple just because of that. But for everyone else, would it be “painless” to do the research to look up Arq, or some other solution? I doubt it. Most people wouldn’t have a clue. And there is lots of crappy backup software out there.

    Lots of attacks happen online, without offline brute-forcing of password hashes. Apparently Yahoo used to be very “helpful” at this: they wouldn’t rate-limit queries, and would even tell you if a given username existed or not. They might even still do this. Lots of sites are wise to this now, but it still seems to happen that people can make multiple guesses at passwords without the user receiving notifications. At least that’s what seems to have been behind some of the various celebrity hackings — certainly you are not suggesting that those attackers have the entire Instagram, Facebook, Twitter, etc. databases? So that “one situation” that I mentioned is not “the only one that counts”.

    As for the existence of password dumps, if memory serves these have come from plaintext databases or databases that used MD5 hashes. I think you are vastly exaggerating the ability of non-state actors to brute-force SHA-xxx hashes.

    Yes, I do use SMS for TFA — can’t really help it, Vodafone insisted on it, and HMRC also uses telephone TFA. Does that make me a professional non-person? (Oh the delights of the expertocracy.)

    You say that you see little point going on. I think that is something upon which both of us can agree 😉

  • DT

    3a. Make sure your backups work.

  • APL

    “Every professional security person does those things.”

    Hmmm! Computer professionals are running Microsoft windows.

    First rule is: Don’t use Microsoft windows.

    Microsoft, single handedly spawned the entire Malware, Antivirus industry.

    But in this case they’ve been aided by the NSA that appears to have allowed modified hacking tools to be disseminated via their own incompetent security measures.

  • bobby b

    APL
    May 15, 2017 at 7:13 am

    “Microsoft, single handedly spawned the entire Malware, Antivirus industry.”

    Isn’t this somewhat unfair?

    Certainly Microsoft has been guilty of some laxity in addressing issues as they arise, but isn’t the primary driver here the fact that the Microsoft marketshare of operating systems in computers has always been so dominant that the efforts of malware-creators have always been most profitably directed at writing malware attacking Microsoft OS’s?

    Were I a house burglar learning how to defeat front door locks, it would make the most sense to learn the most prevalent brands of front door locks first. Gives me many more targets that way.

  • Matthew McConnagay

    …every once in a while, I hear from someone… that they’re just unable to keep up with new software and the like. “The new version looks different. I don’t want to update because the buttons might be in different places.” My advice, my sincere advice, is that if you can’t keep up with small changes like that… get rid of your computer. […] Not being able to keep up with this stuff is kind of like not being able to safely drive a car. If you’ve got a problem with your eyesight and can’t drive safely, the answer isn’t that you keep driving and kill people on the road, the answer is you stop driving.

    That’s funny. My go-to analogy in this situation also involves cars: imagine if every time you took your car to the mechanic, he moved the gearstick a couple of inches to the left, or the volume knob on the radio a couple of inches to the right, or he changed the steering wheel into a steering helmet that you operated by waggling your ears. You’d be really annoyed, right?

    Maybe I’m just a simple noob who ought to throw his computer in the bin, but for the life of me I can’t understand why continuity of the user experience is so low on developer’s list of priorities. Why is it impossible to make the computer more secure without causing the user a significant amount of arseache?

    Well, I say I can’t understand, but in truth I think I do: it’s because software developers are, to a man, exactly the kind of wanker who’d bloody love if their car had new knobs to fiddle with every 6 months. A pox on all their houses.

  • Alisa

    Actually, car designers are doing the exact same thing – only it is less noticeable, because we don’t “update” our cars (i.e. replace them with newer ones) as often as we update our OSs.

  • Alisa

    Plus, to those here who are all excited about autonomous cars: the updates on those will be just as frequent as the ones we currently get on our PCs, but many times as annoying.

  • Mr Ed

    bobby b

    “Microsoft, single handedly spawned the entire Malware, Antivirus industry.”

    Isn’t this somewhat unfair?

    Isn’t it a bit like blaming wildebeest for lions on the Serengeti? But if the wildebeest were to insist on sticking to coating themselves in BBQ sauce and wandering about alone, questions might fairly be asked if that was wise.

