July 17, 2008

Internet Security

I expect some heat for writing this article. But that’s okay. I am used to it. My main crime here is that I want you to be careful and I want to help save you from a potential tragedy. So here goes…

I have been online longer than anyone I know. Since before there were web browsers in fact. I was always the one who reassured folks and said, “Go ahead, it’s safe.” And now, I am pulling the plug.

Not entirely mind you, but I am taking my main computer offline. Spam, Wi-FI invaders, Spyware, virus problems, it’s all too much. These things rarely (if ever) impact me. I am lucky because I am a Mac guy. We see 1/1000th of this crap that you unfortunate Windows users see. But I know it’s only a matter of time. And I can’t risk the things that are REALLY important to me like my photographs, my writing, my research, etc.

So I am going to connect to the Web exclusively via my laptop from now on. And I will not put anything vital on that machine. When I need to download a new firmware upgrade or a new software patch, I will do so on the laptop and then burn the file to an external hard drive and transfer it to my desktop. Likewise, when I need to send a file from the desktop, I will copy files to a portable hard disk and port it over to the Laptop for transmission to the Net. Will this be a hassle? You bet. Will it be worth it?

Well let’s see… I have 440,000 images on my main drives. These hard drives hold my retirement. Do I want to risk losing that data? Sure it’s backed up nice and safe on my Drobo, but do you know how long it takes to restore three terabyte’s worth of data? And then there’s the research and writing that goes into all of my books and articles. Months of work are at stake. And if a virus takes over my machine and wipes out my data, I’m in deep, deep trouble.

The good news is that PCs and now, even Apple’s Macs, are available for under $500. That means you can use an inexpensive machine to go online and keep your important data safe on another computer.

I am advising all of my clients to take this approach. Will they listen? Probably not. Will they regret it later? I’d bet the ranch that for at least one of them, the unfortunate answer is yes. The scenario in Ahhhhnold’s movie “The Terminator” may be farfetched, but if a computer worm eats all of your prize winning photographs, you’ll surely feel like some machine killed you.

Am I overreacting? Some will say yes. That’s okay with me, because the better safe than sorry approach will never hurt you in a case like this.

Join the conversation! 63 Comments

  1. I do hope you are wrong, but what will prevent those items you transfer from your online machine(s) to your offline machines from hiding some malware.

    Do you fear that you will have developed false sense of security (maybe not you, but your clients) that will bite later when defense software is not kept up-to-date on those machines (because they are off-line and there are frequent updates)?

    Or an off-line machine accidently has a Wifi device turned on and things find their way in that way?

    Will you then maintain two networks of computers to prevent things from going between segments?

    Why the sudden change of heart? Such a change hints that there was a pivotal event. And maybe you’re not at liberty to say.

  2. Not overreacting at all, this is a legitimate concern and many people do it if they have the funds to have several machines.
    I believe that many of us pray and hope that nothing would happen, knowing that threats are everywhere.

  3. @Mark I have no sense of security at all so it’s not possible for me to have a false sense of security. And there’s nothing in my post or my character that should lead you to think that additional machines won’t be defended. It’s impossible to turn wi-fi on when you don’t have wi-fi.

    I’ve been thinking about this for a while. I have friends who use Windows machines who have been hit hard. I just think it’s arrogant for me as a Mac user to assume that it can’t happen to me. I am taking precautions. And while I have a very expensive, state-of-the-art burglar alarm at my office, I also know that someone, somewhere is good enough to beat it. I just think I should do what I can to prevent it.

  4. I understand what you mean and can’t blame you at all for being protective. You got me thinking now Scott.

  5. I hope you have those 440,000 pictures off site as well as on your Drobo.

  6. This is the big unanswered issue with digital images: storage and archival. I do a lot of work with scientific images, and there are the same long term issues with these. With prints, there is no additional equipment needed to view the images. There are fairly well established procedures for archival storage of these (paper, development, archival storage) to get hundred year storage.

    For digital, it is much harder. Drives fail, controllers fail, technology changes (floppies? zip drives?) and even things like cd/dvd’s haven’t really been around long enough to really establish long term storage.

    I know this is a post about security, but in many ways security and backup are intertwined. If you had an absolutely foolproof system to recover your images, then the only issue from a security standpoint is that someone can redistribute your images (which you can answer with legal protection) but you can never truly loose them.

