| I'm a Windows person and hard to convince to convert but the more I have
| to work with open source software at work, the more comfortable I get
| with the *nix.
Linux is no miracle. The Bash bug currently in the news
has been there for 22 years, and so far I've yet to find or
be told of any reasonably usable Linux firewall that will
selectively block outgoing processes. It's designed to be
a server and Linux/OSS is a kind of religion for far too many
people. So there tends to be an attitude that you don't
have to worry about software calling home because it's
just calling "nice churchgoing folks" like yourself. That's
not security. Nor is the similar Apple attitude that Lord Jobs
wouldn't let the Apple faithful suffer by getting infected
with bugs. There's no untouchable operating system. Macs
just allow one to be a bit more lazy... for the time being...
and assuming that you don't mind Apple themselves spying
As Todd pointed out, Win7 is getting attacked slightly more
than XP, which no longer gets patches. But what the Microsoft
marketing dept and the lapdog media don't mention is that
nearly all risks are not actually in the operating system. Script,
Flash, Silverlight, Acrobat plugins, MS Office files, Java, rigged
ZIP attachments.... those are the risks. (In addition to "phishing".)
The attack venues are browsers, email programs, and other
software that goes online. Many people think Win7 is safer than
XP, but that's just default settings. You can run as a restricted
user on XP just as you can on Win7, if that's what you want.
And I'd far rather be using the latest Firefox on XP as Administrator
than using Internet Explorer on Win7 with UAC enabled.
But if you use interactive websites and allow the items listed
above -- especially script -- then you're always at risk on any
computer. Script in webpages turns them into software programs
running on your computer. There's no way to make that entirely
There was an interesting, ironic story this week about how the
IRS is paying out billions in scam IRS refunds, to people who are
filing dummy forms in the name of real people -- or at least real
SS numbers. The IRS apparently thought online filing was slick,
economical and futuristic. Apparently they thought it was inherently
more dependable than paper filing. So they don't require any sort
of paperwork for online filing. You can file your taxes with no W2
or 1099 form!
The one thing in your original post I would be inclined to
comment on is the part about privacy policies. They mean
nothing. Virtually all of them include a "mickey mouse clause"
that says the policy may be changed at any time unilaterally.
Most also claim unrestricted rights to your files and data. They
usually say your files and data will only be used "to provide and
improve the service", but that's flimsy language. If they sell
their database to marketers, then invest that money in the
service, then your private info was arguably sold to improve
the service. We have webmail companies that claim the right
to read your private correspondence, promising it's "anonymized".
There's no such thing as anonymized. And their privacy policies
are usually claiming co-ownership of your files. That's not a
So as far as corporate privacy policies go, they should all be
read to be saying, "If you give us *any* private information we
will try our best to make money from it. You give us that right
in giving us the information." Then decide what you want to
Even if there were a company trying to be honest, things
change. Leaders change. Businesses change. (Google ran
an honest business at one time. Remember?) A business might
be sold. Some of the issues are hard to even know: CVS is selling
out their customers to drug companies. Even if you happen to
have heard that, do you have a choice about shopping at CVS? If
so, can we be sure that Walgreens is not selling their database?