    Alisa

    the updates on those will be just as frequent as the ones we currently get on our PCs, but many times as annoying.

    Judging by the spread of this malware, the ‘update’ will be in the form of a tree implant in the bonnet.

  • Michael Jennings

    I don’t own a car, but I rent one about once a month. The lack of consistency in the locations of the controls for the headlights, the windscreen wipers, and the indicators is unendingly irritating, as is both the location of the fuel cap (which side of the vehicle) and the controls for actually opening it. (There are others, too). I can’t help but think that there could be a great deal more consistency there, too.

  • PersonFromPorlock

    Matthew McConnagay
    May 15, 2017 at 1:12 pm

    Maybe I’m just a simple noob who ought to throw his computer in the bin, but for the life of me I can’t understand why continuity of the user experience is so low on developer’s list of priorities. Why is it impossible to make the computer more secure without causing the user a significant amount of arseache?

    Porlock’s Third Rule of Software is that programs that work will be improved until they no longer do.

  • Perry Metzger (New York, USA)

    Improving user experience is very high on most developer’s list of priorities. Unfortunately, it turns out to be very, very hard. Making software secure is also relatively high on most people’s priority lists, and also turns out to be very, very hard.

    I understand that there is a desire by people to simply insist that these things should be easy. It reminds me much of the insistence that we can “fix” poverty just by passing some law saying, for example, that no one will be paid less than a certain amount. One believes, naively, that the problem is not that the issue has certain intractable qualities, but rather that it is simply bad people who won’t behave themselves that is behind the issue. I assure you it isn’t, any more than it is in the economy.

    And yes, there is much that can be done to improve software quality, and we’re learning more about how to do it every year, and some organizations do indeed manage it far, far better than others. However, it turns out that even for the best organizations it is very, very hard.

    People who know nothing about programming imagine it is trivial. People who are learning the craft and only know a little bit about programming find it insanely hard. Eventually after learning more and getting experienced, programmers get to a phase where they know quite a bit and are arrogant and think it is easy once more. This is when programmers are at their most dangerous because they do not understand the damage they can cause. Then, once you really, really understand programming well, you start to truly understand how hard it is, and how rare the skills required to do it very well are, and you start wondering at the fact that we’ve come as far as we have.

  • Matthew McConnagay

    Perry – I wasn’t complaining that software doesn’t improve. Almost the opposite, in fact: continuity of the user experience is a low priority for software engineers, I said, not improvement thereof. If developers could remember that that which ain’t broke don’t need fixin’, I think we’d all be a lot happier. (And if you want it in economic terms, think of all the productive hours wasted getting to grips with software’s latest idiosyncrasies.)

    Here’s something interesting, though: I said “I want things to stay the same” but you heard “I want things to change”. Is that not emblematic of the very tunnel vision I was whingeing about? :p

    Porlock – that’s the nail hit square on the head

  • PersonFromPorlock

    Let me suggest a hardware modification that makes backing up a lot easier; install two trayless mobile racks, one holding the system HDD and one to take a backup HDD that, once the system drive is cloned, is removed and stored unconnected. With Mint Linux and Clonezilla, it takes me about ten minutes to clone a corrupted system HDD back to virtue.

    This does nothing for security, of course, but it helps recovery; I have by now crashed enough copies of Linux through maladroit ‘improvements’ that I regard interchangeable HDDs as essential.

  • Laird

    PerryM, I second what Matthew said and think that your reply to him was a bit unfair. “Improving the user experience” doesn’t necessarily (or even usually) require gratuitous changes to the interface. In fact, the entire purpose of the GUI is to insulate the user from the deep workings of the computer (to spare us from having to learn DOS commands, for example). And that interface can be kept unchanged even if everything “under the hood” has been completely rewritten. So I think Matthew is correct: too many developers are more interested in creating the most “elegant” (in their mind) solution to every perceived problem than in simplifying life for us ignorant users.

