This is an edited reprint of an article I first published over a year ago, but it addresses a concern of which Windows users need to be constantly reminded.
Since the first edition of my security book “The Hacker’s Nightmare“ was released in 2003, it has always carried a 100% satisfaction guarantee.
Yet in all that time we have received a negligible number of requests for refunds –- no more than a handful in five years. As anyone familiar with the marketing of information products online will know, that’s an extraordinary statistic, and one of which I’m very proud. It’s a clear indication of the value of the book and the information it contains.
Even of those few we’ve refunded, the majority have obviously been “scammers” if that’s the right word. A thief is a thief, whether virtual or real-world. Anyway, it’s easy to pick the thief; he buys your product and within a few minutes (just enough time to download it) he claims a refund, usually directly from the payment processor, ClickBank or Paypal. OK, we know there are dishonest people out there – that’s life.
The other few “refundees” usually offer (unasked) a good reason and even appear apologetic for making a claim. These we are happy to refund and I never give them another thought. One gentleman telephoned from the UK to Australia to say he couldn’t follow the directions and could he have a refund because it was all a bit beyond him. Turned out he was a raw beginner who had just bought an Apple Mac. No wonder it was all “double Dutch” to him – wrong Operating System!
No refund request is ever denied, but once in a while a “reason” given for requesting a refund irks me for days after.
So what’s all this got to do with security?
Steady on. I’m getting to it.
A while back one of my assistants processed a refund request for a lady who gave this reason:
“The reason I’m not satisfied with it is because most of the recommendations entail buying software to protect my computer and frankly I am not in a position to spend any more money than I already have on my computer.”
Now, first up, that’s a misleading claim for several reasons.
Many of the techniques and tools I recommend – and describe in considerable detail – are completely free.
In some cases there are free versions of commercial software that I class as “adequate”, but give reasons why the full commercial version would be a better choice. Ultimately that choice is up to the reader.
Finally, there are cases where I flatly declare and avow that a specific item of commercial software is mandatory and that the alternatives – free or cheaper or whatever – are not worthy of consideration, and I give detailed and substantiated reasons why. But even in these few cases the cost is never significant.
Then there is the educational value. It has been proven on many occasions, in many different businesses, that just reading “The Hacker’s Nightmare“, and taking no actual action, will leave the average computer user better educated, better prepared, more aware and safer for the experience.
How come? Well, you see…
The first line of defense against many Internet-borne threats is THE HUMAN BRAIN!!! And just reading through “The Hacker’s Nightmare“ will imbue an awareness that the average reader did not possess beforehand.
Mind you, “read only” is certainly not what I recommend. Far from it. But sometimes that’s the only course open to some people.
For example, at least two police forces that I know of use “The Hacker’s Nightmare“ to educate officers in the basics that will better equip them for taking complaints on computer crime. Obviously the officers are “discouraged” from implementing preventive measures on their force’s network! In an organization that’s the responsibility of the IT support person.
Similarly, several companies have purchased multi-user licenses for “The Hacker’s Nightmare“ and make its reading a mandatory condition of employment for all staff.
Most organizations have an “IT person” responsible for configurations and installations, and general staff are (wisely) forbidden from engaging in such activities themselves.
Yet smart management is awake to the fact that computer and Internet security is as much a mindset as it is a course of action. By insisting that all employees read “The Hacker’s Nightmare“ they are taking that extra educational step that can make all the difference to their organizations overall level of data security.
In other words, action without education is a half-assed approach.
And finally…
If you’ve got this great book that will tell you in plain language how to “do security stuff”, why do you need any other programs at all?
Good question. Here’s why:
There’s a lot of “stuff” missing from Windows, and there is a lot of “stuff” in it that the average user would be better off without.
There are also software components included in Windows that don’t do a very good job; the built-in software firewall is a good example.
Each of those situations is either the source of security holes or the reason we need to add extra functionality to Windows. We do that by the judicious inclusion of 3rd party programs. Unfortunately just “tweaking” what’s already there won’t come close to securing a system against even the common threats.
So what’s YOUR position on buying a computer, with Windows pre-installed, and not spending just a little bit extra on safeguarding it? One consequence that’s almost guaranteed is that the first serious malware incursion you suffer will cost you a lot more than “The Hacker’s Nightmare“ and a few protective utilities.
But if you’re still one of the reluctant crowd, here’s a little eye-opener for you. Try a Google search for the terms:
honeypot, computer or PC, and minutes
Here’s a ready-made link for you:
http://www.google.com.au/search?q=honeypot+PC%7Ccomputer+minutes
Scary, huh?
Still want to go it alone?
