Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

WARNING! - Firewalls are useless

Dec 8, 2005 7:29PM PST

I recently installed RealPlayer, and took note of the fact that their EULA mentions:

6. FIREWALL CONFIGURATION. The Software configures certain firewall applications such that the user is not alerted when the Software requests or receives data necessary for playback of content over the UDP protocol.

After installation, I checked, and sure enough, ZoneAlarm listed several Real components, with Internet access enabled!

If Real can do it, then so can a virus or any other malware, rendering ZoneAlarm totally useless.

It would appear that this weakness is not limited to ZoneAlarm, but is one that's inherent in all firewalls. Here's what Marc Maiffret, Chief Hacking Officer at eEye Digital Security, had to say when I informed him of my findings (I'm quoting him with his permission):

There is no personal firewall out there that will stop local code from being able to communicate out to the network if it wants to. ZoneAlarm is easy to bypass to communicate out to the world.

The problem is that most other people still believe in things like ZoneAlarm... I can't understand why.

(End of quote)

And there's no easy solution. You can check ZoneAlarm's programs listing to see which ones have permission to access the Internet, but it's highly unlikely that you'll recognize all the program names listed there - even the legitimate ones. And even if you check on a regular basis, if you find a rogue program there with Internet access, the damage may already have been done. It may have already sent out your passwords, credit card numbers, etc.

It's important to spread the word. People need to know that their systems aren't as secure as they think they are. And with enough publicity and pressure, maybe the companies writing firewall software will address the problem.

Discussion is locked

- Collapse -
Good thoughts but..........
Dec 19, 2005 1:00AM PST

sometimes you must swim through a lot of misinformation or insults. What is "obvious" to some is another language to others. Please do not assume others are not trying "this and that". The "googles" "yahoos" are fine but not the "end-all-to-be-all" too everything, sometimes just the volume is daunting. I am sure you saw in school people learned best in different ways. Unfortunately, the whiz kids always "turned on the key and stepped on the gas" leaving the rest of us to pick up pieces, including unwrapping them from around the tree when they crashed.

As to the "pay on line" where either a bank account or credit card are automatically debited can be dangerous (I have only one auto pay, my ISP). One person learned that the "human" on the other end is fallible and that companies once they have the money hate to admit error and give it back.

The charge was for $50.00, the vendor's clerk keyed $50,000.00. The system didn't have a "logic sniffer" to ask for a review of entry. The person didn't know anything was wrong until checks started to bounce. After a few MONTHS of run-arounds, the person had to call one of the TV-consumer helpers. Even they had to "convince" the vendor of the error. When some "lightbulb" or reason lit up, they still didn't want to clean up the damage of bounced checks--fees to businesses who were stiffed, the bank's individual fees and, oh yes, clearing the person's good name with the credit reporting bureaus.

Technology is only as dependable as those using it and there are many of us who ask and are dusted off with "everyone knows that" w/o a useable answer.

- Collapse -
Equally good thoughts, but...
Dec 20, 2005 9:32PM PST

These forums are full of people who want to demonstrate their knowledge and are eager to help. I ask stupid questions in forums all the time and never get insulted. On occasion somebody trying to help will give me some bad information, usually by accident, but that will be corrected by a dozen other people who are equally eager to show their knowledge and show up another advice-giver. Fear of being laughed at is rarely justified, in my view.

That being said, you have to pick your forum. CNET is a better place to ask new user questions than a developer's mailing list, or a teenager's chat room. Usually a forum has a FAQ that tells you what its target audience is. Also, if you preface your request for help by complaining about how terrible the software is (as is often the case) people are going to point out that the software works fine if you know how to configure it (in courser terms).

If you do not need to use the pay-online thing then why do you complain about the world forcing you to use it?

And when you say that technology is only as dependable as those using it, I must say that that I agree. That, in fact, has been my point for a while. If you want your technology to work dependably, learn to use it dependably. If you don't care, don't bother, but don't complain either.

- Collapse -
The point is....
Dec 21, 2005 2:53AM PST

The ''powers-that-be'' are trying to ram more than this ''pay online or pay extra in hefty fees'' down our throats. It is going to snowball. This is being generated from the government down. In a few years, we won't be able to get U.S. Savings Bonds (no longer the best deal) unless we go online or file government required forms w/o using ''fill-on-line-forms'' (think income taxes) and it will go from there.

''If you do not need to use the pay-online thing then *WHY* do you *complain* about the world forcing you to use it?''

Because IT IS being rammed through. It is just like the idea that ''EVERYONE'' has a cell phone and the pay phones are disappearing. There are many people not fortunate enough to afford the computers, online service, cell phones, etc., much less understand how to use the equipment. Some will say "go to the library" but they are not the securest places to key personal info. Another example, utilities are shutting down places for people to pay their bills.

There is a difference between complaining and explaining, but it depends on the mindset to what one sees.

- Collapse -
I thought the point was...
Dec 21, 2005 10:49PM PST

This is just one more reason to learn to use your computer more or less.

