NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Is ransomware attack on ReadyNAS possible?
Synology NAS servers are under attack of SynoLocker ransomware http://www.cso.com.au/article/551527/synolocker_demands_0_6_bitcoin_decrypt_synology_nas_devices/. Devices are encrypted and the owners a...
Hi xeltros and StephenB
First of all, I must say that I have found both your replies to be comprehensive, informative and above all very enjoyable (you guys probably weren't going for "enjoyment" but I liked them anyway).
Xeltros
As you are a computer scientist it is obvious that you can see and understand the IT world far better than I ever could, being a humble home user, and all I can really look at and try to understand is the end product.
That said, I would just like to run over a few points with you (sorry if they seem silly):
You said:
That I understand, and for my part, I now practice very limited "explorative/inquisitive Internet surfing", much less than I used to do a few years ago.
However, the average (home) user, when he gets his new computer, just wants to get out there on the Internet and explore, maybe even download anything and everything that can be downloaded, which can be disastrous for the end user and can propagate the spread of malware.
I guess my point is that risk assessment is performed by the professional and the knowledgeable, home users get no warning, not even a cautionary leaflet, about the potential problems they may face when they start to use they're shiny new toy.
Here's an 8example, when I got my ReadyNAS Duo v2 in December 2012 I also got the necessary extras to make the thing work, i.e. cables, software etc., but there was nothing about security. Now, I presume that my NAT table, in my router, and network aware firewall and AV will keep my NAS safe but I cannot be sure because information on this point is very scarce.
As you know, Netgear has introduced an AV add-on for NAS products running firmware 6.x but nothing for those of us running firmware 5.x. This to me shows that Netgear is aware of a security problem with NAS devices but did not think that the thousands of 5.x users should have this facility, i.e not even qualifying as an afterthought.
So once again, if the producers of IT kit will not or choose not to mention anything about security, or offer new facilities when available, then how is the end user suppose to know what to do.
However, I do personally realise that in order to keep my IT kit safe I have to go through a certain amount of self-education and self-control (curbing my enthusiasm). But it would still be a good idea if the Netgear boffins and/or real NAS enthusiasts could have online a "do's and don'ts" of NAS security.
Again, what I am saying is that most home users (not enthusiasts) cannot on their own understand or appreciate Internet security problems, they tend to be dependant on the built-in utilities that come with the product. Therefore, if security features are not added then most users will just get on with the items that came with their new toy, and as you can appreciate that just continues the spread of malware throughout the net.
StephenB
I'll just say two things:-
1) I agree with you when you said:
Metrics, statistics, etc. mean very little to most people, so when crossing the road, fastening your seat belt or even getting out of bed in the morning is not something you spend hours calculating you just do it. Unfortunately, for home users IT security is not second nature it is something that has to be given serious thought, which is something most users do not do.
2) And yes, I totally agree that the Internet is not the same animal it was 15 years ago and that is why most users today need help, whether they realise it or not, because unless IT equipment manufacturers start to include security/self defence utilities with their kit the Internet will continue to be flooded with malware.
I hope I have got my point across and not repeated myself too many times.
UK Bob
First of all, I must say that I have found both your replies to be comprehensive, informative and above all very enjoyable (you guys probably weren't going for "enjoyment" but I liked them anyway).
Xeltros
As you are a computer scientist it is obvious that you can see and understand the IT world far better than I ever could, being a humble home user, and all I can really look at and try to understand is the end product.
That said, I would just like to run over a few points with you (sorry if they seem silly):
You said:
Managing risk is about :
- reducing the odds
- reducing the duration (if applicable)
- reducing the impact (the gravity)
- reducing the affected devices (the zone)
That I understand, and for my part, I now practice very limited "explorative/inquisitive Internet surfing", much less than I used to do a few years ago.
However, the average (home) user, when he gets his new computer, just wants to get out there on the Internet and explore, maybe even download anything and everything that can be downloaded, which can be disastrous for the end user and can propagate the spread of malware.
I guess my point is that risk assessment is performed by the professional and the knowledgeable, home users get no warning, not even a cautionary leaflet, about the potential problems they may face when they start to use they're shiny new toy.
Here's an 8example, when I got my ReadyNAS Duo v2 in December 2012 I also got the necessary extras to make the thing work, i.e. cables, software etc., but there was nothing about security. Now, I presume that my NAT table, in my router, and network aware firewall and AV will keep my NAS safe but I cannot be sure because information on this point is very scarce.
As you know, Netgear has introduced an AV add-on for NAS products running firmware 6.x but nothing for those of us running firmware 5.x. This to me shows that Netgear is aware of a security problem with NAS devices but did not think that the thousands of 5.x users should have this facility, i.e not even qualifying as an afterthought.
So once again, if the producers of IT kit will not or choose not to mention anything about security, or offer new facilities when available, then how is the end user suppose to know what to do.
However, I do personally realise that in order to keep my IT kit safe I have to go through a certain amount of self-education and self-control (curbing my enthusiasm). But it would still be a good idea if the Netgear boffins and/or real NAS enthusiasts could have online a "do's and don'ts" of NAS security.
Again, what I am saying is that most home users (not enthusiasts) cannot on their own understand or appreciate Internet security problems, they tend to be dependant on the built-in utilities that come with the product. Therefore, if security features are not added then most users will just get on with the items that came with their new toy, and as you can appreciate that just continues the spread of malware throughout the net.
StephenB
I'll just say two things:-
1) I agree with you when you said:
I don't research the odds when I am trying to decide whether to fasten my seat belt. I just fasten it.
Metrics, statistics, etc. mean very little to most people, so when crossing the road, fastening your seat belt or even getting out of bed in the morning is not something you spend hours calculating you just do it. Unfortunately, for home users IT security is not second nature it is something that has to be given serious thought, which is something most users do not do.
2) And yes, I totally agree that the Internet is not the same animal it was 15 years ago and that is why most users today need help, whether they realise it or not, because unless IT equipment manufacturers start to include security/self defence utilities with their kit the Internet will continue to be flooded with malware.
I hope I have got my point across and not repeated myself too many times.
UK Bob
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