    Somehow, over a century, we’ve managed to go from rotary dials on candlestick telephones to pushbutton phones to completely electronic cell phones without ever changing which letters are assigned to which numbers. Computer developers should take a leaf from that book.

  • Alex

    The GUI abstracts the deep workings of the computer, but so do CLI (command line interface) applications. They are complementary not opposed styles of software.

    Most software developers actually do value stable interfaces greatly. APIs (application programming interfaces) to ABIs (application binary interfaces), interface definitions (sometimes known as code contracts) in object oriented software development, and versioning are all attempts to stabilise interfaces with varying degrees of strictness, and success. Stable user interfaces are likewise valued by programmers as they are by end users. We’re all end users of one software or another.

    Most of the time the real reason for drastic change in interface is “Embrace, extend, and exterminate” – planned obsolescence and deliberate strategy of change to help them dominate the market.

    Microsoft particularly, and others, know exactly what they are doing when they refuse to provide security updates without bundling other features into the updates.

    Large organisations that have specialised needs and large networks of computers should really be considering whether Windows meets their needs properly. End users frustrated by having an OS that refuses to provide security updates without other ‘treats’ should vote with their wallets.

  • bobby b

    Matthew McConnagay
    May 15, 2017 at 1:12 pm

    “Maybe I’m just a simple noob who ought to throw his computer in the bin, but for the life of me I can’t understand why continuity of the user experience is so low on developer’s list of priorities.”

    Market share.

    OS creators profit far more by attracting new users – first-time buyers plus people replacing equipment who move to their brand – than they do trying to keep existing users who value continuity.

    Plus, if you – like me – do value continuity, then your easiest choice will be to stick with your present brand in spite of whatever changes are introduced. Even if your GUI changes with a new version, it will still be the system most like what you had before. Switching brands will give you maximum change, while moving to the new version of your old system will still involve change, but less of it.

  • Ian

    There’s no particular reason the UI needs to change with the underlying software… just that, with Windows, the two are tied into one product. I got pilloried for mentioning Linux in a supposedly snobbish fashion earlier, but I’ll risk pointing out that there are a variety of GUIs for Linux, and it seems probable to me that Windows will have to move in this direction. I guess a lot of people would prefer a Windows GUI that resembles XP.

  • bobby b

    “I got pilloried for mentioning Linux in a supposedly snobbish fashion earlier . . . “

    That was me, and I didn’t mean to suggest that mentioning Linux was snobbery. It was tech-ery.

    What I meant was that, while Mr. Metzger was giving good generalized advice to the mass of non-techies (such as me) that would increase their safety and security while using a computer, you were contesting his advice at the margins, at a level that was unhelpful to what he was accomplishing.

    I doubt that you would argue that his advice would not increase most users’ security. I doubt that you would discourage individual casual users from updating when updates appear. I doubt that you would discourage good password practice or backing up data. I read your argument to instead say that one could fine-tune that advice to be even more effective.

    But most users are incurious enough about the mechanics of computing so that that fine-tuning will never happen. It would be a significant improvement to their security to follow Mr. Metzger’s advice. It may well be that your fine-tuning advice would improve it even more, but the manner in which you presented it would mostly just discourage people from the basic first steps he advised.

    Your Perfect would mostly act to impede Mr. Metzger’s Good.

  • My work resembles that of Perry Metzger (New York, USA) enough for me to say, from experience, that his comment at May 15, 2017 at 3:49 pm about this stuff being quite hard has content. Dilbert cartoons also have content – there is often folly in a large organisation – but just as we may think socialism would not work even if a party of competent and moral people implemented it, so PerryM is right to say that this stuff can remain hard, even when Dilbert’s boss can be kept out of the picture.

  • Ian

    bobby b,

    Well, yes, I was being part devil’s advocate and part pedant, and I agree in some measure with what Perry has been saying. I myself follow some of the same practices that Perry has advised, in fact I frequently give the same advice to other people: run those security updates, keep automated backups and use a password manager. That’s good advice. However, the way the advice was put across really irked me, not just because there is room for argument on the margins, but because (in principle) security doesn’t come from following rules, but from understanding systems. And in particular I dislike the notion that ordinary people can’t become savvy in this area because they’re not one of the credentialed class of “security professionals”.