I know it is confusing. I know many people don't want to, but you have to operate in the world you are in. I don't want to have to drive to work every day but there is no bus and getting an apartment near my place of work costs enough that I would not be able to do some other things that I enjoy. So I learned to drive and now I drive to work. People could continue to do things the "old way" but they would rather spend the time money on other things. So many go and get a computer, or a cell phone. Now they should learn to use it, and if they don't and it gets messed up because of it I have no sympathy.

As for the poor who cannot afford technology: This is another issue entirely. True, one of the many negative effects of poverty is denial to basic services, such as medical care, education, and information. This is a regrettable situation that demands attention. However, the technology itself is not to blame and this should not be used as an argument against progress. Take the industrial revolution as an example. This fundamental change in the way we produce things was undoubtedly an overall good thing; life today is much better and longer for most of us because of it. However, the change was implemented in such a way as to make it extremely painful on the people transplanted from more traditional means of production to become workers in the huge factory-cities. Indeed, in many parts of the world this change is still in progress and people are impoverished by it.

The change to a greater presence of information technology in our lives is, I think, going to be a good thing in the end for most people. At rate the change is probably unstoppable, and not because of the "powers that be" but because we the people love it and rush out in all our collective dollar democracy to buy it. I doubt that many people would want to stop it, anyway, just as an underwhelming minority (mostly consisting of the Amish) has chosen to forsake the comforts that modern industry brings even though this is quite possible. Of course, the IT revolution could be a horrible change that leads us to an Orwellian state, depending on implementation. Preventing that from happening is, of course, a social responsibility that we all share. So, rather than a troglodyte-esque denial of the technology already making its way into our lives (arguably unavoidably), it would be better to learn to use and understand the technology at hand in order to be a better informed participant in the economic and democratic processes that will ultimately steer its implementation in one way or another. The "powers that be" have little power against an informed and active plebius.

Seen in this light, beyond simply being a necessary chore for safe computing, learning to use your computer (and through this coming to understand the fundamental technology behind many other pieces of information technology) may in fact be one of your basic social responsibilities.


Oh, and as a side note, if you go to the library and get a few books on computers rather than just using the computers they have, you can learn how to build a solid PC that will allow you to surf the internet (including your online bill pay) and do office-type work for less than $400 (including software and peripherals... not to mention learning marketable skills as a side effect) and then get internet access for $10 a month. If you are so poor that this is outside of your price range, then the goodwill sells some decent computers for less. If you are so poor this is outside of your price range, you have much more serious issues than access to technology.

- Collapse -
It is a mindset challenge.
Dec 22, 2005 2:46AM PST

Those who have the gene or language of the IT can read those books and say ''of course''. Then there are those of us, labelled lazy, dummy or some other unflattering term, say ''huh?''

An IT person was assigned to instruct the staff on the use of computers and the changing net work connections and a newly developed tracking software. First day started ''Now we turn on the computer. This is the mouse (these people had been using computers for a while). Day two, now when you want to *****, just type ***** (some unexplained acronym) and it went from bad to worse. It was all second nature to him and he missed many steps inbetween.

We set up our own discussion group afterward and called each other for help, not him. His explanations were as clear as all the manuals and handbooks. By reading MANY books, I have been able to fill in some spots the authors must have thought was too obvious and ''everybody knows that''. We are told the IT/programmer mind must see all the small pieces but once they are ingrained, they forget the rest of us have not had the "priviledge" of ingraining these steps.

Next trouble is that just as soon as most holes are filled, then the ITs changed the rules/process/equipment/software ON THE WEEKEND then took Monday off because they're so worn out. Thank god I had stood my ground and wouldn't let the take my xerox memory writer or calculator. Also had a small, portable, manual typewriter tucked away the day the power was off.

As someone said earlier, we need to agree that we are going to disagree. Just don't execute those of us who are LUDITES, and we of the differently wired mind will withhold our unsympathetic understanding of the IT side.

And as far as ''internet access for $10 a month. If you are so poor that this is outside of your price range,'' Excuse me, this reminds me of the ''good'' child/kind neighbor who gives granny/or the poor neighbor kid a puppy. Of course granny/the parent doesn't want one because she knows it needs $5-20 a week upkeep of food etc. it needs walking etc.; but a dog didn't cost the ''good'' child/kind neighbor that much and it was a thoughful gift.

Now let's think of the ''goodwill'' computer and the software and the firewalls that need to be programmed, the antivirus programs and then of the $100 to $500 applications and the constant patches and updates because the IT didn't get is right in the first place or they are in business to make money therefore change things(improve things) just enough so the old ''cheap'' Goodwill computer doesn't work without **** and start that circle all over again.

- Collapse -
Exactly
Dec 22, 2005 5:06AM PST

1. Sorry for confusing ludite and troglodyte. It happens move on.

2. I never called you or anyone else a dummy. I only once refered to a book with that word in the title as a play on what you called a firewall for dummies.

3. That tired old "software costs so much money" argument holds no water. None. Software for that do-it-yourself or Goodwill computer will cost nothing. Ubuntu Linux will send you a fully functional, secure, self-installing operating system and software package in the mail for FREE (not even postage) if you ask for it, including an office suite (compatible with MS office of course), full suit of internet tools, graphic editing stuff, and so on. It is even easier to use than windows, if you think of the time you invest in installing all that and configuring it. You can even use it if your computer does not have a hard drive. Sure, it does not look as slick and is slim in the multimedia department, but the functionality is there and it will run on way older hardware than XP. There are people out there who want to bring computing into the reach of everybody, and doing it quite effectively for those who care to look.

4. It is absolutly a mindset issue. It is a mindset issue that "I will learn this stupid stuff even though I do not like it because it is good for me" similar to the "I will change my oil because it is good for me" mindset rather than the "I do not like it and it is not easy and it is new so screw it" mindset that allows people to abandon the project with the "i am too dumb" excuse before really investing any effort. We are not talking about industry specific programs written for a small portion of users with crappy documentation. We are talking about windows. Go to a larger bookstore or a central library and look at all the rows of books for beginners. It is amazing.

5. I am sorry the IT people at your company suck. The ones where I work are pretty good, but it is true they lack people skills.

- Collapse -
And I am certain that with the...
Dec 22, 2005 9:26AM PST

Vogue Sewing Book one can fashion an outstanding gown; or with a Chilton manual one can soup up a car; or any one of a bunch of cabinetry books, one can build anything; or with physics books, one can build a rocket; or with a Julia Child cookbook series, one can whip up a fantastic French cuisine dinner but it needs someone who thinks and feels those things.

I did not say you called anyone a dummy or even a ludite or anything else. I only hope than you do not experience a greater loss of abilities than you have currently. It seems that at this time all seems possible to you. You have my best wishes and hope you remember to offer patience and a hand to the ones who are not so blessed.

And there are people willing to sell a 386 that had be upgraded from a 286 for $35 and a 486 that had been upgraded from a 386 for $40. Don't even know if the base metals would be worth that much.

- Collapse -
I doubt it.
Dec 22, 2005 5:49PM PST

Probably, no you could not do those things. However reading books like that taught my mom to knit pretty nice sweaters, taught my dad how to replace the spark plugs on our old ford, and my spouse can whip up some nice tasting dishes out of that "vegetarian cuisine" cookbook we got not too long ago. Similarly, while it would be difficult to build a super-computer out of a book, a basic home desktop is easy. Building a home desktop computer from components is like putting a model airplane together... all you need is a screwdriver and some glue, not heavy equipment or welders like you need to build a car.

But follow the step by step instructions at mysuperpc.com (a secretive, hidden site that i found with the google search for "how to build a computer") with older components and you can build a decent computer for a couple hundred bucks. If you prefer, there are Pentium 4 computers selling on ebay with monitor and keyboard for less than $400 as I write this. In order to be able to access the basic services available over the internet an old Pentium 2 would do. Slap a user-friendly, free linux-based OS (which you can find out about by doing a google search for "windows alternative") and you are ready to go.

And if you have any questions just go to cnet and ask for help. People will be happy to help.

I also hope that i do not lose any of my current abilities. However I am pretty sure that as long as I do not go blind I will be able to read.

I am simply trying to point out that it is not that hard/expensive to get connected if you are economically disadvantaged but still above the level of "dangerously poor" since you lamented the fact that technology is closing access to the world to poor people. It is not. If anything it has a leveling effect for those willing to take the time and effort to learn it. It is not that hard.

Those who do not take a little time to learn their computer (rich and poor) are going to get infested with spyware and they deserve it.

- Collapse -
Congrats! the dance is over
Dec 23, 2005 1:46AM PST

Wrong name should be Bull Dog.

Season's Greeting, Happy Holidays to the physically and mentally fit, the only ones who seem to exist in the universe. Since you have a wife, you have to be over 18? Keep safe and your insurance paid up. The world may have surprises.

The one truism I have learned is to not start a phase of "I would never ....." because it comes back to haunt when I have been so sure and egotistical.

And to all I apologize for taking this so far off subject.

I will look elsewhere for a non-IT instruction of the 1-2-3s of how to program my firewall, and READ all the legalize of programs I plan to install knowing not even attorneys in the field can understand the conditions.

- Collapse -
Last word...
Dec 28, 2005 4:21PM PST

because i am that kind of person...

What_Now, Why do you assume that i am a man and my spouse is a woman? I do not remember mentioning that anywhere and that is a very dangerous assumption from such an enlightened and compassionate person as yourself... or do you assume because my spouse is the cook of the household that person must be a woman?

I recognize that there are people out there who are differently abled; compassion for these people is an argument to establish foundations and institutions that help make the world accessible to these people (and in the computer world there many of these, incidentaly). It is not, however, an argument to make technology in particular and the world in general a risk-free place. The communists tried to do that in eastern europe and we all saw how well that turned out.

Good luck What_Now, and in closing i must say that i do not believe that your brain is not "IT-wired", although you claim that it is not. In short, i do not beleive you are stupid as you claim to be... indeed, everybody's mind is built biologically and not of silicon. But if you take as much time as you spend discussing this with me to learn about computer sucurity it will not be an issue for you in the future.