    What you are proposing is what (smart) network people describe as the only secure system — one that is not connected to anything. What I might suggest instead is to flip your picture. Instead of one computer connected to the internet, have one that is not. This not-connected machine is then the hub of your essential backup and sensitive information there. This system is not as secure as what you have proposed, but is more likely to be implemented.

    I also know a couple of people who have important images printed professionally, because they feel that the scanner technology is to the point where they can completely recover the digital image if they need to, and the peace of mind of not having to worry about hard drives and backup is important to them.

  7. Prudent, methinks, if not overdue.

  8. It is a good idea to have an online and offline machine. If you down load something for the offline machine wait a few days to virus scan it so AV software can catch up with their definintions before you install it. If you have to update your OS then (windows) than it is reasonably safe to connect long enough to update. I take great care to avoid the possible ways of getting infected as much as I can but you can’t prevent everything. Fortunately for me I have had one virus in 8 years of computing so what I am doing is working for now. And last but not least backup, backup, backup in more that one location.

  9. PS. My wife has a Dell desktop that I have to maintain (a pain) and I’m a full time colour retoucher on Macs at work and my personal machines.

  10. So what you are saying…is the terrorists have won? ;-)

  11. It all comes down to the eternal trade off between convenience and security. Moving updates around on disks is not convenient, but it is a hell of a lot more secure! If I had as much to protect as you I’d probably be thinking along similar lines. As it happens I don’t, so, for now, I’m happy with my current backup proceedures, one on-site backup and one off-site updated once a week. That may change and I may well go “the Scott Route” at some stage in the future.

    I honestly can’t see why anyone could give you heat over this. It’s sound advice.


  12. @Bart I have one of those personalities that just generates heat no matter what I say :)

  13. @Scott:
    “And there’s nothing in my post or my character that should lead you to think that additional machines won’t be defended. It’s impossible to turn wi-fi on when you don’t have wi-fi.”

    I’m sorry I rambled a little. You stated you advised all your clients to do the same. It is with them, who might not be as zealous on security. In companies where security is good and virus software is updated, I’ve been on machines that were not online that had virus or other security software that were not updated or enabled because monitoring software couldn’t get to them or they were forgotten (much like an archive machine could become). Anti-virus vendors have made it so easy to keep machines up-to-date because, historically, customers don’t want to handle that constant maintenance that comes with the territory.

    I think the idea of having another machine that is your storage is a good idea, but I think that having an alternate OS on the two disconnected systems might be another layer to security, as cross-pollination would be much less likely.

  14. I think you are overreacting myself, but then again this should be a personal decision.

    It just sounds to me like you are making life unduly difficult. Why not just rotate hard disk backups have one kept off site like in a bank vault? After all a 4 terabyte array box from someone like LaCie costs less than $900 now…

  15. @Jon T this isn’t about backup – it’s about security – and a backup that contains a virus or other problems isn’t anymore secure than a primary copy with the same issues.

  16. Surely the point of a security compromised or destroyed system, however caused, is to be able to re-install the backup (after backing up the backup of course). If what you are saying that some virus with a payload set in the future that…urgh.

    Anything is possible I agree, but I hope to goodness you are not proved right Scott!

  17. This sounds like the full-body-condom approach to safe sex. Sure it will be more secure but the disconnected switch is going to be a painful one.

    Every fortune 500 company has important sensitive data stored on computer networks that (no offense) are much more valuable than your pictures. Why don’t you invest a couple grand in a network engineer and some *real* network hardware? Nothing will be as secure as completely offline but I think you can achieve a nice balance without reverting to the dark ages.

    If not .. let us know how it goes.

  18. @Kyle West I’m happy to let the fortune 500 (sic) do whatever they like. I’m happy in being the most secure. (Oh – me and the dark ages are old pals.)

  19. @Jon T I’ll be addressing backup next week.

  20. As someone who is in the IT field and a hobbyist photographer, I can see both sides of this.

    To be honest, I do think you are overreacting and that the steps you are taking (an “internet only” computer) won’t necessarily protect that data on your non-internet systems.