    The example I gave above, of a friend whose system was compromised because he believed a pop-up window in a browser in which a so-called “professional” told him to ring a number shows that (in fact) believing in those who call themselves professionals is not a good strategy, because then you’ll just do anything that someone sufficiently credible proposes. And you might end up having no means to judge their credibility.

    The only way to gain security is through knowledge, not by following rules set down by others, no matter how clever those people are.

    I could draw parallels, but I’ll refrain and just suggest that some of the attitudes expressed by others in this discussion (concerning usability) reflect some of my own concerns. We could all be as paranoid as anything, and go back to using typewriters like at the Kremlin, but for most people just watch out for those dodgy phone calls, try to use common sense and you’ll probably be alright. Bear in mind that we all give out credit card numbers, bank account numbers, etc., left right and centre. And take a pill.

  • Julie near Chicago

    No, we “all” don’t, Ian! ;>))!!

    One cc, for all online purchases and the phone bill (on Auto-pay); and, unfortunately, when I go through PayPal. (“Unfortunately,” because I’d like to boycott them. Along with lots and lots of other concerns. Including BMO, of which my bank is a division.) Locally, I pay cash.

    Once in a blue moon (maybe once in two or three years) I have to give out the cc number to some person over the phone, with the “security code,” which I suppose is at least a speed-bump to the cc-thief. But in such a case at least I’m the one who initiated the call.

    And I check the cc account and pay it off online. (No, I wouldn’t dream of dealing online in any way with investments of any type.)

    And that is ALL.

    .

    The first-best safeguard is a well-developed, though not hysterical, paranoia. The next is to consider whether or not to accept each “update” or “upgrade” the software co. is shoving at you, individually.

    I haven’t ever been infested, that I know of, but in the last year I’ve accepted updates from Mozilla and Wondershare, that have played very badly with each other and also have been a little rough with OS 6.8. Even with the “Install/Not Now” button there, it’s easy to click Install inadvertently. Which is what happened with Mozilla.

    Mac. Let’s see. We had OS 3.6, very good, still running on my 2003 G4 PowerBook, Firefox to match. Gets a majority of the websites that interest me, including YouTube, despite UT’s swearing to me that it won’t work. But nowadays I really only use it to play DVDs and games that need the OS 9 (Classic) system to run, and occasionally for a bit of reading.

    But haven’t you ever updated that system?? he asked, aghast. “Well, only once,” she answered. “Its original OS was 10.3.3. I intended to do The Smart Thing, and updated to 10.3.4 when it came out. By then I’d begun to see a lot of reports about OS updates, admittedly mostly to Windows, that broke things one way or another, or were unsafe. Caution seemed a good idea. So I waited, and I read, and I learned that the succeeding updates to my OS still had dangers in some circumstances. Then 10.4 came out. Hoo-hah, how great! Six months or a year later, people were complaining about problems. Same story with 10.5. So I stayed with Panther, 10.3.4.”

    Until 2008. Then I got a new MacBook Pro, running OS 6. Very nice! Smooth, A-OK, but only a measly 256G HD, and 4G RAM; so after awhile I started hankering for a little more storage space under the hood. On E-Bay I found a 2011 MacBook Pro upgraded to 1T HD space and 16G RAM, and the seller backed out whichever OS it had and installed 10.6 for me. What a sweet machine!

    (A year after I got it, the HD on the first MacBk crashed. *sob* Fortunately, the newer machine was here, ready to step in. The bad disk was replaced. All fine, except that I still need to find somebody who can retrieve whatever’s on the bad disk. My working files were backed up, so what I really lost was chiefly bookmarks. Oh well…probaby most of the sites are defunct by now anyway….)

    Early last year I inadvertently allowed Firefox to update itself. This was at the height of one of the gazillion Flash malware panics, and I updated that. There were Problems, which were really never resolved, but at least the system still worked. (I HATE what Mozilla ended up with. It had been possible to go back to earlier versions, even if they were no longer “supported,” but at that point they’d removed that possibility.) Well, it weren’t broke, but I let ’em “fix” it, and it still runs; just the steering’s quirky and the wheels are out of alignment.