- Collapse -
And Now For Something Completly Different
Dec 23, 2005 8:41AM PST

I was going to ask you for the web address for the free Linux OS and software, but I saw in a later message you found it through searching for ''windows alternative''. I shall try that.

But now I have a question for you, if you don't mind.

When I installed a new hard drive (larger than the old one) I received repeated suggestions from friends that I partition it into ''C'' and ''D''. I did. Roughly 60/70 gig respectively.

Now, to take a test drive on Linux, would it work if I emptied my ''D'' drive and loaded the Linus OS and software on that drive. My computer would obviously boot up in Windows on C, so is there some way I can exit Windows totally while in D via Linux? Or, when I wish to do so, can I force the boot onto Linux to begin with?

I have often wished for an alternative to Windows, but I never had the nerve (still don't) to wipe it from my drive and install Linux. Everything I have heard to date indicates that I wouldn't be happy with it, and I would really hate myself if I spent a few hundred dollars to confirm my unhapppiness. Free sounds like a reasonable entry point, if my idea can be made to work. Correction: If I can make it work. You probably could with no problems.

I have also bookmarked mysuperpc.....maybe later for that one. Who knows, I might learn enough in this process that I will agree things don't need to work right out of the box.

Thanks for your help.

- Collapse -
a suggestion for you
Dec 27, 2005 6:42PM PST

ubuntulinux.org offers their OS ready to use (with some caveats). They will ship it to you if you need it.

A word of warning: It works differently than windows so it will be frustrating at first, but it is really not that hard. https://wiki.ubuntu.com/UserDocumentation?action=show&redirect=NewUserGuide
will show you everything you need to know. I recommend you read the whole thing first, and also look for the wiki page on how to install software: it is different than in windows.

Another word of warning: multimedia is harder to get running in linux in general due to software patents and so on.

- Collapse -
And they are not all in the business to make money
Dec 22, 2005 5:11AM PST

Many of them do it for a hobby and produce some really great software.

But if you are looking in a store, expect to find people who are trying to make money.

- Collapse -
Grif re 'Doniel, Not Worthless But Normal'
Dec 16, 2005 4:29AM PST

Hi Grif -- Are you able to give me some guidance as to how to configure RealPlayer on my NIS 2005? At present, Real Player is configured as follows:

'Internet Access' -- Custom (other choices: automatic, permit all, block all)

'Category' -- Multiple

'Internet Access' for all other programs is either 'block all' or 'automatic'.

'Category" for other programs is either 'general' or 'multiple'.

My thanks.

Miki

- Collapse -
Miki, Make The Changes In Real Player
Dec 16, 2005 11:45AM PST

Unfortunately, there are times that you want Real Player to have access to the net (such as when you're playing an online video with it) and sometimes when you DON'T want it accessing the net..As a result, you can't make a firm "deny" or "allow" for the program. Because of this problem, I try to change Real Player's settings so it doesn't try to "phone home" during a normal start up of the program while offline. It's not perfect but this is what I do.

Assuming you are using Real Player 10.5 like here, please open Real Player, then click on "Tools", choose "Preferences". When that loads, on the left side you'll see the "Category" groups that you need to work your way through. Not all of them need to have changes made but many do...So, click on the first one which is:

1. Highlight the "General" line and in the "On StartUp Display" line, use the drop down arrow to select "Player Only (No Media Browser)", then UNCHECK the box next to the "Enable a History list in the file". These two should stop most of the initial attempts to contact the internet when starting the player offline although the second you switch to the "Media Guide" or "My Library", it will try to access the internet at which this can be "Denied" in your firewall.

2. Click on + sign next to "Connection", then click on the "Internet/Privacy" line. On the right side, you can UNCHECK ALL the boxes in this section, although I tend to leave the "Enable Real Player cookies" box CHECKED mainly because many online sites require the setting for videos to play. That said, it's still SAFER to UNCHECK all the boxes in this area.

3. Click on "My Library" to highlight it and display it's subcategories. In the "My Library" section, UNCHECK the box next to "Check my Watched Folders for new clips every".

4. Click on the "Content" line to highlight it, then UNCHECK ALL boxes in that section.

5. Click on the + sign next to "Automatic Services" line, then highlight the "Automatic Services" line and UNCHECK ALL boxes there. Now click on the "Configure Message Center" button and UNCHECK ALL boxes there.

6. Now highlight the "AutoUpdate" line and UNCHECK ALL boxes there.

There may be other locations that I've missed but this should certainly help.

Hope this helps.

Grif

- Collapse -
Miki, Make The Changes In Real Player
Dec 16, 2005 2:52PM PST

Thank you so much for taking the time to help with my RealPlayer 10.5 config -- it may not be perfect as you wrote, but every bit helps towards making it more secure.

Miki

- Collapse -
Technical side
Dec 15, 2005 6:55PM PST

I am a programmer and I know that any application can eaily open any firewall port (and do everything else) if you are running it under administrative privileges. Most users log in under administrator or some other username with administrative privileges. Any appication launched by this user takes administator privileges by default. Most software can be installed only from administrative account (some can be installed from Power User account). RealPlayer adds itself during installation to the firewall exception list.