    Malicious code and users are certainly a concern. Viruses, worms, trojans and remote users bent on cracking into your system will always be something to worry about… but the more likely culprit of data loss has nothing to do with the internet at all… it is usually hardware or software failure (a corrupt OS, a motherboard that dies, a HDD that gave up the ghost, a faulty power supply). I have worked with servers and systems that cost more than most people’s cars ($90k+) and even they, for all their redundant drives and power supplies, still have central points of failure that can ultimately lead to data loss.

    Could you run into a situation where a malicious user or a piece of code caused you to lose data on your computer? Yes, it could happen… but with basic precautions you can drastically reduce that risk.

    – Prpoperly configured hardware firewall on the edge of your network
    – Don’t operate your computer as a user with admin privileges
    – Don’t install software that you don’t 100% trust… or test it on a spare computer first
    – Run good AV software that has up-to-date definitions
    – Eliminate Wifi from your network and only use cabled connections between your PC’s

    Doing those simple steps will protect you 99.9% of the time. The fact that you are running Mac only helps reduce the risks.

    If disconnecting yourself from the internet makes you feel safer, by all means.. go for it. But just realize that there is no full proof way to truly protect that data even when disconnected…. your best solution is always to have a multi-tiered backup solution that is redundant among multiple locations.

  21. @Chris I am pretty sure my comments above make it clear that I already know there is no foolproof situation.

  22. You should turn it off too, that’s the most secure computer and if you remove the HDs the better! :)

    I understand, I have thought about that too (back in my Windows days), there is something that worries me a little, Drobo (or similar) is great for backup but we should really have a different option for *archival* purposes, with a good and strict methodology for updating the data through time.

    For example, I could have the best replication mechanism inside a disconnected box, everything encrypted with NSA algorithms and that would be of no use for me if my box is stolen.

    I guess if someone reaches the point of having at least one computer disconnected he/she is smart enough to have off-site copies with a good update methodology.

    I am a little pessimistic about the future and I don’t think our data will be safer in the future and the only thing to save it is multiple copies in multiple locations (not all in the same highly tectonic geographic location :) )

    Some quotes I have saved :) :

    “The issue is not whether you are paranoid, the issue is whether you are paranoid enough.” – Max, Strange Days

    Freedom is just a hallucination created by a pathological lack of paranoia

    “Paranoia is just another word for longevity.” – Laurell K. Hamilton, The Laughing Corpse

    When everyone is out to get you, paranoia is only good thinking.

    No matter how paranoid I get, it’s never enough to keep up.

  23. @Scott, my point was less about there not being a foolproof solution and more about the fact that you might be worrying about the wrong thing. It is much more likely that your data loss will be caused by hardware dying or software corruption than any malicious attacker. Thus it may make you feel safer to go that route, but ultimately it won’t really solve the larger and more likely problems your data might face.

    If I were you, I would focus on proliferation of the data you need to protect rather than disconnecting yourself from the outside world. Work on it locally on a drobo but also store it on Amazon’s S3 data vault. Duplicate the data to another Drobo at your office. Archive to HDD arrays and store them in a vault somewhere. It is a pain to duplicate the data to so many locations but it will be significantly safer and better protected than any machine that has been disconnected from the internet.

    Just my humble 2 cents.

  24. Sadly you still need to connect to update your system. This being said thou worng behind a firewall / router and having SAFE internet practices really do limit your exposure.

    For the above to truly work you would never connect again and never again connect an external drive etc to this computer….. we know that is basically impossible with photography – the sad partabout this is the fact that as CF and mobile storage becomes more used (as in eventually everyone will have one) and with the now web enable photo hardware… there will be exploits that take advantage of this….and not connecting your computer will be meaningless..as the haker will infect it for you…

    Now if this was a dedicated offline machine (very common) you still need and will want the latest updates that wil only be able to be done offine with installer packs. Seems to me being off the net these days might be more of a pain than its actually worth….

    Practing safe internet usage might be a much easier solution…

  25. @Brent I actually didn’t make this clear enough. I am working on what I call a production machine. It doesn’t ever have to be updated as long as my software path stays the same and can utilize my existing OS. Most updates are security related and if there’s no online activity – there’s no worries there for me.

    I agree it’s a pain – but then again, I have 440,000 images to protect. For me it’s worth the pain given the alternative is pain I can’t even imagine.

