Monday, October 13, 2003

Badgers? We don't need no stinkin' badgers!

Ever wonder where the book burners from the 50's went to? They went online.

Why am I saying this? I'm reading a lot of discussion concerning the "we gotta do something to fix this" movement where people are suggesting that "we" "fix" IRC, SMTP, and HTTP so that the miscreants can't abuse them anymore.

At face value, this might appear to be a good idea. But if you think about it, it's a horrible plan.

First, there's little wrong with the actual protocols. It's the software at the client end of the protocol that's the problem (mostly). Whether it be the horribly insecure mail client or the worm with the built in IRC bot.

Second, adding features to a product rarely makes it more secure. The more complex a program is, the more likely it will contain errors and/or exploitable "features" (not necessarily bugs).

Third, it smacks of vigilante justice which I severely mistrust. (Ask me sometine about my coffee drinking habit getting my 80-year-old grandmother in trouble with the church.)

Want to make the internet a safer place to work/play? Try a few of the following:

  • Use a different mail client at home than you do at work. If possible, don't use the Outlook/Outlook Express.
  • For that matter, use a different OS (or at least a different version) than what you use at work.
  • Use a different virus scanner at home than you do at work. Ideally, your work will use more than one scanner. Make sure to check for new signature updates on a daily basis.
  • Use a firewall. If possible more than one. (i.e., use a software-based one on your computers along with the one on the four-port router.) Ideally, your employer will use a corporate-grade firewall which hopefully has application proxies for most of the protocols used. In any case, configure your firewall(s) to only allow those protocols that you need to conduct business/pleasure. Turn off everything else.
  • Learn how to read your log files. Why go to all the trouble of getting those neat security tools and then treat them like pretty toys?
  • Learn how to read message headers. It will help when you're trying to figure out if Aunt Milly actually sent you that infected message.
  • Learn how to politely report incidents where they be spam, ports scans, or viruses. Most ISPs will respond to effective and polite emails indicating that something is amiss in their networks. Be polite even when you're angry. Even if it hurts.
  • Pick a computer news site, an anti-virus vendor's site, and a CERT site (there's lots of them). Visit each of those sites at least once a week and read the "new stuff". For the really adventureous, find a RSS feed aggregator and subscribe to a bunch of security-related feeds. (Personally, I like BlogLines which is completely online and if you ask nicely, I provide a list of the feeds I use.)

You don't have to do all of the above. Two is okay. It improves life for the rest of us just a little bit. Anyone else have any suggestions to add to the list?