Always check your firewall settings after installing software if you do not want this software to access the Internet. In my opinion the firewalls should notify the user of any changes to the firewall settings.

- Collapse -
Zone Alarm Does Work
Dec 15, 2005 9:45PM PST

You forgot to mention that Zonealarm has two levels of blocking. One is ingage internet lock and the other is stop all enternet activity.

If you only have the first one selected, then yes programs can still get in and out. But if you have the stop all, nothing is getting thru unless the program its' self gets infected (which did happen to me once)

Zonealarm is a good program and seems to be the most compatable that I have found.

- Collapse -
Re: Firewalls
Dec 16, 2005 12:27AM PST

First, thank you to Doniel for posting this info. This experience is not really surprising though. I, for one, have considered RealPlayer to be just a tiny step above spyware/malware. And burying language like that in the EULA, instead of making it a user option, is just bad business. Same thing with Windows Media Player. They all want to "phone home", and preferably in the background.

But, I do think firewalls do a good job, but user vigilance is still arequired. Setting up a separate, limited user account in Windows is a good idea. More than I want to do though. But, for families with children who web surf, I would very strongly recommend the limited user accounts. You can't expect young children to always "know better" than to click the blinking box saying "You've Won!". I do kind of expect adults to know better though. Happy

Here's my routine:

1. I have a firewall, anti-virus program, and several malware/spyware checking programs. They're automated to do a full system check once a week, at night. I manually ensure those programs are up-to-date several times a week. I don't even want them phoning home.

2. After installing any program, I check my system info (firewall settings, add/remove programs area of the PC, AV settings, etc.) for any changes. One time, I installed a program (don't recall which one), and unchecked the boxes so that additional Yahoo programs (messenger, toolbar) would not be installed. They were installed anyway.

3. Create a system restore point in Windows before any installation.

4. Once a week I back up my PC (automaticlly after #1 above); and once a month I do a system image.

But I also don't visit websites that I don't know; don't click links that seem fishy; and I don't fileshare or do anything on a peer-to-peer network.

A big part of keeping safe while surfing (in addition to the tools mentioned above) is using some common sense and being aware of what you're doing.

Brent

- Collapse -
From a Novice
Dec 16, 2005 4:27AM PST

Very interesting discussion. Thank you to all who posted comments.

I am a somewhat advanced user, but a brand new newbie when compared to the level of sophistication and knowledge I discern from reading this thread.

While I found both comfort and objections with almost every posting as I read them, the one from Bulldogzerofive rankled the most, so I will address that one more specifically in my overall response.

Yeah, it should ''just work'', period. You, Bulldogzerofive are in the military. You pick up a gun, load it and pull the trigger. It should ''just work''. Suppose it doesn't, now what? Or it might just jam. You have been trained by your employer how to clear a jam or perhaps even change the firing pin while under fire. (You do carry spare firing pins, don't you? Of course you do.) But wait. Is that spare firing pin OEM or second tier supplier-made? You should know this, its your life, not your computer you are playing with now. Get out the calipers to measure its dimensions to ensure a proper fit and operation. Oh, be sure to have the calipers calibrated using internationally accepted standards before you measure. And take a course in metalurgy (after the course in mining) to be sure the pin is of adequate chemical quality to meet the rigors of its intended use. That, of course is why you need the mining course, to be sure the right minerals were used. Got wounded? Be careful, the Doc is out to screw you. Not to worry, I have a book...''Digging bullets out of yourself for Dummies''....I can send to you. Or perhaps you will agree you shouldn't need to recreate the entire library of civilization's technical knowledge just to pull the friggin trigger.

We all need to rely on others. Thats life in today's big city. We need to rely on electricians, plumbers, candle makers and yes, programmers and computer makers.

I stumbled on this thread accidently. I learned a lot by reading it. What now scares me is how much more don't I know that I need to know before I use my computer again. Worse, how do I find ''The Complete Compendium of Everything Every Computer User Needs to Know Before Using A Computer (for Dummies)''.

I knew RealPlayer contacted the internet, the EULA said so. Yes, I did read it. OF COURSE it contacts the internet, it has to in order to retreive the media I have asked it to get. Prior to reading this thread, exactly how was I supposed to know it was doing more than that? How much am I supposed to read before using my computer? How was I supposed to read it before using my computer when so much of what I need to read in online? How was I supposed to know I needed to read it before going online?

I bought and installed the Norton Suite of internet protection. I keep it updated. I thought I was doing enough. I do not understand all it does, how it does it and I don't want to spend my time learning it. Evidently I have to.

Do you have a 401k? In the military, perhaps not. Do you (anybody) know how much you as a participant are paying to be in it? Think your employer pays all the costs? ALL the costs? I abso**ckinglutely guarantee they do not. I run these plans for a major employer, I know they do not. No employer does. NONE. The fact that your employer didn't tell you isn't illegal or even unfair, but you could have read about it before you joined the plan. You didn't? You expected it to ''just work''? Are you so different from me then? In fairness, some of the fees are so obscure even the benefits department staff might not be aware of them. They don't have the time to read everything either. Nor should they, its at a level they can't control, only senior management can.

