Observe two criminals. Each one wants your stuff. Criminal A is sitting
at home in his underwear staring at a computer monitor. Criminal B is
sitting in a van across the street from your house.
A has to gain access to the network your computer is often on. This may
or may not be easy. Best case (for A) is that he is on the same 'last
mile' as you and is simply there with you. Worst case is that he has to
hack his way across several networks to a machine on your network. B just
waits until you aren't home.
A's options at this point are to try to get into your machine, or just
sniff your network traffic. Breaking into your machine requires either
guessing authentication info from things A knows about you or by analyzing
network traffic in hopes of getting some info, or by making use of a
security hole (bug) that may or may not exist on your system, and may or
may not have been fixed. If A is really sneaky, he may try to trick you into installing something that makes his job easier, but you need to be
really stupid for this. B's options are: pick a lock, break a window or
break a door with a big hammer.
A must take care to clean all logs on each machine he has used in this
process, and any logging routers he passes through if he wants to cover
his trail adequately. B should wear gloves, and keep his visit short.
A will learn the contents of your grocery list, the love letters you wrote
to your bosses wife, all those digital camera photos of your cat and if
you are really dumb, he may get a credit card number. He may or may not
get the expiration date, which makes it useful. If A just sniffs the
network, he will get those love letters again, the cat photos you sent to
your cousin, and a big garbled mess of encrypted data from your last
Internet purchase. If A is skilled, and has a fast machine, he might
crack this encryption over a period of 10-20 months if at all, and then
you may be out the $50 you are responsible for in case of
fraud. Meanwhile, B has just stolen your computer, your jewelry, the
mad-money in the soup can, your DVD collection and your favorite velvet
Not surprisingly, more people have more stuff stolen from them in real life
than on-line, by a very wide margin.
The fact is, if you aren't a complete schmuck, you have very little to
loose to a hacker as long as you don't keep important data on your
machine, and you don't send it insecurely. You have absolutely no need
for "palladium" or any other heavy metals to protect data you are not
being careless with. The fact is, you are not even a target. You, as a
normal computer user, are the most un-interesting person on earth to a
hacker. You don't have anything they want. There is not likely anything
they can use or learn from on your machine. You do not likely have any
porn that they can't get for free on Usenet. They don't want your
financial info, when they can go dumpster diving for 20 or 30 cardz in a
The answer is not draconian security measures that you will not benefit
from at all. The answer is to use the same logic that keeps you from
eating food you find laying in the street. At some point, you were
probably taught that it is bad to eat candy-bars you find laying on the
ground. At some slightly later point, you realized that this was good
advice. I'm betting that the vast majority of my gentle readers do not on
a regular basis, eat food they find laying in the street. You just don't
do it. There is no intestinal security device that keeps you from putting
trash in your mouth - you just don't do it.
It should be obvious to most people now that information is like food, and
there are things that you don't want to do with it if you want to stay
healthy. And if occasionally someone doesn't get it, it is no bigger
tragedy than when people buy gold from strangers on the telephone. There
is no good way to keep fools from parting with their money and
info. Think of it as a corrolary to Barnum.
Security that people don't have to think about at all, is bound to
fail. Security has to be a conscious thing. You make an effort to lock
the door of your house. You have a pretty good idea what will happen if
you leave the keys in your car enough times. Why should computer security
be any different from ordinary real world security. The basic law of the
universe is: don't do anything dumb. If you follow the law, you will be
secure at home and on-line, among other benefits. If you break the law,
you will have lots of problems anyway.
Tell everyone you know that you don't need help to avoid stupidity. Have
big conversations about how you are not mentally deficient, and don't need
a "mom" in your computer to watch over you. Learn something rather than
just believing every piece of FUD that rains down on you from on high. If
people start talking about this enough, someone in marketing at Intel or
M$ might start to fear for their bottom line, and stop this
Or maybe we are really that stupid, and need our hands held all the time.