RE: Consumer Security Web Site
From: Quark IT - Hilton Travis (hilton_at_quarkit.com.au)
Date: Tue, 29 Jun 2004 12:24:03 +1000 To: <email@example.com>
I don't know how you keep doing it, but these links of yours are quite
I think you also meant that there are some Small Business LOB
applications that won't run on anything but MSIE - and I think these
apps need a public laughing at.
I think that the ThreatCode.com site needs to be given an airing in this
forum, as it is rather relevant. (It isn't in your sig yet...) For
those who are unaware of ThreatCode.com, here's part of why it was
Any software application that - today - uses insecure, vulnerable,
heavily buggy, 16-bit, non-standard, poorly written or generally
unstable code needs to be outed. In public. Loudly. The authors need
to be put in the stocks and have rotten eggs and soggy tomatoes thrown
at them. It was 1995 that 16-bit code should have died, and its now
2004 - 9 years later. But the bad practices that 16-bit coders brought
through the years with them needs to now be stopped, finally. If its
crap, we need to let people know why, where, and WHO is the issue. The
exact same thing goes for any software that needs multiple inbound ports
open. One I can handle, two is hard to accept, 3 or more? Well, there
better be a damn good reason for it, and this reason gets exponentially
harder to accept for each additional port. The same goes for NAT
unfriendly protocols - get rid of them, they are dinosaurs.
I still feel as strongly about this now as I did a week ago when I wrote
that. :) All applications that force the user to run in a Local
Administrator context are equally as liable to be listed on that
website. There should be no need for regular usage of a regular office
application (browser, word processor, accounting package, database,
stick control app, fleet control, etc) to require local administrator
privileges. This is just poor coding on the programmer's part, and they
need to be outed in public.
These apps - poorly coded, 16 bit, vulnerable, needing numerous ports,
requiring local admin rights, unstable - WHATEVER - are reducing the
security of our client workstations, therefore reducing the security of
our networks. This is (and should always remain) unacceptable.
Susan graciously started and hosted this site, and accepts email with
decent documentation explaining what the software app is that needs
placing in the Hall of Shame, why it needs to be placed there, and any
workarounds that are relevant.
-- Regards, Hilton Travis Phone: +61 (0)7 3343 3889 (Brisbane, Australia) Phone: +61 (0)419 792 394 Manager, Quark IT http://www.quarkit.com.au Quark AudioVisual http://www.quarkav.net http://www.threatcode.com/ <-- its now time to shame poor coders into writing code that is acceptable for use on today's networks War doesn't determine who is right. War determines who is left. > -----Original Message----- > From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] > [mailto:firstname.lastname@example.org] > Sent: Tuesday, 29 June 2004 07:00 > To: Eric McCarty > Cc: David Harper; email@example.com > Subject: Re: Consumer Security Web Site > > But... some LOB web sites that small businesses use won't run > on IE... keep that in mind too. > > > Here are a few but I'll get you more links that are good > resources for SMBs. > > Common Sense Guide to Cyber Security for Small Businesses > > http://www.isalliance.org/resources/papers/Common_Sense_sm_bus.pdf > > > > eSecurity Guide for Small Business > http://download.microsoft.com/download/2/5/1/2518982c-228b-40a > 8-a7bf-f683b37a0f38/eSecurityGuideforSmallBusiness.pdf > > > > Eric McCarty wrote: > > >One thing which I would recommend is the inclusion of links to > >alternative web browsers. It's not that I don't like IE or use > >it personally, but I've found it 99% easier to setup Mozilla or > >Firefox properly and let novice users run with it. No pop ups, > >spam/spyware/etc to contend with and no issues with unpatched > >vulnerabilities (adodb stream...) causing mysterious programs > >to be installed. > > > > > > Signed, > > Eric C. McCarty > > Systems Administrator > > Internet Security Officer > > > > > > -----Original Message----- > > From: David Harper [mailto:firstname.lastname@example.org] > > Sent: Monday, June 28, 2004 8:50 AM > > To: 'email@example.com' > > Subject: Consumer Security Web Site > > > > All, > > > > I'm putting together a web site for home and small office > > computer users to address computer and small network > > security. I'm hoping to eventually have a one-stop site > > where non-technical consumers can get all the information > > they need to protect their home and small office systems. > > > > So far I'm planning sections on Viruses/Worms/Trojans, > > Spam, Identity Theft, Cyberstalking, Hacking, Spyware and > > Adware. Each section is to cover the basics (what it is, > > how to remove/prevent it, etc.) in a non-technical, > > friendly-to-the-average-home-user way. I'll also include > > links to sites like Windows Update and other free tools, > > with a strong admonition that their computer be checked > > and patched - now. > > > > I'd like to get input from the list on any other sections > > to include on the web site. What do you see as the most > > glaring gaps in end-user knowledge? > > What information, tools, links, etc., would best enable > > them to secure their systems easily against the most > > common threats? Also, I'm gearing this toward Microsoft > > simply because 1) Microsoft runs the vast majority of > > home/small-office computers, 2) Those using Linux are > > already pretty computer savvy, and this site is for the > > novice. Should I expand the focus? Include MACs? What > > about the buzz on cell phone viruses? Should cell phone > > security and privacy issues be included, as well? > > > > Please keep in mind that this site is for the novice, so > > explanations of elliptical curve cryptography probably > > won't fly. I just want to make it as easy as possible > > for the non-technical user to stay up to date. > > > > Your input is greatly appreciated! > > > > Thanks, > > David --------------------------------------------------------------------------- ---------------------------------------------------------------------------