Nobody knows everything about everything. We all draw lines and limit our avenues of learning. We have to. We all expect some things; guns, cars, televisions or computers to ''just work''. At least until we are told otherwise. Therein lies the rub.

(Join the 401k plan if you haven't already, its stupid not to.)

- Collapse -
from a novice
Dec 16, 2005 8:39AM PST

Hey Shadowflight,
You hit the nail on the head,you split the arrow,Bullseye,You Took The Words Right Out of My Mouth,you are a mind reader and a Genious.
Great thread!I learned alot but you`re the man!

- Collapse -
Thank you
Dec 16, 2005 9:33AM PST

I would like to thank you for your EXCELLENT post.

I deal with many novices who don't have any desire to learn how to protect themselves.

While this can be frustrating when trying to explain how to run the various pieces of software,(their eyes glaze almost instantly at the thought), it does keep me busy and they are always happy to pay for me to come by and do it for them. Why? Because that's my job and my interest.

- Collapse -
Shadowflight
Dec 16, 2005 3:38PM PST

Oh my I weep with pleasure. No one has spoken such words of poetry to my ears in a long time. You understand. My friends call me and say, "My computer is acting strange". They don't care about Eulas, they just want their computers to work again so they can happily surf the net and use their programs. I have seen those glazed eyes and when I start talking about firewalls, malware, viruses, spyware, etc they zonk out. This is what the average user does. They zonk out. I read and they zonk out. "Just tell what to install they say" and "stop trying to scare me". I couldn't be a computer technician. I glad this is a hobby. Thank you Shadowflight. p.s. 401K is the way to go if you have one available join asap

- Collapse -
A fellow novice
Dec 18, 2005 8:44PM PST

I apologize if I offended you...

Can you name one thing in your life that ''just works'' with no maintenance/input from you? I can't. My apartment needs paint/cleaning; my car needs oil, gas, repairs and so on; my body needs a proper diet, rest, and exercise; my plumbing freezes if I don't take steps against it; my clothes get holes that I have to repaired; my washer needs Calgon against the hard water where I live; my computer needs updates and a proper security profile; and my personal weapon needs daily maintenance as well.

Should I complain to the carpenter if my roof rots after the paint peeled away years later? Should I complain to the mechanic if the engine seizes for want of oil? Should I complain to God if I get fat and weak? Should I complain to the plumber if I leave my heat off in the winter and the pipes burst? Should I complain to Maytag if calcium destroys my washer? Should I complain to Zone Alarm if I download and run a virus? Should I blame the government if I do not take care of my weapon and it explodes in my face?

In all cases, no. Why should your computer be different?

If a carpenter shows up and tells me that my house will fall down without his magic termite-stopper, should I believe him? If my check engine light comes on and the mechanic tells me I need a new transmission should I believe him? Should I believe the doctor when he or she says my son's ear infection will take care of itself? Should I believe the plumber when he says it costs $400 to de-root my sewage? Should I believe microsoft when they say their software is ready to go with the default settings?

In all cases, no. And in all cases, if I did, it is my own fault in many, many ways. Why should my computer be different?

I am not saying that anyone needs to go get a master's degree to use their computer. All I am saying is that the steps to a secure computer do not take that much effort so people should quit whining and just take care of it.

If you make your living off of securing computers for people who expect things to just work, I am glad for you. Profiting off of other people's laziness is one of the hallmarks of modern, western society and I do not mean this in a negative way. We all do it. However, you will not always be there for that user. How does the adage go? Give a man a fish... Well in the case of computers he can learn to fish if he picks up a darn book. It is not that hard. Or he can keep paying you to fish for him. Given how easy the fishing is, I cannot understand paying somebody else to do it.

I reiterate: people who do not take the time to learn at least the basics (and PC security is very basic) about the tools that they use deserve what they get.

Just work? Get real. The windows kernel alone probably has a couple million lines of code. It ain't gonna be perfect.


Oh, and shadowflight...

Although my military life is off topic and I should not have brought it up to begin with, you decided to pick on it so I will clarify. In my particular organization (which can be compared to pretty much any large corporation in many ways), your average employee understands that you cannot simply pick up a weapon (or any other piece of equipment) and expect it to work; indeed most know as much about their weapons as you imply that they should (short of the metallurgy). Average Joe/Jane learns much more than simply how to load, unload, aim, fire, and clear stoppage (jams). Indeed, given the average quality of our weapons and repair parts it would be foolhardy to trust that the weapons supplied by the government are in proper order out of the box. There is, in fact, a rather thick manual that comes with each piece of military equipment (I can clarify what is in it if you care to know, but everything you mentioned is covered other than the metallurgy, but knowing what is in it will prevent you from having to do things like change a firing pin in a tight spot), and just about every soldier I know has read them for their equipment, or at least claims to have. Those who have not also deserve what they get. So, while not needing to know metallurgy, average Jane/Joe learns how to minimize the effects of low quality equipment before needing to use it in a bind so that he or she knows that it will work. Indeed, in the cases of things like trucks and armored vehicles, the operator is very intimately involved in the maintenance of the thing, even changing engine blocks. Similarly John/Jane Q. Public, without needing to know the metallurgy behind the steel in his or her engine block, should take the time to learn enough about his or her car to know that oil needs to be changed and it should not cost an arm and a leg and that his or her computer on a network needs to be secured.