    Then I made the mistake of accepting the video-recording update. Disaster. Somewhere along the way, Firefox, FP, WonderShare, and Big Fish Game Manager (also puts out iffy updates, and you have no choice; but at least they’re rare) got into it under the boards, and who is to blame I don’t know, but the Kernel got so panicky that now it crashes as soon as I turn it on.

    Yes, I passed on 10.7 (“Wonderful system! Luvvitt!”), which after awhile proved a clunker in the eyes of many. Same thing with 10.8. (One of my online computer-person pals had been crowing about how wonderful was the new OSs’ “Spaces” routine. It was dropped with 10.9. “if it ain’t broke….”

    A couple of years ago I got a new MacBook Air (“Airbook”–so much quicker & easier to say and write) which runs 10.9, “Maverick.” ‘S OK, nuthin’ great, in my opinion. In fact I don’t like it much. Still have the Firefox of the same vintage. Still have Wondershare on it, an old version, some of the functionality has disappeared but it’s usable, just slower and more painful than formerly, for whatever reason.

    .

    Mantras:

    Do NOT click on e-mailed links. Do NOT click on advertising links. ALWAYS BCC when sending to more than one person, and ALWAYS strip previous addresses, including your own, off forwarded e-mails. If your dentist sends you a msg with subject “For a hot time call GerryTerry,” don’t even open it. “watch out for dodgy phone calls”: Right on, Ian!

    (And along that line, why in the world would anybody follow the advice of some County Electrician or FBI guy to “call this number to verify who I am”??? In novels people do this all the time. It’s stupid. Go to the phonebook, or online yourself, and find for yourself the right number to call. Else slam the door in his/her face!)

    I really don’t think I’ve ever been infested, but I’ve seen a lot of obvious and many less-obvious phishing and perhaps malware-planting exploits in my Inbox.

    And, most important of all:

    If it ain’t broke, don’t fix it. If you can’t escape “fixing” it, read up as best you can to get a feel for whether the latest “fix” really is.

    . . .

    Experts, advice, security, “Do as I do” implied, rather than the usual “Do as I say” Department.

    Blast from the Past:

    In the late ’70s and early ’80s I was first a programmer (Assembler, in that gig) on the IBM S/370 and after promotion, my new supervisor and I held down the entire datacomm department (hardware, software, customer training and service, liaison with the hardware and software reps and technicians) for a data-processing outfit that handled all the files, accounting, and datacomm for a bunch of banks.

    Toward the end of the ’70s, ATM machines were the hot new thing. Systems were developed allowing deposits as well as withdrawals to be made through the ATMs. About 1980 or so, I happened to hear on the radio an interview with the CEO of some bank. The gent was questioned closely as to the security of the ATMs. “So people don’t need to be worried about using the ATMs? Their accounts will be safe, and the withdrawals and deposits will be properly recorded and the accounts properly balanced?” the interviewer asked.

    “Absolutely!” said the bank guy. “Safe as houses.”

    “But do you use them?”

    “Certainly! No worries at all.”

    “And for deposits too?”

    “Well … no, actually I don’t make deposits that way.”

  • Julie near Chicago

    AGN, the very first comment: RIGHT ON !!!

    Matthew McC: The car analogy is great. Absolutely perfect. And your observation that continuity is very important to the User is very well made indeed.

    PfP: Surely does seem like it!

    Alisa: Excellent comments, 1:16 and 1:18. Both. 🙂

    Laird, May 15, 2017 at 4:42 pm: Correct. :>)

  • Richard Thomas

    For a while there was a conservatism in the unix/linux side of the computing industry that had people working towards stable, secure software. New programs and features would be added from time to time when needed or desired but the general direction of anything that was added was to improve things.

    Then the kids who grew up with Microsoft entered the scene. And they brought the bad habits of Microsoft with them. Suddenly it wasn’t enough to improve what was there but more important to get the new shiny in, whether it caused the software to barf or not. Break an old, well-used and loved feature along the way? Just disable it. Suddenly we’re getting “Awesome bar”s and software that was lean, fast and lightweight is bloaty and crashy and using up more memory than was available in two dozen standard 486s.

