My OperaThinking about software - security approach
Wednesday, November 3, 2010 8:15:04 PM
Thinking about Windows
Why people think Windows has more insecurities than other Operating Systems. For me it's a little bit absurd, you could get infected no matter the OS, no matter where you are. Many times apps aren't what you expect them to be. People often think that scanning app file makes the application secure. There is a lot of viruses out there which work completely different. First when you install them they look completely harmless and work like any other fine software you use everyday, then silently they attack core parts of your system, most of them attaches themselves to system Shell and you as a user became helpless, most likely wouldn't know where the problem is. Why does your computer run so slow? Why does you anti-virus picks up some affected .temp files for example. Most of the time even the best anti-virus wouldn't pick up these.
Spyware
Then there is spyware, which probably concerns me the most. Ever though about your credit card details stolen and what it could eventually lead to? Imagine you walk down the street and someone steals your wallet. You notice it hours later. By the time you notice your wallet is missing so is your ID and Credit/Debit cards are, you start calling bank branches one after one to prevent thief from using any more of your money. Losing you personal data would lead to you to money and time loss. Same happens when you get you computer data stolen, you lose more when the security is not sufficient and you as user do not use software with thought about your security. Think about where you store your passwords? Card PINs?
Internet
With Internet it's a little bit different wherever go on line and surf through the web as if nothing could touch you. But think about web pages as someone else's property, think about Internet as a real time world map. Web pages can contain anything the owner wants from spyware that would steal your data to viruses that could easily affect your computer and exploit the insecure code.
Software
How much I agree with that one, there is NO one overall solution that will get you to the point of creating fully secure applications as well as there is no application that cannot be cracked, it's just a matter of time on hackers hands. Whatever software you will write you have to take into consideration that there WILL be a person that WILL try and most likely crack your code.
Making things happen
The truth is it's better to think about software as a hacker puzzle. When you implement try to imagine yourself as person who would try to crack it also think yourself as a user. How to make an user less prone to security leaks? How to make the application more secure from every side? How to secure software data? Consider database security, installation security as well as settings security. There is much to take into account, all depending on the kinds of software you're writing. Never forget that you're code is as secure as you make it! The user just follows the procedures that you as programmer wrote.[/ALIGN]
Why people think Windows has more insecurities than other Operating Systems. For me it's a little bit absurd, you could get infected no matter the OS, no matter where you are. Many times apps aren't what you expect them to be. People often think that scanning app file makes the application secure. There is a lot of viruses out there which work completely different. First when you install them they look completely harmless and work like any other fine software you use everyday, then silently they attack core parts of your system, most of them attaches themselves to system Shell and you as a user became helpless, most likely wouldn't know where the problem is. Why does your computer run so slow? Why does you anti-virus picks up some affected .temp files for example. Most of the time even the best anti-virus wouldn't pick up these.
Spyware
Then there is spyware, which probably concerns me the most. Ever though about your credit card details stolen and what it could eventually lead to? Imagine you walk down the street and someone steals your wallet. You notice it hours later. By the time you notice your wallet is missing so is your ID and Credit/Debit cards are, you start calling bank branches one after one to prevent thief from using any more of your money. Losing you personal data would lead to you to money and time loss. Same happens when you get you computer data stolen, you lose more when the security is not sufficient and you as user do not use software with thought about your security. Think about where you store your passwords? Card PINs?
Internet
With Internet it's a little bit different wherever go on line and surf through the web as if nothing could touch you. But think about web pages as someone else's property, think about Internet as a real time world map. Web pages can contain anything the owner wants from spyware that would steal your data to viruses that could easily affect your computer and exploit the insecure code.
John Paul Mueller[/QUOTE]Thinking and implementing security measures in applications are two different things.
Software
How much I agree with that one, there is NO one overall solution that will get you to the point of creating fully secure applications as well as there is no application that cannot be cracked, it's just a matter of time on hackers hands. Whatever software you will write you have to take into consideration that there WILL be a person that WILL try and most likely crack your code.
Making things happen
The truth is it's better to think about software as a hacker puzzle. When you implement try to imagine yourself as person who would try to crack it also think yourself as a user. How to make an user less prone to security leaks? How to make the application more secure from every side? How to secure software data? Consider database security, installation security as well as settings security. There is much to take into account, all depending on the kinds of software you're writing. Never forget that you're code is as secure as you make it! The user just follows the procedures that you as programmer wrote.[/ALIGN]
How to make yourself more secure while being online? While the truth is you're never safe while connected you can try and make it happen bit by bit. Here are some tips that I recommend everyone follows:
(53%)