Oh, and believe me, a healthy sense of critical thought is very useful to the soldier and his or her family in the face of what is very often incompetent government medical care.

- Collapse -
Just to have a little fun....
Dec 19, 2005 3:30PM PST

Having been in the auto repair biz for over 30 years, yes, if the mechanic rebuilt/replaced your engine and it seized due to lack of oil, yes, complain!

We learned how to load.
Unload if necessary.
But, getting MK 37's, 45's, 48's and SubRocs into the tubes on an SSN was a tad more difficult than slapping in a magazine and running the slide back smartly......

hehehe.

- Collapse -
However...
Dec 19, 2005 11:39PM PST

True, but if you don't change your oil for 30,000 miles and then it siezes, well...

And that many "soft" MOS's only bother learn such basic things outside of their specialty is the reason that they experience such high attrition rates when in contact. Contact is a science, not luck.

- Collapse -
A Different Universe
Dec 20, 2005 5:03AM PST

Hey Bulldog,

I didn't pick on your profession, I attempted to utilize it. You mentioned it and I latched onto it as a point of commonality. Doing so was not a disparagement, I honestly respect the military and its members. I am ex-Air Force if that matters.

How we develop the mindsets and opinions that define our individual universes can get us into the whole nature versus nurture argument, a topic best left to psychologists and maybe quantum physicists.* Suffice it to say that many people can look at the same set of data and come to different conclusions or interpretations. However it happens, we are all the sum of our experiences. The things I have read, seen, heard, etc. make me what I am. Somehow it all blends together to create the persona that is typing this. This persona thinks things should just work. Some things anyway.

When I buy a television, I expect to plug it in, connect the antenna and it should work. Similarly, a car should start and run (whether I know how to drive or not) the first few hundred times I turn the key. My computer should boot up and be ready to run the programs I have installed. The game I open should be ready to kill all the bad guys I shoot at. My experience in life tells me that these things, along with thousands of other things, should just work.

My computer did not come with an owners manual, even though they used to. They said nothing about the need to inststall a firewall or antivirus software. Somewhere along the line I picked up the knowledge that it was advisable to install such stuff. But even at that, the overriding message was install it and keep it updated. That was the message blared from the rooftops...install it and keep it updated. Thats what I and millions of others have done. I expect it to work. I suspect a few of those other millions do too. Work as advertised and paid for. Admittedly, a new varient of a virus could slip past its defenses until the vendor can write a new line of code to defend against that specific varient. That is part and parcel of the keep it updated mantra. But in the main, I expect it to work.

No analogy is ever perfect, but I shall try one more in an attempt to clarify my position. The car I bought came with an owners manual that tells me to change the oil every 5000 miles. MY fault if I don't. The manufacturer's fault if they never told me. Changing oil is a fundemental and necessary aspect of car maintenance. Install it and keep it updated is the software company's version of changing the oil.

So I buy some motor oil and replace the old stuff in my engine. On time, sufficient quantity, new filter...all that good stuff. The engine seizes. I get on a group similar to this one and ask why that happened. I explain all that I did, including the fact that I used Joe's Premium Red Motor Oil. Raucous laughter comes from the cognizenti of the group. "Well, no wonder" I am told, "you should never have used that stuff, you should have used Mary's Premium Blue Motor Oil."

You know the difference between Joe's and Mary's, I did not. Nor did I wish to learn. And here, I think, is the striking difference between us, (begin italics) I don't think I should have had to. It should have just worked. (end italics). To push the analogy just a bit harder, I contend the owner's manual should have at the least stipulated to never use Joe's Blue.

The analogy rapidly falls apart here if it hasn't already, because Norton (the firewall/antivirus I use) provides a "automatic configure" option (or whatever its called) that I most often chose. Somewhere I was probably asked if I wanted to allow Norton to automatically configure access for Real and I allowed it. My fault? I trust Norton to know more about this stuff than YOU know. So, sure, I trusted them to configure access for Real. But you deride me for not knowing, not researching, and for allowing Norton to do something I didn't understand. Guilty as charged. That comes with expecting it to just work.

Would I yell at the painter if the paint falls off five years after it was put on? You damn betcha. Further, unless it can be shown it was due to conditions beyond his control, I would expect the painter to repair and repaint at no cost to me. Why wouldn't you expect the same?

Bottom line. I don't want to have to learn this stuff. I have enough to do learning and keeping current with my job and my life outside ny job. Its not being lazy, its not an inability to read, its a simple honest desire to not want to have to.

Now, please go shoot some bad guys so I can continue to enroll people in 401k's without fear of being invaded by the guy you were supposed to protect me from. Besides, now I have to read up on some computer thing and I don't have time to shoot his ***, you were supposed to do that.

*(Read Roger Penrose: The Emperor's New Mind for an interesting take on the quantum physics side of this).

- Collapse -
Ah, military and computers....
Dec 20, 2005 6:23AM PST

I was Lead SINS Tech on a big and black and never come back fast attack.
Our state-of-the-art computer had drum memory, a 4K CORE stack (hand-wound torroidal coils), discrete components (potted transistors and capacitors and resistors, oh, my), and the first Chips, IC's on a "flat pack" plugged into a "mother board", dozens of mother boards.....

We certainly had never heard of viruses in computers, firewalls were for the Diesel generator set.....

Re-boot took a Tally Tape Reader and a whole lot longer than it does now to do.
Computer alone was as big as a small refrigerator......

- Collapse -
Yes, but one fundamental problem
Dec 20, 2005 9:17PM PST

There is one fundamental problem in expecting your computer to ''just work.''

The various people who write the software that you use do not know exactly what you want to use it for. Maybe you want to run game X on a small ''trusted'' home network with no protection (as none is not necessary and it will slow things down anyway), or maybe you want to surf porn (not being raunchy, but realistically this is about 50% of all internet traffic and the single largest on-line profit generator... as well as a source of many viruses). Based on what you want to do with your computer, you need to have different settings. If you want to use your computer in exactly the way an engineer who does not know you envisioned you and millions of others would want to use it, it would ''just work.'' Unfortunately, you want to use it just a little bit differently (just like the millions of others), which is where it falls on you to configure it to work the way you want it to.

The engineers at companies such as Microsoft are very good at predicting what people will want to use their computer for (hence their success), but they are not clairvoyant. In the name of user-friendliness, they generally set up their defaults to allow everything unless the user changes these settings. For example, they set up their operating system to run with administrator rights all the time by default. If there is no malignant network activity, this is a great thing because it allows the single user to double click on an icon to install programs rather than forcing him to log out and log back in as the superuser. This makes the computer much easier to use, until you connect the computer to the internet and suddenly any flaw in any program the user is running can be exploited to install viruses. This is a design decision made long before the connectivity that the internet brought to the home computer (and thus contact to malware) could have been foreseen, and now we are all living with the repercussions. On the other hand, if they changed their default settings to focus on, say security, a user who does not engage in dangerous activities (like surf porn or share files on KaZaA) and does not need high security would complain that it is too hard to configure his or her computer to talk freely to the other computer on his or her home network, and would not understand why the computer will not ?just work.? Indeed, there are operating systems (GNU/Linux, BSD, OS X) with much safer defaults that are arguably much easier to use and ?just work? on the internet, but these security features indeed scare off potential users when it comes time to install that game you want to run.

You have to set the proper conditions. Even in the case of your TV, it does not ''just work''. At some point you picked up the knowledge that if you set it on its side it will not look right, but nobody had to tell you so. Starting your car a couple hundred times without driving it is like turning on your computer a couple hundred times without connecting to the internet or installing anything. If boot is all you want windows to do, it will do that all day long no problem. But just as you learn to drive to take your car out of the garage, you learn to use your computer to, well, use it. Your computer is a powerful and flexible tool, but you have to either (a) use it in exactly the way it was designed to be used, which may mean you have to give up on the internet, (b) pay somebody to set it up in a way that it will work the way you specifically want to use it while recognizing that this person may screw you, or (c) learn how to use it.

I would argue that ?c? is the best choice. I recognize that you and many others do not want to learn how to use the computer. At first, neither did I (but then i realized that I liked it and it became a hobby). But just as you do not want to scrub your bathtub, if you don?t it will get dirty anyway regardless of how much you spent on it. Securing your computer is a chore, not a hobby. If you do not want to do it, then be prepared to live with the consequences and understand that it is your own fault.

And I do not understand this fear of asking for help over a forum that so many people express. They are usually full of people eager to help to the best of their abilities. I ask stupid questions all the time and never get insulted. The only people who get jumped on, as far as I can tell, are the ones who try to disseminate falsehoods.


By the way:

to start italics: and to end them: , without the spaces. use ''u'' for underlines and ''b'' for bold. There is a page somewhere CNET about formatting if you want to do more.

- Collapse -
Firewalls are Useless?
Dec 16, 2005 10:10AM PST

Like cars, you have to know how to drive them. My version (6.1.737.000, Free) does NOT give RealPlayer unrestricted permission. It asks every time. My experience is that if you do a clean install of ZoneAlarm (Free), it gives very few programs unrestricted permission (green tick), and it only sets those if you answer an initial question in the affirmative. One of the joys on ZoneAlarm is that you no longer have to wonder why your computer is accessing the internet ''when you didn't ask it to''.
Just put a ''?'' for that program. You can build up a knowlege of the programs by setting them all to ''?'' and noticing which ones ask permission when you know what you just did.

Harry