"The Big One"

[Cluttermagnet]

John Dvorak as usual has it pretty well nailed. "What he says..."The Big One Oh, it helps me to blow off steam about how people are so inflexible and so lazy and will not try new things, even though the stakes are high- but then is it really going to make any difference if it's John Dvorak ranting?

Trusted computing. Centralized monitoring and new complexity aren't foolproof. The Big One will hit sooner rather than later, thanks to the monocultural nature of computing.Except for about 10 percent of us, everyone uses Windows and Outlook Express. Monocultures are dangerous, because they can be ravaged by disease in a chain reaction. Microsoft's Trusted Computing model makes this worse by centralizing control at a single point where actions must be approved to keep a machine safe. Essentially, this turns the monoculture into a single organism.By hijacking control or disabling the central control mechanism, someone can shut the entire organism down completely and possibly permanently. Even all the Microsoft geniuses and computer experts in the world can't make this concept foolproof. Trusted Computing is the biggest threat to security ever.All I see is a disaster waiting to happen in an environment that invites disaster.

IT Losing Ground in Virus Battle

[Guest LilBambi]

Thanks for the links Cluttermagnet! :thumbsup:It truly is a bit of a quagmire for IT folks.

[ibe98765]

Wow, Dvorak has lost it with this article! Dvorak has been using computers for 20+ years, but writes this article like he is a raw newbie.For someone with his amount of experience to have 54 spyware processes running on his system, says that he really doesn't know what he is doing. He needs serious tech help.I'm no fan of cookies, but he seems to be saying that they are the same as spyware, which is not true. There are ways that cookies can be used against you, but it isn't easy or too common. Cookies were created because an HTML session is STATELESS and there wasn't any other easy way to maintain STATE for a user.He rants about 24x7 computing as a big problem. It is only a problem for people who don't run firewall's and other protections. I have been running 24x7 for years and have never gotten a virus or trojan on my system from the web. I'll turn my computer off when it works like a TV. I push a button and it is fully initialized and running in 5 seconds! besides, with he spam load I get, I'd run out of mail space on my ISP's server if I was offline a 2-3 days.As to his comments about Java, and Active-X, he doesn't seem to realize that these type of controls make the presentation and communication process easier. Personally, if you want to run in pure text mode because you feel it is safer, then let that be your personal choice. If you prefer black and white TV to color, then go buy a black and white TV! Of course, he could also turn Java and Active-X off if he didn't like them or was worried about them, again something he should know how to do or be able to ask the guru's at PC Magazine how to do..I just can't believe he is really as stupid as he sounds in this article. Maybe, to quote Dennis Miller, "He's just talking until he has something to say"?

[nlinecomputers]

Dvorak is a cheap journalist first and a computer geek second. He isn't above ignoring common sense or spreading blatant falsehoods just to make people read his story.For Example:

Digitally signed certificates. Can you say "false sense of security"? When you install code obtained online, you'll often see pop-up certificates that assure you that the software is from, say, Microsoft and is not malicious. VeriSign has already been tricked into giving these certificates to hucksters posing as legitimate companies, and how hard is it to produce a counterfeit certificate? Nobody ever looks into this.

It isn't VeriSign's job to validate the worthiness of a company. It's only job is to make sure that company X is the company your dealing with and that hacker Y hasn't intercepted it. If the company your dealing with is scum that isn't VeriSign's fault. And as for "counterfeit certificates" that is total BS. He KNOWS that it is mathematically IMPOSSIBLE to forge a digital certificate. But FUD sells magazines and what is a little deception among friends.Troll....

[Cluttermagnet]

But FUD sells magazines and what is a little deception among friends.Troll....

Troll? Are you referring to me? I don't make a practice of stirring the, er, pot just for the enjoyment of it. So if you are accusing me of trolling, you are going to have to recite for me chapter and verse where my behavior fits that label. Or are you referring to Dvorak? Please clarify. I am a regular participant in this forum. Nothing to hide. Most of you know pretty well where my views fall. If what I posted here is a 'troll', that marks an all time first for me in over seven years of online community. Even I saw how over the top Dvorak is in the referenced article. Nonetheless, I think there are some truths in pretty much every item he covered. I am surprised in particular that nobody saw fit to comment on his overall theme- that homogenous distributed computing is a plum target for major mischief. No reply so far has addressed the 'big picture'. I'm not going to bother to try to defend each of his points item by item, but I don't recall where any negative comment yet has refuted a single 'danger' he has made reference to. With Verisign in particular, I will accept on faith that it is probably not possible to forge a certificate. I don't know much about that area. If he is wrong, he should admit it. I'm kind of surprised he would make a statement like that, i.e. is he indeed that stupid? OTOH, he points out correctly that Verisign got conned and issued a certificate to a bunch of weasels. If it happened once, it can no doubt happen again. Just another example of lying con artists who worm their way into highly secure spaces using human engineering. Somebody 'got' Verisign. If it can happen once, it can happen again.I agree with his overall conclusions that the internet is a big accident waiting to happen, that at some point, somebody is going to pull the trigger and bring the entire system to its knees, probably sooner than later. I am definitely not happy about that! But I suspect he has gotten it substantially right. In any number of previous discussions, all of you guys have independently confirmed many aspects of the problems he asserts we have. You guys simply do that in a more calm and level- headed way than he does. And yes, obviously he does need to 'sell a few newspapers' and has some motivation to overstate and sensationalize. But if the overall points he makes are wide of the mark, please let us all know how he went so far astray. Personally, I suspect that quite a number of broadband- connected computers have been quietly compromised, totally undetected. And when somebody- whoever, wherever finally 'pulls the trigger', the carnage is going to be unbelievable. If you believe that is not the case, nobody wants more to hear those arguments than me.Let's hear you connect all the dots your way. Show me how he has not connected all the dots correctly, but please deal with the highest level of his argument instead of nitpicking. Has he got it totally wrong? Is the internet and all those broadband- connected computers actually not at risk as he claims? I sincerely doubt that many of you believe that, and I recall any number of threads where you have expressed your own concerns about the issue. In particular the hotly debated issue of licensing computers or their operators, and more secure forms of email and the great difficulties of migrating the net towards that come to mind.

