The PhoneBoy Blog

Security Folks: Let’s Not Forget The Dialup Users

31 Jan 2009

My friends at Sourcefire shared a rather interesting experience about using an Internet-connected computer in an East African country. Broadband is still a dream there, and dialup is most certainly not cheap when it’s charged by the minute.

Aside from just the experience of using the Internet on dialup–which I effectively did about 18 months ago during a move–there is a serious question about how up-to-date you can keep a computer when you have to download the multi-megabyte security updates over a non flat-rate dialup connection. The short answer: you can’t.

In reality, no operating system is spared the pain of large updates. While Microsoft is bagged on for constant needs for updating, Mac OS X and Linux also have them. My last Mac OS X set of updates under 10.4 was over 200mb, which would take me more than 8 hours on a 56k line! Linux seems to require fewer updates, though it does depend on which applications you have installed.

Then, of course, there are the updates for the anti-virus and security software. I don’t run anti-virus and security software on Mac or Linux, but you can bet that I do run it on all my Windows boxes. Yet more updates to be downloaded over a slower connection.

Between the third world and places in the first world where broadband hasn’t reached yet, there is still a significant population on dialup. Even though these computers aren’t online 24×7 like you are with broadband, the real security problems aren’t blocked by the Windows Firewall that has been installed and enabled by default since XP SP2, it’s the web browser.

I did find a clever-looking program called ForceField, which is focused entirely on web browser-specific protections. I haven’t tried it, just yet, but I suspect once the acquisition of Nokia’s Security Appliance is completed, it should be relatively easy for me to get a copy to try out for longer than a few days.

While ForceField addresses a small part of the problem, I’m not sure there is a good solution to the general problem of pushing larger and larger software down a dialup-sized pipe. Even with the protection that ForceField provides, it’s always a good idea to keep your operating system and applications up to date.