Earthweb.com Practically Networked Home Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation
Welcome to PractiallyNetworked
Product Reviews

 • Routers
 • Hubs/Switches
 • Wireless Gateway
 • Wireless AP
 • Wireless NIC
 • Network Storage
 • Print Servers
 • Bluetooth Adapters
Troubleshooting
& Tutorials

 • Networking
 • Internet Sharing
 • Security
 • Backgrounders
 • Troubleshooting
    Guides

 • PracNet How To's
User Opinions
Practicallynetworked Glossary

 Find a Network Term  
 
Forums
About
Jobs
Home

  Most Popular Tutorials

• Microsoft Vista Home Networking Setup and Options
The most daunting part of upgrading to Windows Vista may be trying to figure out where in the layers of menus the networking and file-sharing options are hidden.

• Do It Yourself: Roll Your Own Network Cables
It may not be something you do everyday, but having the supplies and know-how to whip up a network cable on the spot can be very handy.

• Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router and by extension, your network is as secure as possible.

  Most Popular Reviews

• Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.

• Iomega StorCenter Network Hard Drive
Iomega's fourth generation StorCenter Network Hard Drive brings many of the features found in higher-end storage devices down to an attractive price.

• MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.



Networking Notes: The Problem With Windows (or Any Other OS)

The battle of Windows vs. Linux or Mac people is a case of everybody being to some degree right combined with an abundance of human obnoxiousness. Regardless of which camp you're in, security threats are changing.

Networking Notes

There's a popular game among online journalists that bears a mild resemblance to batting at a piñata: It's called "Keeping Up with The New York Times Technology Page." It's fun for some because the writers at the Times, trying to write for a general audience, are largely helpless against charges that they're behind the times.

This week, for instance, the New York Times' John Markoff decided to ease everyone into Sunday with a bit of advice. This comment set off a round of either snickering and jeering from Linux, Mac and anything-but-Microsoft devotees — or eye-rolling and finger-wagging from Windows users:

Botnet programs and other malicious software largely take aim at PCs running the Microsoft Windows operating system, because Windows ubiquity makes it fertile ground for network-based attacks.

Using a non-Windows-based PC may be one defense against these programs, known as malware ...

Markoff shows a deft touch for eliciting the sort of snarling, spitting, back-arching discomfiture at which people who do not consider computers a lifestyle choice are frequently taken aback.

For the Linux and Mac people, mention of "Windows' ubiquity" is a two-fold sin. First, it lets Microsoft off the hook for its security problems. Second, it reminds them that the only time you see the words "Mac" or "Linux" next to the word "ubiquitous," they come with additional words like "design departments" or "Cheeto-smelling dorm rooms at technical colleges."

For Windows people, the whole "nonWindows-based PC" business is a scurrilous, shady nostrum that will be no better for users, some ill-defined concept of "innovation," or "invested enterprise stakeholders" than Marxism was for East Germany, and about as fun.

It's a classic case of everybody being a little bit to mostly right combined, frankly, with an abundance of human obnoxiousness ... a substance we've been unable to use to solve the world's pressing energy needs except when it comes to powering the Internet. Let's break it down.

The Problem with Windows

Terrible things happen to Windows users. I don't need to spend much time on this. Just go visit your favorite anti-virus vendor or a Web site that carries security news and the case makes itself.

The only places one might argue more terrible things happen to more victims is at the end of the long chute at a cattle yard. And Markoff's right: Windows is ubiquitous, so it provides more bang for the tiny amount of bucks it takes to turn a worm loose, so it's numerous and unfortunate holes are frequently and zealously exploited by bad people.

Windows machines make swell zombies, they excel at hammering networks with worms, and the industry that provides security software for them has worked so hard to insert itself into user consciousness that machines already sagging under the weight of vendor add-ons like "help centers" and "media monitors" and assorted branding goo-gaws become even more slow and miserable to use. Why did it take four seconds between the "d" and the "a" in "damnit this machine is slow?" Because your anti-virus software needed to pop up to remind you it's on the job, or needs an update, or is going to sleep now, or is concerned that you've had so few viruses it may be a sign that you've got a really bad virus.

Making this situation worse is the decidedly undramatic way in which malware is behaving these days. It doesn't wipe out your hard drive or delete all your files or change your screensaver to a shocking and pornographic display illegal in 49 states. It tends to make itself one background task among many, either hanging around and doing nothing or just churning out spam until someone traces it down and makes it stop. People don't have their noses rubbed in their computer's infected state with a lot of drama and flashing lights and lost files, so ... .

The Problem with Not-Windows

I'm not going to spend a lot of time on this either, I guess. People use Windows for all sorts of reasons, and most of them have an investment in it. Maybe that investment is training, maybe it's in software, or maybe it's even in hardware that won't work very well or not at all with Linux or a Mac. Telling these people "run something besides Windows" isn't very helpful. They'll continue to suffer because of that investment.

There's really nothing wrong with Linux or Macs from a "all things are equal" point of view, which they never are. And as many Linux people are fond of pointing out, how much of the stuff my colleague over at Linux Today refers to as "greeting card software" do you really need when the Web is becoming the real platform?

The Problem with the Future

Besides the fact that none of us is ever going to get a flying car, or the unhappy silence with which my repeated requests to Apple to start including free quad-core Mac Pros with the purchase of Cheerios has been greeted, the big problem with "the future," where "the future" is "that period of time when we aren't running Microsoft Office in favor of some Web-thinger from Google," is the way security threats are going to change. In fact, they're already changing.

Consider a story recently posted on MSNBC's site about Dave DeSmidt, a worker planning to retire in a few years. According to the article, DeSmidt's 401(k) retirement account was raided and all $179,000 transferred with an online transaction. Before finally caving with some media attention and giving DeSmidt his money back, the brokerage firm reportedly had this to say:

"J.P. Morgan concludes there was no external or internal breach of controls with the J.P. Morgan environment, ... Access and authentication controls established within J.P. Morgan worked appropriately."

In other words, it wasn't some stealthy hacker sliding through the corporate firewall. Rather, it was someone who scored DeSmidt's username and password and put them to work. How that information was obtained is anybody's guess, but if any security breach has been gaining in the past few years, it's been phishing attacks, and the accomplices in some of those attacks are the Web browsers themselves, which have fallen victim to a number of cross-site scripting attacks (define) as well as more obscure vulnerabilities involving URL character encoding and more.

In some ways, we've come full circle in terms of computer security: The Kevin Mitnicks of the '80s and '90s prospered by learning to get the humans running the computers to cough up useful information. Phishing attacks just automate the process of getting unwary users to give out a password or account number.

But since this is supposed to be an upbeat and cheery column, designed to fill you with hope for the coming year, I'll throw out something you can look at right now if you're concerned about phishing and want to get a head start on the future:

PhishTank is a clearing house for phishing information. It provides a public database and API (define) designed to help protect users from phishing attacks. There are Phishtank-powered tools built in to the Opera browser, as well as tools for securing Outlook and Outlook Express. Prefer Firefox? There's an extension for that, too.

I'll soon look at other ways to use PhishTank and other technologies. In the mean time, try out those extensions and plugins, and maybe even Opera. And quit picking on the guy from the Times.


Add to del.icio.us | DiggThis


For more help, don't forget to try one of our PracticallyNetworked Forums.



Earthwebnews.com Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation


Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums