Who "Owns" Your Computer & Data?

PCs connected in any

Ditto for Macs.

"Mac OS X doesn't stand out as particularly more secure than the competition, according to Secunia. Of the 36 advisories issued in

2003-2004, 61 percent could be exploited across the Internet and 32 percent enabled attackers to take over the system. The proportion of critical bugs was also comparable with other software: 33 percent of the OS X vulnerabilities were "highly" or "extremely" critical by Secunia's reckoning, compared with 30 percent for XP Professional and 27 percent for SLES 8 and just 12 percent for Advanced Server 3. OS X had the highest proportion of "extremely critical" bugs at 19 percent. "

So the question remains: How do you keep proprietary information safe?

Key critical information has to reside on computers that do NOT need to be connected to the Internet to keep "running" without some damned nlicense application demanding you connect via the Internet.

Right now, the Mac OSX can operate off a network and you don't have to go on except in the first launch to register (you can bypass that, though I haven't tried it). Win XP Pro can also do that and remain off the Internet, though apparently it may still try to connect to its update servers without the user's knowledge or warning.

Vista, on the other hand, sounds like it will have a heck of a time operating in a secure non-internet connected basis, at least without some form of special license or version.

Given the nature of hacking for profit that is going on worldwide, I get the feeling many companies just hope they won't get hacked. Obviously, companies that must meet rigorous military or government requirements for secrecy and safety, will NOT use PCs that can not be run successfully off the Internet.

What does your company do with sensitive data?

Bo

Check out "Shields up" at:

it may give you a warm feeling in your pants or make you even more paranoid!

Kev

I'm not paranoid, Kev, & I've used the Shield's up check and keep most things locked down and behind hardware firewalls. But I don't allow critical data to be on a computer that is on the web.

Bo

Anecdote from Chinese user of Windows XP posted on Slashdot.org:

"Xinhua report that a Beijing University student has sued Microsoft for allegedly gathering personal information via Windows Genuine Advantage. He has demanded a compensation of 1,350 RMB (around US$

180) and an open apology printed in a national newspaper. The student has accused Microsoft of using WGA to gather information about his computer and himself, rather than solely checking whether or not the installed Windows XP system was genuine. A Microsoft spokesman has declined to speak on this issue and said that the matter is under investigation."

One would have to ask what kind of firewall you have if they can do this. Normally, a connection can't be made from outside unless a computer inside asks for it. So the logical conclusion is that your computer called home like a beacon.

TOP

But when the OS, in effect, has a back door programmed into it, it can call out any damn time it wants to do so. If it is smart, it does it at minimal activity times, in short amounts, etc.

In the news today was the Ameritrade software that also had a malicious back door programmed into it by someone on the inside to allow data extraction. Just like Microsoft does.

Bo

The absolute worst part of this is what hackers can now do, which is suggested by the following user comment on Slashdot:

"So now that hackers know there exists a backdoor to the windows update which will let them update a stealth patch to anything they want in the system because it runs with admin rights, this isn't a big deal to you?"

If this doesn't tell you something very serious about what a hacker or a former "white hat" from Microsoft could do, it they can gain control of your computer, your data, your applications, etc., any time they want.

Microsoft has reached the point of be all do all, and it is now dangerous. I am beginning to wonder now when businesses start abandoning Windows soley on the basis of lack of being able to audit the code.

I think the true value of open source OS's has now been revealed. If Linux or BSD Unix had back doors installed, it would be known very quickly by programmers examining the code. Microsoft will never tell what is in their OS. In fact, I would bet that the NSA worked with Microsoft to make sure the NSA can access any Windows machine if they want.

How is that for informed speculation?

Bo

The traffic is still going to be caught by the firewall if it is separate from the Windows machine. I noticed Windows update stuff typically happens after hours. But it does show up on the radar.

TOP

Given this mornings news from the EU, it appears from headlines that Microsoft may be required to open up some of their code in addition to the fine. Maybe there will be more transparency in their proprietary OS, and maybe that will alleviate fears about back doors and lack of privacy as a result of all the accidental security holes.

Time will tell.

Unfortunately, for me, I do not think I will ever trust my PCs to be on the Internet along with my proprietary data, as I don't have the time and expertise to become an expert at protecting PCs from hack jobs.

For me that means I will keep proprietary data off the PC whenever activation is needed, and hopefully the PC will never be back on the Internet or a network, or if it is, it won't have proprietary data on it.

Bo

One thing about SW models. If anyone tried to download even a fraction of the vault we have it would show up on the IT radar as a huge one way outbound traffic jam.

TOP

That is true.

Often the most valuable Intellectual Property that a firm owns is its trade secret spreadsheets and product plans, though, & those may be as simple as a 100k spreadsheet or outline.

Given the breaches in various large companies involving various types of consumer data in a variety of ways, including secret back door code installed by coders (think Ameritrade), there are good known reasons to be careful and cautious.

Bo

And this is why any computer system with any pretense to security has an "air gap" between itself and the Internet, especially if it uses a proprietary (no source code available) operating system and application suite.

And yet I'll bet 95% of the Comp.Cad.SolidWorks viewers do NOT have that attitude for various reasons:

1. I am just a single designer for God's sake
2. My work is too inconspicuous
3. My firm is too small
4. Nobody knows we are doing cutting edge machines
5. Hackers only pick big companies

Bo wrote in news: snipped-for-privacy@v23g2000prn.googlegroups.com:

1. Collaboration over the Internet is required.

BINGO!! (it's like cross posting... let's open up another can of worms!)

..

That Internet collaboration is what a 2nd computer is for, like the one that is only 1 ghz which is too slow for SolidWorks anymore, but can whack away just fine for anything in email or ftp for files and browser work.

They are just tools, and we use them as such, just like we don't do a single drill hole on a CNC, because it is quicker and easier to use a drill press.

Bo

Bo,

I understand, and, that's with all paranoia intended. I use to work with a mac (email/docs/,..) and sun/hu-ux (pro/e,..) system for a few years. It works well but it's not perfect (nothing is).

I was just making light of the fact that you guys have been cross posting and targeting yourselves to all the evil in the world... oh no!!!!

I mean, seriously, do you strip all of your emails and data from your email machined when you receive data? Where is it stored? Can't someone get in... you damn right they can!!

You can curve them as much as possible but.. if your linked, you're vulnerable. Bottom line, if someone wants to get it... they can and they will as you know.

..

zxys (what does that stand for, if anything, and how do I pronounce it?),

I'm not paranoid, but am protected. My SolidWorks machine never goes on the Internet or local network.

Bo