Online threats outpacing law crackdowns

(continued from previous page)

Law enforcement alone cannot solve the phishing and botnet problems, Rusch and Whitmore said. The technology industry and consumers have key parts to play, they said.

"Part of the problem is the way we design the online environment for users," Rusch said. It should be easier for people to see whether a site can be trusted or not, he said. Some of that is happening today with increased security coming in new Web browsers, for example.

A stronger effort to take down phishing Web sites is also welcome, he said. The average phishing Web site was up for five days in April, and that's too long, Rusch said.

In fighting bots, Whitmore sees benefits in Internet service providers delivering security software to their users. "The long-term benefit of ISPs becoming more involved would be an overall reduction of malicious code on the Internet, and most of us believe that's a good thing," she said.

[hadaso]

You don't need security software

Just stop browsing the web and reading email in an administrator account. The websites you browse and the spammers who send yo email don't need to have administrator privileges on your computer (actually they do need those so they can it over. Don't let them. Go to "control panel", then to "User accounts". Create a "limited account". Use only that account unless you really need to do maintenance on your system, such as system updates, or if you absolutely need to use software that doesn't work in a limited account. If the software is not something used for maintaining your system it shouldn't need any admin privileges and should run under a "limited" user's account. If it doesn't consider using an alternative. If the vendor cannot make it work without accessing privileged system resources that are only needed for system maintenance the software probably isn't very secure.)

The "privileges" that come with your account are provileges granted to the software you run, not to you. You can always switch to an admin account on your computer. You should ceertainly not grant admin permissions to the software run by the email you recive or the websites you visit!

[Zymurgist]

Good advice, though incomplete.

That's good advice, though incomplete. While
running as a limited user may stop some malware,
it won't stop the most insidious malware. There
are a number of vectors for infection that can
circumvent that under current versions of
Windows (hopefully addressed in Vista). You can
find some proof-of-concept code out there on the
net and try it yourself.

No, your best bets are: good up-to-date security
software (none are complete, but most are quite
good), if you have the know-how and resources,
running your Internet client software in a VM
that doesn't save changes to disk (ref VMWare's
products), or skip Windows altogether (there are
several good alternatives these days).

[stacksmasher]

Dude shut up.

Are you insane? Stop living under a mushroom and do some more research.

[209979377489953107664053243186]

encryption on both ends

Websites getting bot attacks should try html encryption, which would prevent actual source code from being viewed, particularly email addresses.

For your computer, shielding your sensitive information from unauthorized access is the safe bet. Using a combination of encryption and usage control over files and email should be a part of your firewall security practice.
<a class="jive-link-external" href="http://www.essentialsecurity.com/products.htm" target="_newWindow">http://www.essentialsecurity.com/products.htm</a>

[Stalin Hornsby]

Guide lines for software program protectionfrom home office; Emu?

Latest web-logistics have lent me into the unknown arms of a notorious skylore. My "yea yea" file extraction utility is in ***!

'Blues Clues"; maybe very unimportant except to free wi-fi tunes.

[Soularddave]

threat to efficiency of the WWW

Seems to me that ISPs, the government, and endusers would be interested. The garbage out there clogs the WWW and could well be eliminated. Homeland Security, it would seem, would be the right agency to clear this up in a hurry.

There ought to be a quick &#38; easy reporting/complaint procedure. If eBay can do it, everyone else should be able to.

If the government can't effect a crackdown, we should all be worried about it's ability to deal with anything.

Any more ideas?

Dave