Can the internet ever be secure?

venezart · #1 (**permalink**) 11-14-2003, 02:19 PM

As I sit in my development inviroment and star my development day, I ask my self " would the internet ever be secure?"
I'm currently working on a site in which Im developing a secure section and making sure that the scripts, transactions and source is secure, but is it?
As I receive more & more Microsft security bulleting, with more and more flaws to patch. I ask my self how can we really provide security when not even our servers and os are secure.

Kilawa · #2 (**permalink**) 11-20-2003, 10:42 AM

Quite simply the answer is no, the only way to 100% secure the internet is the same way to secure your pc at home, that is to unplug it.

:)

sudhani · #3 (**permalink**) 11-20-2003, 10:55 AM

I always hold this as my answer:

Security is possible only through IGNORANCE and TRUST. All that we can do apart from this is to make the life difficult for the person who is gonna break the security.

Brittany · #4 (**permalink**) 11-20-2003, 11:04 AM

hmmm... how fitting is it that I just came across this article on WebProWire:

Security Threats Will Get More Serious
Joris Evers, IDG News Service
Wednesday, November 19, 2003

"LAS VEGAS -- Taking on ever more sophisticated and aggressive cyberattacks requires a new approach and a lot of security software and services, John Thompson, chair and chief executive officer of Symantec said on Wednesday in a keynote speech at Comdex.

Today's practice of applying security updates after a software vulnerability becomes known or after a virus has been reported won't cut it in tomorrow's world of super-fast spreading worms and viruses that will surface with increasing speed after a software flaw is published, Thompson said.

Soon computers will face 'Warhol' threats that spread across the Internet and infect systems worldwide within 15 minutes..."

Wow. Good times. Click to read the full article.

Brittany

Mili · #5 (**permalink**) 11-20-2003, 11:23 AM

Kilawa said it all. Unplug it.

Rules are set up to be broken. Authorities are "mouths full of rooster feathers but with no talons to strike" (a Spanish saying). There are no moral limits, save for the individual's conscience. Sons and daughters of Brainiac seem to run rampant in this borderless territory. The best of all locks will not deter a thief who is determined to get a hold of what's not his.

And as I sip my coffee and ponder upon this, I ask, what the 'ell am I doing here?

Well, someone has to balance it all out. If there is bad, there must be good. Why make it easy for the low-life to take over a powerful tool and turn it into a powerful weapon?

Just pondering ... not finished ... need more coffee.

- Mili -

Whit · #6 (**permalink**) 11-20-2003, 11:34 AM

Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing.
Author: Helen Keller 1880-1968

The truth is nothing in the world is, or ever will be, 100% secure. Even the most sophisticated car alarm is bypassed in seconds by a professional. The worlds finest museums are robbed by the worlds finest burglars and the networks with the tightest security are breeched by the most dedicated hackers.
The ultimate purpose of any security measure is to simply make yourself a less appealing target to the professionals and weed out the teenagers who read about the latest “neat” exploit on some hacker site.

Just an opinion.

dmcgill · #7 (**permalink**) 11-20-2003, 11:45 AM

Secure Internet, what a dream!
I used to work with the Corrections branch here in British Columbia and spoke with thousands of men and women who were required by the courts to see me due to a run-in they had with the law. Of course, there were those who had "small mistakes" that they needed to make right and others were more serious. One of the most common offences was theft.
I soon became very aware that no matter how well your security system was, no matter how strong your lock was, the security system and locks only kept out the honest people and discouraged some of the "not so skilled" thieves. I see the internet exactly the same. As the anti-virus firms race to keep ahead of those who design them, the designers of these little bugs out smart them. It has become a game. The same for the security of your information shared with others on the Internet. The higher and more complex the firewall, the more safety nets put in place to protect your information the harder some try to break in.
So... to make my two dimes worth of a statement on this forum. The internet will only ever be as secure as the users. The only way to be 100% safe on the internet is not use it. So we all take risks in my perspective. I believe it is an acceptable amount of risk though.

dmcgill

runtdog · #8 (**permalink**) 11-20-2003, 12:02 PM

O.k. people here it is in English. I have been at the front of web design since I was 14. I have always used a PC, and lived with the world of Microsoft. The one PC I still have runs windows 98, and I refuse to run anything higher than that.

I now do everything on a mac. When everyone worries about viruses(this last worm was sent to my email 13 times) I don't have to. Viruses are something I don't even think about anymore. Thats a problem for people using a PC. Maybe one day in the future when hackers start using mac's this will become a problem. Until then I don't even blink at the fact that there is a virus going around in cyber space.

Microsoft build a faulty system, and now they are paying for it.

Lando · #9 (**permalink**) 11-20-2003, 03:08 PM

I agree that there will PROBABLY never be a 100% secured Net, or computer, or, matter of fact, anything.

Remember that there is no 100% chance that you will be here on this planet tomorrow!

The best we can do is shoot for the top, and hope we hit some place close to it. I use Moz/Netscape for both browsing and email, so that reduces some chances of MS specific problems; encryption; software firewalls like Zone Alarm, of course virus programs, and ad aware / spy ware programs; etc. etc... Even after all that, I try to be careful. It's not a big deal either. It may take me a whole minute to be sure all my security-related programs are up-to-date.

