Home > Blogs > 2011 06 18 The Weak InSecurity: Bad Tradedowns

2011 06 18 The Weak InSecurity: Bad Tradedowns

Will you be buying a Chromebook to achieve Security Nirvana?  Will you sell me your Macbook or PC system cheap, now that you're convinced it is beyond your rescue?


Did you enjoy Happy IPv6 Day?  How did you celebrate IBM's 100th birthday?  Increasingly the world comes to accept the importance of Information Technology in our lives. 

As my Blogs point out, what were once esoteric IT disciplines are increasingly made into commodity set ups we much perform to run our businesses, to start our cars, and to talk to our family members (often in the same room).

Whadda week!  Google showed off the Chromebook, now glorifying the Internet as the ultimate system; and in the same space, Microsoft released more patches for more holes in their browser and internal Web access technology.

You gonna get a Chromebook?  Never have so many paid so much for so little.  Meanwhile, what are the security impacts of needing to upload your scanned family photo images to Google only to have them return to your Internet-connected printer?  

Some consider this hypocrisy.  After all, I'm the slash and burn PC computer model guy.  I complain about too many services, auxiliary applications, and endless security patches.

But if this means I need to pay $400 for a $60 ASCII terminal and give all my data to the server high priests who control all my computing, that's nuts.  That's a lot of money to pay for 'Sandboxes'.  What is a sandbox anyway and why does any talk of them make me think of kitty droppings???

Get Smart, get last week's power helper, PSI from Secunia.  It alerted me to the need to patch my last Flash patch.  Beyond that, rejoice in your options.

It's all about options.  PSI can help you keep your many optional apps secure.  Still, wouldn't it be better to avoid the worst scabby and security disease-dripping optional apps early?  Research optional applications early.  How?


The Open Source Vulnerability DataBase (osvdb.org) lists many of the known vulnerabilities for many applications and technologies.  Check out the PHP numbers.  Look up Adobe Flash.  Have at it.

Another good resource is the vulnerability listing maintained by the United States government at NVD.NIST.gov.  

Both have neato interfaces for deciding whether to use 7zip versus Winzip versus some other tool.

PSI can help, if you will help it by avoiding the security basketcases impersonating as valid optional software.  

Let's work to simplify your Macbook or PC, not abandon it.

jt

Comments

comments powered by Disqus