First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.
Researchers advise cyber self defense in the cloud
- — 12 October, 2009 21:16
Software updates are vital. "Make sure you have the most up-to-date version of whatever software you use," he said. Updates almost always patch security holes. Key software programs such as Adobe Systems' Flash Player and Reader are particularly important to keep updated because they're used on so many computers and are prime targets for hackers.
He also suggested creating a virtual machine on your computer using VMWare as a security measure.
"It's really hard to get people to change their browsing habits," he said. People want to surf the Web fast, visit their favorite sites and download whatever they want without thinking too much about security. "Educate them, move them along, but don't expect them to become security experts."
Internet browser makers take great care in building as much security as possible into their products and putting them through rigorous testing.
The security team for Google's Chrome browser, for example, will take the first crack at any major update to the software, hacking away to find vulnerabilities or ways to improve security, said Chris Evans, an information security engineer at Google.
After the Chrome security team takes a whack at the software and it is reworked to fix the holes they found, other security teams at Google will have a go at the product to see what trouble they can cause. Finally, the software is released in beta form, and private security researchers and others can hack away. Any problems are fixed before the final release goes out and then the Chrome team stands ready to make new patches for any other security issues that crop up.
Despite all the testing, browser makers are only one part of the security solution because they have no control over Web software or user browsing behavior.
The cloud is the Wild West: hackers and malware makers abound, phishers seek passwords and users do whatever they want to, recklessly surfing and downloading potentially dangerous content as judged by security researchers.
Companies developing Cloud applications and services will need to do more for Web security. Amazon.com with its Web Services and Google as it moves forward with initiatives, such as Google Docs, that attempt to draw people to Web applications and away from computer applications will need to work more closely with security researchers, Meer said.
And Google's work on the security in the Chrome browser highlights the reason why: Computer applications such as Chrome face intense scrutiny by security researchers throughout the Web, while Web applications do not.
"Reverse engineering keeps [big software companies] honest," said Meer. "If they hide something in the software code, sooner or later someone finds it. With Cloud services, you just don't know because we simply cannot verify it."
Cloud applications are built by one company, and nobody is looking at the code or how safe it is, said Meer. Applications for computers are different. They can be ripped apart by security experts then put back together stronger so there are no security holes, he said.
"Trust but verify," said Meer. "Just because a guy does no evil today, we cannot trust that they will do no evil tomorrow because we simply cannot verify it."