  26. Hey Scott – I know where you’re coming from on this & I’ve considered the same thing. Haven’t done it yet, but have thought about it. I’ll probably think about it some more now. I’m ultra careful about backups – a) weekly full back up locally, b) monthly full backup moved offsite & rotated & c) quarterly full backup to DVD stored at a second offsite location, all in addition to daily incremental backups – but, as you point out, there are issues beyond backup issues.

    If it’s any comfort, the guy I know who is more of an expert on computer security than anyone I’ve ever met (former hacker, founder of a security consulting firm & current consultant to highly paranoid companies/govt agencies), practices an even more extreme form of data isolation than you.

  27. @Chris I will be posting about backup next week.

  28. I agree with Chris, multiple copies in different media in different locations is the *real thing* for securing data, for the case of securing on going research and writing having constant backups in external media is an obvious thing to do.

    This got me thinking about the photographs, why is now different than the old days with paper and thieves breaking in houses/offices? I guess the real option back then was the same, having copies in different places.

    Anyway, at the end this is a personal decision, if you have multiple copies in many locations and this change gives you peace of mind (as many other things in life that we do and makes people happy) then just be happy and keep shooting.

  29. BTW, interesting picture for this post

  30. @Andres once again this is about Internet Security – not backups. A backup of a file corrupted by a virus is worthless.

    I won’t moderate through any more comments on backup since I’ve made the point clear that’s off topic and something we’ll include in next week’s discussion. Feel free to chime in then.

  31. Don’t Macs allow you to multi-boot OSX?

    I run three OS’s on two different drives in my machine and multi-boot into them for similar reasons…security and dedicated confiurations for optimal performance.
    I run a studio DAW on my first partition, my main digital imaging workstation on the second primary partition, and the third partition is my internet and web app partition.
    Because I use a third party boot loader, the other partitions are not visible to the active operating system. I also use a third party firewall that lets me have vastly extended control over my network traffic than the XP firewall, and I also always employed ‘safe computing’ practises in regard to anything relating to the net – I never use IE, I clear my caches even as I browse, I am cautious about how I manage all incoming mail on Thunderbird (even checking source on occasional mails before I open them), and I kill any suspicious activity I see on my web partition.
    The final stage of defense is having my internet installation Ghosted. If I have any sense that I may have picked up something, (or if the OS is just starting to get old and flaky), I pop in the boot CD, run Norton Ghost, and in under 10 minutes I have a clean fresh XP with apps already installed and configured. I just update my saved bookmarks, e-mails and any windows patches, and I’m off an running again. :-)

    I must be doing something right…in 20 years I only got infected once on W98…even then, I suffered no data loss.

    For me, multi-booting was always a far easier solution than running a separate web-dedicated machine…I would think the same for multi-booting OSX.

    Another option is to run XP (as your web OS) in Vmware or Parallels. Running the OS in a virtual machine can provide excellent security and infection isolation. Steve Gibson’s done a few good podcasts on how this works. I’d give it a go. ;-)

  32. I think this is a very prudent decision Scott. As a security professional I am often asked by individuals how to secure their home or small business computer and I tell them to disconnect it from the Internet…especially if they are running Windows. Current research indicates that over 80% of home computers and 30% of corporate PC’s are infected by malware. Anti-malware software is only 30% to 40% effective at detecting malware.

    Your plan is very sound and I would recommend anyone else with assets to protect and the resources to do so follow your example.

  33. @Scott, I do wonder if it’s worth it to have a fresh machine that’s never been on the net and never will.

    It’s possible, though less likely on OS X, that there’s stuff on your system now just waiting for a trigger date. You’ll never know since it was once connected.

    @Quin, you’re not fully protected. There are boot-sector viruses. There are holes in third=party software. If the machine is physically connected, it’s susceptible. Apparently there might even be a physical hardware flaw in your CPU, the world will know in a few months.

    The only way to 100% prevent pregnancy is to abstain… same rules here. I know, I know, it’s much more fun to not abstain- but there are risks.

  34. Point taken, all the distributed backups of the world are worthless if some malware wrote random bits over it, I see the difference.

    The way I understand it then, is using one computer as the point of contact to the data and take all the possible steps to make it secure, whatever it takes. I agree, that one of those steps is an isolated one, which means not even connecting a cellphone for example.