    It used to be amusing watching Windows experience and fix all the problems and mistakes that Unix had already been through. But then we had the newbs start adopting into Unix the mistakes that Unix had avoided the first time round. Now we have systems that do ostensibly the same thing that older ones used to but use orders of magnitude more ram and CPU and hard-drive. It’s no wonder attention is turning to netbooks and things like the Raspberry Pi.

  • Alisa

    And in particular I dislike the notion that ordinary people can’t become savvy in this area because they’re not one of the credentialed class of “security professionals”.

    But no such notion was put forward, Ian. Of course “ordinary” people can become savvy in this area – they (we) can become savvy in anything we put our mind to, but not in everything. That’s why “ordinary” people become “extraordinary” in different areas of expertise – i.e. we are all experts in something or other, but we can’t be experts in everything. And that’s why we do need experts and should listen to them, and follow the rules they recommend – albeit always very judiciously.

    However, the way the advice was put across really irked me

    The way Perry M. puts across anything seems to irk a lot of people, but it shouldn’t distract them from considering the actual content of what he has to say and judging it on its own merits. His advice in this instance does have a lot of merit.

  • Ian

    But no such notion was put forward, Ian.

    It wasn’t? Well it certainly sounded that way to me.

    His advice in this instance does have a lot of merit.

    Some of it does.

  • Alisa

    Some of it does.

    Well, yes, that is the default situation. I listen to advice, and then make up my own mind as to what is useful to me and what is not – but in any event, I try not to complain about the flavor of free ice cream – YMMV 🙂

  • jmc

    Sorry, Perry, you dont have a clue. Just a long collection of “security” shibboleths.

    Just been doing this stuff since 1983.

    First, most of these “security experts” have no real understanding of what is going on under the hood. They are just trying to sell you something. Give them a packet sniffer like WireShark and a JTAG debugger and see how far they would get in reverse engineering a system. Their level of technical expertise is little different from the script-kiddies.

    Second, if you are running Win32 or MacOS you can install all the updates you want but the only release that are actually properly tested are the major 10.x or SP x releases. All incremental updates make your system more unstable and therefor more vulnerable. So the first thing I do is turn off autoupdates when installing an OS and only upgrade when a major releases is done and there is some very compelling reason to upgrade.

    Neither Win32 or MacOS can be ever be secure. Ever. They are both wide open. Both codebases are a giant swamp of buggy code and no one in either company has a real idea of how the whole thing works, just small parts of it. And no one really cares. Given just a general description of the SMB exploit (short/long mismatch) it took me about 15 mins rooting around the xp codebase (yes its out there) to find the likely culprit. Yes, the code is that low quality. As are the people working on it. Make all security decisions based on that simple fact of life, the code is crap and always will be, and you wont go too far wrong.

    Third, first line of defense is a two layer firewall. One in the router. One of the machine. Nothing fancy. Anti-Virus software is pure placeboware, easily breached, and a complete waste of money and resources. Batch malware scanners can be useful if something odd happens but a wipe / restore is only safe way of dealing with a potential incursion. I’ve only had it happen once in almost 30 years of using networked / online computers. And I was just being careful. The breach probably did not happen.

    Fourth. Dont use Internet Explorer or Outlook. Ever. Replace the preinstalled Outlook file with a dummy file of the same name because MS keep reinstalling it you just delete it. That in itself will reduce you vulnerability by about 95%.

    Fifth. Install a flashblocker in your browser and disable the inbrowser viewers for PDFs and all MS doc formats. That reduces your vulnerability by another 95% (of 5%).

    If you have to go browsing in the neither regions of the internet use a browser running on Linux in a VM. There are bunch of preconfigured ones using the VMWare Player. As all the non targeted exploits assume your are running Windows browsing under Linux in a VM running on Windows will stop them in their tracks. Of course it wont stop a targeted attack but if you are such a target you will have far more serious problems than a compromised machine.