[nlinecomputers]

NO NO NO. Dvorak is the one trolling. Please don't misunderstand that! My apologies for not making that clear.Dvorak is very able to dive down into yellow journalism. Dvorak has some valid points but when he outright lies it is hard for me to want to give time to his good assertions.(A troll is a troll and you don't feed trolls. They just come back for more.) And I call him a liar because he himself has made comments on digital certificates in the past and even on secure email. He has advocated the use of encryption in email for example. (Trying to google search and pin down that....if I find it I'll post it.) If he can't make his point without using falsehoods then his whole statements looses credibility. It is hard to take seriously his claim of a "big one" when many elements or planks of this platform for cyber terror aren't as big a problem as he claims they are.I have stated before that 90 percent of the current big problems with the internet are viruses and spam and both of which can be brought to very quick halt simply by having a method to verify the sender. Almost all current security problems are exploiting this one problem. SFP and or encryption solves this kind of thing.24/7 computing: A valid point that is mostly misdirection. Ok so you do cut off Joe schmoe from 24/7 access. What about the TIME he is on. Plenty of infected computers are turned off by their owners every night. Find me a real problem. I also bet that he runs 24/7 too. Hypocrite....Instant messages: It already is a problem but it is also here to stay. Not sure how you can really lock this barn door now. This horse got free a couple years ago.Cookies and Spyware: Cookies are a needed part of the internet. Fix browsers so that 3rd party cookies are blocked by default and education of users to go to other websites that don't have 3rd party cookies is the only way to go. Spyware is solved by better browsers for the most part. Hello Mozilla.....ActiveX, Java, and Word macros: I always thought that automation was the point of having a computer. Free me from doing the repetitive stuff. It also means that you have to be more careful.Digitally signed certificates. As I've said that is total BS. You can't fake'em.(do the math.) And you can't guarantee that someone will not use them for fraudulent purposes. Can say the same things about the telephone. So we should not use phones?Trusted computing. Here he is on the mark, sort of. I sell Linux servers and one of my selling points is that even if the office is totally raped by some Windows virus the server and your data will be safe from such an event. But the point is that while Microsoft does have total domination of the desktop they DON'T have it in the server world. Plenty of Unix, Solaris, FreeBSD, and even Linux servers run the internet and while a big one might bring down the whole Windows world the Internet will make it just fine. Which is the point. Except for email most all the other applications are not run by everyone all the time. I don't IM for example. Never cared for it. I once got so annoyed with my cell phone that I got mad and crushed it under my boot. Why would I invite that kind of interruption to my desktop? So that takes me and a lot of other like minded users out of that group.Maybe Janet Jackson's naked boob might make all of the internet rush to the same website and get infected with some kind of Java app but not everyone is that dumb at the same time. So it would have to be able to use some other method to spread to be really effective.I've seen several viruses have multiple methods of spreading but mostly it is the email virus that is the most effective and it has the weakest security. Fix SMTP and it will be a lot more fun again on the Internet.

[Cluttermagnet]

Thanks, Nathan-A well written reply covering pretty much all the ground of the controversial article by John Dvorak. I take away mainly some reassurance from your own very different assessment of the situation. I like diversity, in a lot of ways. Diversity is good. Diversity is strength, not weakness. So your mention of all the competing non-MS server installations is comforting. That part I will have to think about for a while, but it seems to imply that major internet disruptions could possibly be more temporary in nature. What you would take out is a lot of users, it seems.I do suspect that there would be some heavy damage to perhaps certain parts of the internet infrastructure. Which survive and which are compromised might even end up being somewhat of a surprise for all. After all, if I'm not individually attacked and 'destroyed' before my internet connection evaporates, then I 'survive'- and that might be due to nothing more than a topological accident as to where I'm wired (indirectly) into the backbone. And how I'm wired (dialup). And it might have nothing whatever to do with how good or poor my defenses might be. We might see complete idiots running old software and absolutely no protection just walk away from it, hard drives intact- and we may see some fairly hardened installations fall under incessant attack. Regarding the subject of trolling, I think I have just been exposed to a newer, wider sense of the word I had not encountered before. I'm quite familiar with the idea so far as misbehavior in chat rooms, IM environments, newsgroups, forums, and so on. And I've certainly witnessed some amazing mischief in those settings, with pretty spirited flame wars erupting at times. I will accept your extension of the concept to also cover (possibly) irresponsible journalism that happens to be disseminated online as are Dvorak's weekly(?) pieces, and agree with you that the idea of trolling is getting stretched over time. I guess the limits of its expansion must be that it applies only in the venues of interactive, 'online' networking of all sorts, and stops short of also covering bad TV, radio, or print journalism (?), i.e one way communications.

[nlinecomputers]

I guess the limits of its expansion must be that it applies only in the venues of interactive, 'online' networking of all sorts, and stops short of also covering bad TV, radio, or print journalism (?), i.e.  one way  communications.

I would agree with that except that in online publications it is often possible to reply to the posted story. His story has a comment section. So in a sense he has started a "thread" that can act to bait people which is usually the goal of a troll. With a big website/magazine as a backdrop it just more polished. The result is pretty much the same. He can scare people out of proportion to the problem and move on to do other damage.