    Regarding the updates of the OS and other applications, if the version used at the starting point is stable enough and the data could be read in the future with other computers there is really no need for updates, I could be writing files with a 15 years old OS and reading them with our current versions, problems will rise, like new hardware but the solution will be new version of an OS installed from manufacturer’s discs.

    It really needs discipline, never using the memory cards from the camera in other computers, only with the secured one, and basically restricting the incoming data to only the camera and if data is needed for output like the books, only in new media (dvds, blu-ray discs) and never use it again in the fortified computer.

    When buying new cards, first checking them with an antivirus hoping that are not infected (even new ones can be infected) with an unknown type of malware and still there is the problem about updating the antivirus. Damn it, it really is a difficult scenario but one that is needed for some people.

    Still, it is somehow an attractive option, having a Fort Knox computer that I know it is as secured as possible without that little voice inside my head telling me that maybe there is something hidden inside my Mac overwriting random bits of my data :).

    Thanks for sharing such a drastic move and I will really like to hear about how this is going for you in a few months and a year.

  35. @Andres you do raise some good points. I started by doing a sector write over on my iMac. Then I reinstalled from the CD OSX Leopard. Then I installed Aperture from the CD. I used a hard line to connect to the Internet through a firewall to install only the necessary updates to OSX and Aperture to run Aperture and then went offline. I am in the process of using a military grade virus program as we speak to make sure it’s all clean and then I am locking it down.

    I don’t share data cards – and I am only interested in securing my existing library – my new library will work more traditionally – then I’ll clean it and add it to the old only when I am certain it’s good to go.

    As I said – there is nothing foolproof – but compared to the norm of just downloading everything you see onto the same computer that accesses your photo library, it’s 100000% better than nothing.

  36. Though I think this is a bit extreme, I don’t keep anything nearly that valuable on my machines. So my perspective is different.

    I have thought about doing the same thing, however, in order to remove the internet distraction while I am working. Not sure you have the same temptations, but if you do, I bet a good side effect is that you will be more focused and get stuff done much more efficiently.

    One other challenge to consider is moving regular files between the systems. You may not have much need to do this but if you do, sanitzing jump drives and making CDs are going to get a bit tedious I would guess. I’m talking about uploading stuff to flickr and other such things you do that add an online component to a mostly offline process.

    Good luck with keeping up with it; I’ll be interested to know if you change back at some point or you are able to stick with it. I know I couldn’t.

  37. I hope I could someday have the same ‘problem’ :)

  38. I can understand where you are coming from Scott. I don’t have near the content you do though. I backup. I’m safe on the internet. I’m the windows user. I have chosen to live my computer life in caution rather than fear.

    This is as good of a reason as any to switch to Vista if your a Windows user. Obviously its going to be more secure (than XP) regardless of what the peanut gallery yells. Most people haven’t even tried it before making their assumptions. If your buying a new PC, get Vista. Nothing against Mac users, I’m just speaking to fellow PC users.

    I pray I don’t have to compute this way that you are Scott, but I’m sure it could come to pass. Loosing 400,000+ would kill me.

  39. @Joe Rodricks

    Yeah, I never suggested I attained invulnerability. As you say, not connecting is the closest you’ll get. (Assuming you don’t import viri on a jumpdrive or disk…)

    Anywhoo, I’m fine since the Church of Microsoft sanctions OS abortions. :D

    I also have boot disk utilities that let me inspect and edit my MBR if need be.
    But, even as Steve Gibson says, the best defense is intelligent user habits.
    Since I’m a geek who works in on-site comp service (among other things), I can fly without a ‘parachute’, and haven’t used AV or anti-spyware since W98.
    Like I said, I must be some things right, as I don’t get spam, I don’t suffer data loss or infection corruption, and I don’t see unauthorized traffic on my ports.
    If I ever suspect infection from anything, it’s history in 10 minutes.

  40. Scott,
    Great food for thought and great ideas. I really like the laptop/second computer idea for web access. I have been Macproud a long time too but, as you said, our time is coming.
    I would also caution anyone about using anything made by Skynet/Cyberdyne. ;-))

  41. @Scott what do you mean by military grade virus protection? Or am I taking you to literally.

