The link shown on Slashdot is very interesting:
Http://www.ranum.com/security/computer_security/editorials/dumb/
Briefly describe it in Chinese. For more information, see the original article.
The author believes that there are many common mistakes and opinions in the computer security field. The most serious six are:
1-default-many items are allowed by default in our system, suchProgram, Port, etc. Is it necessary?
2-enumeration of bad things-if we only need to care about what we really need, isn't it easier to list what we don't need? (Do we really need to engage in an "arms race" with hackers "?)
3-penetration and patching-many software vendors are looking for someone to test system security vulnerabilities and try to release patches to customers before hackers take advantage of them. Is this really a good solution? (The author's example is ie)
4-hackers are cool-many media have intentionally neglected to beautify some bad things and behaviors, such as hackers.
5-training/educating users-why do we need to educate users not to do this? Is it necessary? Many simple principles and usage habits are often unpredictable and blocked by users, unless you eliminate the possibility of such a choice from the source.
6-better than inaction-this is related to Chinese Taoism. When we are preparing to start installing and using a new software or tool, we 'd better stop and think about it first, observe.
The author also summarized some less serious incorrect ideas, such:
-We will not be attacked.
-If you patch all users at any time, everyone will be safe.
-We don't need a firewall because we have a good host security mechanism.
-We don't need a host security mechanism because we have a good firewall.
-We should first use it to solve the security problem later.
-We cannot prevent accidental problems.
The last point is funny. The author gives an example. If you think that the aviation industry treats your life in this way, will you still take a plane from a commercial airline?