Like the car thief, they are more likely to try for the easier target than attempting to hack an alarmed car with Lo Jack attached and The Club on the steering wheel! We who at least TRY to reduce hacking threats to our systems can expect to be fairly safer than those that do nothing or very little to protect theirs, and those people will always be around.

Of course there are those that try to hack the hardened systems for that purpose... because it is difficult. It's 'bragging' rights... but that's life.

Sure, I could unplug, but I would be missing out on one of the biggest revolutions since the printing press! "No one ever promised you a rose garden"... (LOL and to think I never really liked that song!)

Lando

rlrouse · #10 (**permalink**) 11-20-2003, 05:11 PM

Security has to be balanced against usability. For example, we could encrypt our web pages and that would keep out the casual mischief makers. But it would also foil the SE robots that we depend on to crawl our pages and get them ranked.

We could put all of our pages behind high-quality passwords, require that every potential user request a one-time use password, then delete it afer every use. More secure still, but usability is virtually nil.

About the best we can hope for is to strike the best balance that we can come up with and cross our fingers.

minstrel · #11 (**permalink**) 11-20-2003, 11:40 PM

Quote:

Originally Posted by runtdog

Microsoft build a faulty system, and now they are paying for it.

No... Microsoft build a popular system, and now they are paying for it.

Virus makers target systems and organizations that will earn them the greatest amount of publicity when hit - they haven't yet targeted Mac or Linux to the same extent because they wouldn't hurt as many people (although they have targeted both and if you are running a Mac and connecting to the net without virus protection and a decent firewall, you have been fortunate).

The power failure in Ontario and northeastern USA was a major news story because millions of people were affected. A day or so ago, a few thousand people went without power after a windstorm in a suburb of Ottawa for longer than most people were affected by the earlier blackout - I doubt that anyone outside the Ottawa valley even heard of that one...

minstrel · #12 (**permalink**) 11-21-2003, 12:40 AM

...from a recent edition of the Tourbus newsletter:

Quote:

It looks like the security problems that have plagued the Windows community have now invaded the Mac community as well.

According to a report at CNET's News.com, Cambridge, Mass.-based @Stake released three advisories on Tuesday. The first details "systemic" flaws in the way OS X handles file and directory permissions; the second notes a kernel-level vulnerability that does not affect default installations of the operating system; and the third involves a buffer-overflow condition that may be remotely exploitable.

[Source: http://news.com.com/2100-1016-5098688.html]

The solution to all three problems seems to be to upgrade to Mac OS X 10.3 (a.k.a. "Panther.") for US$129.00.

BulletToothTony · #13 (**permalink**) 11-21-2003, 11:34 AM

Not sure if breaking off the topic of security is a good idea, but I was just able to read the article from the newsletter asking about the future of the net and can't wait for to come.

I seriously think that the Net is being developed faster than manufaturers can come out with ways to properly display it. With technologies such as Adobe Atmosphere coming out, the net will be one step closer to the virtual 3-d world a lot of us envisioned not to long ago. For those of you who have not played around with the beta version, I advise that you give it a try. I have seen landscapes created that are simply unbelievable, makes FlashMX look like childs play.

Now the question I have, is how fast will those sites run? What type of server configuration will you need to run them? Does this mean people are once and for all going to switch over to an apache server?

I guess only time will tell.

mtheory · #14 (**permalink**) 11-23-2003, 04:55 AM

I tell my clients its OK to open attachments. Go ahead give out your email address, spam is not a threat. Don't worry, a hacker will never get into your important data.

Security or internet related catastrophies my clients have experienced to date: 0

Most people tend to look for the most complex solutions to a problem and in the process usually compounds the problem. We sometimes must take a step back to move forward.

http://mtheoryit.com

redcircle · #15 (**permalink**) 11-23-2003, 06:33 AM

Quote:

Originally Posted by runtdog

Maybe one day in the future when hackers start using mac's this will become a problem.

What operating system a hacker uses has no bearing on what OS he will hack or write a virus for. They will always target those most vunerable and most popular. Most of the lethal viruses are most likely written on linux/unix/bsd/mac(built on freebsd)

Also to add to that there are a lot of network admins that are converting to Mac's because of OSX. I know i'd be on a mac because of FreeBSD alone but they are too friggin expensive.

Quote:

Originally Posted by computermark

I tell my clients its OK to open attachments. Go ahead give out your email address, spam is not a threat. Don't worry, a hacker will never get into your important data.

Security or internet related catastrophies my clients have experienced to date: 0

Are you being factious? I talk to an average of 20 clients a day at work that have viruses/spam/spyware.

Our email server filters out 100,000 spam emails a day from RBL's and another 40,000 with spamassasin. And those messages still get through.

New spyware that has been showing up does not just track your online habbits but it is also being used to capture your keystrokes, cc info, passwords. Viruses that can infect your system just by being online.

I sure hope you are telling your clients to install the anti-virus software, block the spyware, and to only open attachents from people you know!