    While many people may argue with this there is nothing wrong with it. Everyone has that one friend who has no idea what security is and if given access to a pc will end up putting something on it inadvertently no matter how good the security. I have had to do too many complete reinstalls of peoples machines to just trust security software. Also I do share Scott’s concerns about security given that there are now attacks directly against routers, altering the DNS directories. Also people working on hardware exploits, it is scary. Just because I am paranoid it doesn’t mean that their not out to get me.

  42. What exactly is military grade anti-virus?

  43. Storage in all it’s various forms seems to be uppermost in the minds of many digital content creators with no clear consensus of what to do. There is a big difference between static content that isn’t going to change and the more fluid stuff that flows through the browsers each day. The decision to pull a large archive offline doesn’t seem that strange. The problem if I understand it correctly is what sort of bug might migrate through the OS to corrupt the files. Pulling a fresh copy from a DVD would be a simple way of dealing with prints or to do some post processing.

    Some pro photographers have assistants who are in large part librarians who must sort all of this out and then there’s the big online repositories of images; how are they handling all of this. This sounds like a topic for a future episode of TWIP. It would be interesting to hear what various individuals and agencies are doing to tackle this mounting problem.

    The concern is real Scott and you are making all of us think about the future of our gigabytes of data. Still trying to get a handle on how to keep all this stuff safe and secure and have to say I am not there yet. Thanks for bringing it up.

  44. The only way to secure a network is to install a one inch air gap.

    Given the resources of a large multinational corporation when working on items that are secret that is what we do. If you want on the internet you leave the locked room and get to the internet. No memory sticks, phones, camera’s go in. No CD’s or other data storage devices comes out of the locked room. Pretty much the same things the Federal Government does to secure thing. Lots of other rules to, I’m glad I don’t work in one of those rooms. And we do have access to the best network firewalls and such but we still use completely disconnected networks.

    Not sure if you are going to have a network that has the one inch air gap installed on it or if you are just going to have a single machine.

    Some additional precautions if it is a single machine pull the network card out if you can and pull the blue tooth out of it. Blue Tooth could be another remote vector for infection. All it takes is a vulnerability and someone could have access to an otherwise detached device. At this level of protection do we want to trust that the software switch really has it turned off?

    And to reiterate it is just not the memory cards any device could have malware on it. Like say an iPhone especially since it has three connectivity options. GPS data loggers could be a problem they could come from the factory with malware, it has happened on other devices.

    You know that is a consideration as devices become more complex and built by the lowest bidders camera’s could even come with malware hidden in their little computers.

    The x-files approach to security
    They really are out there
    And they really want to get you.
    Deny everything.
    Trust no one.

  45. This is a really good solution for running a business computer. At the rate that exploits are being discovered, sold on the black market, and used these days, things are getting rather scary. It’s far better to be off the grid rather than risk getting hit with the latest zero-day exploit.

    Viruses and worms aside, the current trend of DNS poisoning is rather disturbing since it could allow for all kinds of attacks (even if you are patched and firewalled).

    Home users have different priorities, so this would be less practical for them. However, from a business perspective, it makes sense to keep work and play separate. Paraphrasing Steve Gibson, just because work computers run the same software as home ones, doesn’t mean you should treat them the same.

    The biggest gotcha would have to be getting updates and patches since malliciously crafted files may sneak onto your system (and antivirus seems to be rather lacking at detecting these). You’ll probably want to take the drobo offline before doing any such updates.

  46. As someone who has experience in the world of network security I fully understand where you are coming from. There is an old joke in the security world; The most secure computer is the one that is not connected to the internet and all of it’s ports are filled. Pretty much means that as long as you can access any ports on the device it can be attacked in some form or another.

    There are however some ways to protect yourself even further from rouge attacks. The primary is to disable auto running of any program when media is inserted. There are quite a few virii that spread when media is inserted into a computer. Let’s say when a CD is put in the drive the computer automatically plays is; A virus can automatically be ran without your knowledge. By disabling this technology you may save yourself an infection.

    Even though it has been stated this is not about backups, I just want to mention one little thing about secure backups. Find a program that will alert you when a file changes on your local drive or on the backup medium. Don’t allow the program to auto-overwrite old files without alerting you first. This should save your files if something does get corrupted.

    Once again, I just wanted to state that having a computer not connected to the internet is about the best thing you can do to protect it from being attacked. Even if it is impractical for most (99.9%) of the users out there.

