The Security Confirmation Bubble

I know, I know, that sounds like the title of an episode of "The Big Bang Theory".

To better understand what I mean by this you first have to understand what a confirmation bubble is. When you have a certain view on a topic, you lean to only accept information that confirms this view. A logical fallacy that can be made worse with the selection of like minded social circles or even more so with Googles search algorithms that tailor search results to ones preferences.

So it's basically a problem securing that you develop blind spots to important information.

With my recent outreach to use more minority operating systems demonstrated to me a very dangerous one. The obliviousness of Apple and Linux users to threads to their systems security, usually combined with scapegoating Windows as the sole problem child. This arrogance pretty much leads to evangelists outright praising their respective systems for how it is not necessary to even think about security - and making their systems a feast for hacks.

You see, obviously people often think of security problems only as viruses and adware. Things that make their presence known pretty fast, and you won't find that many on either Mac OS X and Linux. But while those are pretty nasty for the desktop users, trojans that hijack your system to add part of their computing power to botnets, and part of that combined power is used to automatically hack the next system are IMHO worse.

Actually I lived pretty secure with my windows desktop, always being aware of security risks, but as soon as I had a Linux server directly connected to the internet, it was hacked. Two times actually. The first time a bot found a weakness in a badly configured Samba Server that was accidentally open to the internet, the second time a friendly hacker manipulated my system finding a security whole in a well known Open Source PHP solution. He only changed the starting page and left his contact. And these are the ones I knew about. Actually I stopped to use that machine to use it for anything other than using it as a firewall, and started using a Windows Server for any service I needed.

Sure, each time the problems were not directly related to the operating system, but it didn't automatically secure the system either. The Samba problem was so common that it was one of those selfhacking bots I mentioned, and we quickly found out about it, because it was so active that it used up the full bandwidth and I later learned that my machine hacked others by reviewing the protocols. That thing was badly constructed, while it nailed the hacking part it failed to keep its presence hidden.

Can you see why this Security Confirmation Bubble is so dangerous? It makes people of oblivious to the fact that, while the systems can be very secure, you always need to keep an eye on security, just using a certain operating system doesn't give you a "get out of that hell" card. Espacially Linux, while not so common on the desktop, runs most webservers. Rarely watched closely. Very yummie for hacks, like the Windows Desktop attracts spambots. If you get lazy because everyone tells you how secure your operating systems are and maybe even belittle windows users, in fact, you're not only contributing to your own insecurity, but to those of others as well, open up your system to criminal misuse.

Don't fall for it only because it is so uplifting and comforting. Just don't!

Networking

To be able to create iOS and OS X ports I needed a Mac, so I searched for the cheapest one that can still run a current OS X Version and ended up with the mini. Then Gamemaker integrated support for Linux and espacially for Ubuntus shop. And every try to install a virtual computing software on my Windows 8 system failed. My Core2 doesn't support Hyper V for witch windows abandoned the loved Virtual PC, VMWare somehow didn't run and Oracles Virtual Box even produced BSODs (nice touch, on Windows 8 the come with a sad smiley). So I had to create a physical Ubuntu System too. The thought of using it for all kind of servers for development purposes came pretty quick, but when my main system failed I found it to be even well suited for my social activities and office.

So when I planned my triple boot machine I not only did plan the infrastructure on that computer, but a new one involving the whole network. And the more I think of it, now that the triple boot system is ready, the more use I find for the two systems (Ubuntu AND the Mac Mini) that at first seemed so useless and only there for compiling and testing sofware.

The Ubuntu system will work as fileserver (SMB and GIT), Printerserver and Webserver, but the Mac Mini will also attend the party by providing the network access to all cloud-fileservers. Contrary to Linux there are clients available for all that I use (Dropbox, Google Drive, Microsoft Sky Drive, Ubuntu One) and it is really not neccessary to have each of the five operating systems replicate them on their own.

But the biggest change is not in the background, and for me personally, its kind of a revolution: I will seperate Work and social media and run the later on the Ubuntu system. That will help me to stay focused while sitting on the one workplace and using the Ubuntu desktop, that I so started to like for this tasks. So, beside games, I now prefer a Linux system for everything fun and see the Windows station only as workhorse. That's quite a change for me :-)

Having the windows system free of all that background workload does effect it immense, as I could see yesterday evening, when I logged in to Second Life, and experienced no frameratedrop under the magic 24 FPS, even when I had more than ten avatars in my view.

Wow.