    The rest of staying secure is just pay attention. If something odd happens never be afraid to overreact. Which means push the offswitch. Immediately. Or pulling the power cord and the battery. Only did that twice. And on both occasions it stopped a breach attempt in its tracks. One was from an injection attack through a google search result. The other was from a friends machine on a local network. In both cases the breach failed. My friend did not follow my advice to pull the battery of his laptop immediately, he selected Shut down, and he spent the rest of the day wiping it and reinstalling.

    Even if you are totally paranoid and follow every last recommendation of the “security experts” and install a complete locked down specially hardened Linux, or even better QNX, better not run it on an Intel x86 P3 or later. Because there is nice little very obscure feature in the P3 architecture buried deep in the hardware manuals which means…. ’nuff said. If Intel did not have such a long and illustrious history of technical incompetence I’d believe that very useful feature was put in deliberately. But as its Intel, nah, its just pure stupidity. So I’d go with the AMD x86 to be on the safe side.

    But better make sure there are no IoT devices nearby. With a 802.n feature on the SOC, the one with the protocol stack in flash..

  • Sorry, Perry, you dont have a clue.

    Best to reply to Perry Metzger without a perambulator opener than suggests you are a dickhead.

  • […] at samizdata, Perry Metzger (not De Havilland) has a few trenchant observations about stupid people who don’t use condoms when they have unprotected Internet intercourse, or […]

  • jmc

    Nice reply, Perry. Which proves my point. My opening line was a direct response to your extremely strident tone. A tone of authority which I suspected at the time was unsupported by any real substantive technical knowledge of the subject. I’ve heard that tone of voice so many times in the past…I’ve worked in the Valley for several decades. For some reason its always the people in IT support who have this tone of voice. Never the developers and engineers.

    I’m afraid your post sounded remarkably like you were just repeating a network administrator’s checklist. Straight from a CCSA or MSCA handout. In other words an anodyne list of bromides.

    Some of the other posters made some very informed comments and suggestions which were rooted in the real world of securing software and platforms. But as yet I’ve seen little evidence so far of a practical and pragmatic approach to the subject in any of your contributions. Unless I missed something. Practical and pragmatic are the two key words in effective security. If it gets in the way the user will ignore it or work around it.

    Oh well. For most people just browsing on Linux in a VM will save a lot of potential heartache. But what would I know. Just been doing this stuff at the bare iron level for a long long time. You know, the fun stuff. Including the kind of software thats classified as “munitions”. Or the sort of stuff that can legally can only have one customer. The TLA’s. That project was never finished. Not much point when there legally can only be one customer.. Well at least one of the commercial mobile secure browsers out there has my design finger-prints on it.

    Out of curiosity, did you understand anything I wrote in my post? Based on the high general quality of the comments I’m sure most of the commenters would have got my drift and might even have found it informative and / or useful.

    Or maybe not.

  • Laird

    jmc, what you have been entirely oblivious to is that in your first comment you were replying to Perry Metzger’s original post, but since you used just the name “Perry” it was taken to mean Perry de Havilland, the owner of this site and our gracious host. And it was he who replied to you at 4:04 PM, which was clear from the name in his comment. So in addition to being supremely rude, you are also so careless that you pay absolutely no attention to whose posts you are replying to. You owe Perry de H an apology, and you’ll be lucky if you aren’t simply banned from this site.

  • Snorri Godhi

    A bit late to the party, but i’d like to mention a rather obvious security measure that anybody can easily implement: multiple user accounts. Maybe most people here already use this precaution, if so feel free to sneer at me.

    I have a super-user account, 2 accounts that i use when connected to the internet, and an account which i only use offline. To visit dodgy sites such as Samizdata*, i use the minimum-security account, which does not even have a password. To use email, and for financial transactions with 2-factor authentication, i use the medium-security account. For upgrades, and financial transactions without (or possibly with) 2-factor authentication, i use the super-user account. As an additional precaution, not everything in every account is visible from the other accounts.

    If somebody can tell me what is wrong with this arrangement, i’d be grateful.

    It is not a substitute for making backups, of course, but so far, i have used backups only after disk crashes.