  47. Scott, I think you are right on to be worried and I think more people and businesses should be doing something like this. I was a half step ahead of you in that after a hard drive crash last year on my main computer and weeks of pulling together old backups I vowed never to have that happen again. So now all my Pictures and home videos reside on a iMac that I bought for the single purpose of being a media storage center. It is connected to the internet is not used for web surfing or email. Which I consider to be the two most dangerous things to do online. The iMac backs up every night Via Time Machine to a Drobo for on site backup and Mozy for off site backup, with a Bi-weekly Super Duper on a portable drive thrown in there for good measure. So at any time I have my data in 4 places.

    I think this is sufficient and with no one doing anything else on the machine (my wife and I have our laptops for surfing and email), I think I am safe!?!?! (Key word “Think”) The machine is behind a firewall has all the remote control features turned off. Being a mac user I was more worried about something physically happening to the computer – Crash, Fire, stolen, ect.

  48. @Scott if you’re going to address backups next week could you give some sort of opinion on Drobo versus a PC with Windows Home Server?

  49. I’m curious as to the backup solutions that will be discussed in the next episode. I honestly think that is a bigger concern than tampered data due to an intrusion over the Internet. I say this as an IT consultant based out of Vancouver, BC that deals with this stuff every day.

    I’ll be looking forward to the backups discussion and I’ll chime in where I can with my recommendations.

  50. Scott,

    IMHO, you’ve made a good decision on how to protect your assets. You’ve thought through the issues and have a plan that works for you. In the end that is what its about.

    I might have missed it but what is you disaster recovery plan. EX: what if you studio/home were to be distroyed. Do you have an offsite backup? I have an Architectural practice where our files are everything and have a backup procedures and archives that “minimize” the loss of information.

  51. Wow. Very extreme, but I can’t say that I blame you. With your 440,000 pictures now I feel kinda punny with my 10,900…

  52. Scott,

    I understand your fear and appreciate your candor but it is possible to be safely connected to the Internet. Large and small companies do it every single day and so can you from your home. I’d be willing to bet that I’ve been online just as long as you (if you don’t believe me, send me an email and I’ll prove it) and have run a major data center for a Fortune 100 company. The technology exists today to protect your entire home network from everyone except the NSA and it’s not that much money. A good Cisco hardware firewall is less than the cost of a Canon L Series lens. But like freedom, the cost of Internet safety is eternal vigilance. You have to keep your systems patched. You have to back up every single computer, external hard drive, Apple TV and Time Capsule. And you have to learn to use your firewall to see if anyone is attempting to penetrate your network.

    In the end it does take a lot of work. However, living well in the 21st century means taking advantage of the technology we have and using that technology wisely. I can’t imagine going back to my old F-1, manually focusing every shot and spending hour after hour in the darkroom. And I certainly can’t imagine not being connected to the Internet from my home.

    But that’s just one old farts opinion. Take it or leave it.

    PS: You’re doing a great job on your blog and podcasts and I really appreciate all the hard work and time you put in every day!

    Best regards,

    Jeff Lynch
    Sugar Land, TX

  53. Hi Scott,
    Maybe you should talk to you buddy, Leo Laporte. I think he can suggest a few things. I would suggest you put in a wired router between the main machine with the drobo and the rest of your network. Disable UPNP on the router and change the admin password. Turn on NAT with a fix DNS and only use the net it to do updates for the OS and other programs because they are always plugging security holes and it is good to plug them asap and you can get them fast. By having a router, isolates you from the other machines. I am no security expert nor claim to be one. I do this on my main machine, Never surf the net with it. I also run a personal firewall that tells me what program is trying to phone home or trying to access the internet without my knowledge, so I can decide if it can do this or not. Just something to think about.

  54. I can see having a work/processing computer that you do all you money making processes on that never sees the internet…….Not only would it be good for security reasons, you don’t have that pesty internet to lure you away from work to check your Twitter account lol.

    A friend of mine runs a studio in Hamilton, Ontario…..The whole network is disconnected from the net, just a bunch of computers going to a NAS so everyone has access to the same files. He then has a wireless router sitting in the corner which he uses with his MacBook to surf the web or upload client photos……There is no reason for work computers (in his case) to be connected to the internet and now that jump drives and external HDDs are so cheap, transferring files is as simple as popping a key out of one computer and sticking it in another computer.

  55. Given your assets, I don’t think it’s entirely crazy, but it is perhaps a little over the top. As mentioned, there are many ways to securely remain network-attached and protect your IP – businesses do it every day.

    The ‘disconnection’ method is fairly fool-proof though, so long as you’re careful. Personally, I’d be using a setup somewhat the reverse of yours if I wanted to take that path. That is, I’d have the low-cost disconnected PC connected to my data storage, and it’s only function would be to move data in and out of that storage. Everything else is done on your main (connected) PC.

    If you’re really paranoid, when moving data to/from storage, disconnect your drobo etc before you connect your removable media, and virus scan the removable media.

    The main advantage of doing it this way is that you won’t cripple yourself in terms of functionality because you’ll be able to updated your software etc on your ‘working’ PC. The low-spec PC does one very simple job, and won’t need upgrades, patches or anything else.

    Just IMHO (as yet another IT professional)


  56. Scott, it’s a bit extreme, but there’s no doubt that you will be safe (or rather you will be as safe as your drobo is). I’m careful what I put online, but even I have my “stuff” connected to the internet inside my home wi-fi. Am I truly safe? Not necessarily (nothing is a 100%), and my data is not my retirement fund. By the way, turn your laptop Mac’s stealth mode on and turn up the firewall when you’re out and about…

    Oh, and the danger isn’t from terrorism – it’s about organized crime.

  57. You have to pick a level of acceptable risk that you are comfortable with, and act accordingly. Scott’s level of acceptable risk is obviously low, and he acts accordingly. There is no “right” or “wrong” level.

    I don’t want to loose my pictures either, but I have several copies of all pictures on several machines. Everything is “flowing” one way, to ensure that I don’t get nasty stuff into my folders, files or disks. Also, I use Ubuntu – the worlds safest and most reliable OS.

  58. Scott, I think you are NOT overreacting. Backing up and securing all important data is critical. The web, as you know, is a great thing, but it’s also poses a danger to our systems. So, I say do what you have to do. It sounds like very good advice to me.

  59. […] to it. My main crime here is that I want you to be careful and I want to help save you from a pohttp://twipphoto.com/index.php/archives/560 Pink MSI Wind 10&quot Mini LaptopEnjoy ultimate computing mobility with the lightweight yet […]

  60. I can understand your worries. But, as some who has had to use a PC for most of his life I’d have to say that the only problems that I’ve had were the ones I caused myself. As long as you keep an good Anti Virus up to date and watch what you click on and have FireFox I think your pretty safe. Then again, I don’t have Terabytes worth of data either.

  61. I think it’s a little overkill. But, if it makes you feel more secure without crippling your workflow, then who can complain. The thing I’m more worried about is offsite backups, which I currently don’t do, but am working on. Currently, I’m not very well protected against fire, theft, etc. Are you?

  62. Good idea. Maybe just a little over the top, but you sure got stuff to lose. I strongly recommend disabling autorun features, I was bitten by it. Plenty of virii spread via usb drives, but disabling autorun will block them. Copying some stuff on a drobo and putting it away to a bank safe might be a god idea too

  63. I’ve been an information and network security guy for 12 years now and I think you are doing a reasonable thing.

    As far as network security goes, an air gap between a system and the Internet is the most secure configuration. No Internet, no network threat, no problem. Just make sure you are not using an unsecured wireless access point/router to support your private network.

    I’ve seen in the comments some people think a separate, isolated machine is overkill. In your situation, I don’t think that is the case. How much money will all your intellectual property generate for you over your lifetime? How much of that money could you lose if your production system failed due to an infection? Compare the cost of such a loss with the cost of a dedicated workstation. I suspect strongly that the cost of a separate production workstation is a small fraction of your total intellectual property earning potential. You obviously did the math and made the right decision.

    However, the math doesn’t work out the same way for everyone. Someone just storing family snap shots and a couple random Word documents can’t justify the cost of a separate production network.

    Other comments talk about back up strategies and that is a valid consideration too. Again, the amount of effort you put into a backup strategy should reflect the value of the data you are trying to protect. Don’t spend $5000 to back up $10 worth of photos.

    I could go on for quite some time on this subject, but I’ll spare you all. If you ever want to discuss information and network security as it relates to photography, drop me a line.

Comments are closed.


Technique & Tutorials