    BTW i use Linux, but mostly because here i don’t have to pay for Windows when i buy a computer, unless Windows is actually installed. (Not sure about the rest of the world.)

    * irony alert

  • Ian

    Privilege escalation.

  • Rob Fisher

    jmc, if you really have managed to get your dad and your granny and your aunt in Connecticut to surf the web in Linux in a VM, I’m impressed.

  • bobby b

    I encounter many people who have had problems with some aspect of the law, whether it be civil law or criminal law.

    I’m a lawyer, and have a fairly comprehensive knowledge of many aspects of the law. This knowledge allows me to avoid many pitfalls in which non-lawyers become entangled.

    But it has never occurred to me to scorn people who have failed to attend law school – to denigrate the intelligence of all of those who didn’t make my focus their own – to speak derisively about how, with very little effort, everyone could learn the law if they would only get off their butts.

    It’s not going to happen. That’s why some of us learn law, some of us learn medicine, some of us learn computing . . .

    When my physician scorns me for lacking some of the knowledge he holds after years of schooling, it’s my physician who has failed.

  • Perry Metzger (New York, USA)

    Bobby B: Can you name where I scorn anyone for not having knowledge rather than for failing to listen to advice?

    Your physician should indeed scorn you if he tells you that you have an infection and need to take antibiotics and you instead go for homeopathy without having good information that contradicts his position. Note that I don’t even claim someone should listen to me because I’m an expert, merely that if you decide not to listen to an expert, especially one that has explained their reasoning to you, you had better have very good information of your own.

  • Perry Metzger (New York, USA)

    Snorri Godhi: If you’re willing to experiment with privilege separation at that level, I suggest playing with an operating system like Qubes. I would hesitate to recommend it to most people because the median computer user is already having trouble with the very simple to understand setup they have. However, if you’re willing to go as far as you have already, you might benefit from it.

  • bobby b

    Perry Metzger (New York, USA)
    May 17, 2017 at 11:55 pm

    “Bobby B: Can you name where I scorn anyone for not having knowledge rather than for failing to listen to advice?”

    JFC. That comment was aimed, not at you, but at Ian and jmc, who seem (to me) to be telling people that your advice was too generalist, or too simple, or too . . . something . . . to provide any help. They seem to think we all need to learn wtf a QNX is, or what a P3 architecture means, before buying an off-the-shelf computer and surfing with it. I’m betting that 95% of (non-corporate) machines are run for their life exactly as the factory set them up, which means your original advice was worthwhile and valuable.

  • Perry Metzger (New York, USA)

    Ah. My apologies for misunderstanding. I have to admit that after the discussion started getting heated, I began only half following it.

  • Mr Ed

    Thank you Perry for posting on this topic, most illuminating. I have found, FWIW, a video on the excellent YT channel Computerphile (presented by academic computer scientists) on the matter of this ransomware, with the excellent Dr Mike Pound of Nottingham University giving a perspective.

    I like his comment that complaining about getting hit by this is a bit like crashing your 1940s Ford and complaining that the airbag hasn’t gone off (unless you had one installed). He also says at 11’38” that if you are running XP, the first thing that you should do is turn off your machine, as you have got no business running it, but he accepts that there are legacy machines with XP.

  • Snorri Godhi

    Thank you Perry (M) for your advice. I must be a strange mixture of advanced user and computer illiterate: i would probably be unable to install Linux by myself*; i don’t think i ever heard about password safes before reading your post — and yet you say that i might want to go beyond Linux!
    (That goes with my having done research in CompSci departments, without any relevant paper qualification.)

    Maybe the thing to do is buying a new laptop before starting to play with Qubes: that way, i can always fall back onto my current laptop and Linux.

    * fortunately, having a pro install it costs much less than Windows.

  • Perry Metzger (New York, USA)

    Snorri: If you don’t feel comfortable installing Linux, Qubes might be a bit problematic for you. I would suggest playing with it and seeing before committing.

    I tend to pitch general advice to general users. Unusual users may be able to make use of unusual and interesting new security mechanisms, of which there are a great many out there, but most of them have very sharp edges.