«

On Mon, 20 Jun 2005 17:25:30 +1200, Lawrence D¹Oliveiro wrote:


>
> Why exactly do you say that? The basic fact is that these security
> companies are increasingly running into flaws in their own products, is
> it not?
>
>> Hell, she even lists hardware appliances as
>>"Computer-security programs".
>
> Those boxes are in fact computers running programs, are they not?
>
>>She exhibits a lack of understanding of how
>>these products work and what exactly these "flaws" are.
>
> It is enough to know that those flaws threaten security, is it not?


Another ***** LAME ***** troll from a COLA fruitcake ...

Interesting BusinessWeek article
<http://www.businessweek.com/technolo...0050617_1613_t
c024.htm> suggesting that relying on additional "security" software to
plug holes in an insecure underlying operating system is simply making
the problem worse instead of solving it.

Here's a table of flaws found in security software:
<http://www.businessweek.com/technology/tech_stats/flaws050616.htm>.

"Lawrence D¹Oliveiro" <_zealand> wrote in message
news:ldo-...
> Interesting BusinessWeek article
> <http://www.businessweek.com/technolo...0050617_1613_t
> c024.htm> suggesting that relying on additional "security" software to
> plug holes in an insecure underlying operating system is simply making
> the problem worse instead of solving it.
>
> Here's a table of flaws found in security software:
> <http://www.businessweek.com/technology/tech_stats/flaws050616.htm>.

Pretty uninformed article, looks like another uneducated reporter looking
for a story when there is none. In fact I'd go as far to say its misleading
and bad advice. Hell, she even lists hardware appliances as
"Computer-security programs". She exhibits a lack of understanding of how
these products work and what exactly these "flaws" are. Still, might be a
fun bit of gossip for the uneducated masses out there

In article <42b64814$0$91618$>,
"Mark" <> wrote:

>"Lawrence D¹Oliveiro" <_zealand> wrote in message
>news:ldo-...
>> Interesting BusinessWeek article
>> <http://www.businessweek.com/technolo...0050617_1613_t
>> c024.htm> suggesting that relying on additional "security" software to
>> plug holes in an insecure underlying operating system is simply making
>> the problem worse instead of solving it.
>>
>> Here's a table of flaws found in security software:
>> <http://www.businessweek.com/technology/tech_stats/flaws050616.htm>.
>
>Pretty uninformed article, looks like another uneducated reporter looking
>for a story when there is none. In fact I'd go as far to say its misleading
>and bad advice.

Why exactly do you say that? The basic fact is that these security
companies are increasingly running into flaws in their own products, is
it not?

> Hell, she even lists hardware appliances as
>"Computer-security programs".

Those boxes are in fact computers running programs, are they not?

>She exhibits a lack of understanding of how
>these products work and what exactly these "flaws" are.

It is enough to know that those flaws threaten security, is it not?

Lawrence D¹Oliveiro wrote:
> Interesting BusinessWeek article
> <http://www.businessweek.com/technolo...0050617_1613_t
> c024.htm> suggesting that relying on additional "security" software to
> plug holes in an insecure underlying operating system is simply making
> the problem worse instead of solving it.
>
> Here's a table of flaws found in security software:
> <http://www.businessweek.com/technology/tech_stats/flaws050616.htm>.


But it means salesmen get fed, CEOs feel safe as they can say they did
something and sys admins because they trust the "black box"
software....!!!!!

I remember attending a cisco seminar, they discussed how installing
their "protection" software would stop a known Linux worm (I think it
was BIND actually), once their software had had its virus/worm
signitures updated....so I asked why not guarantee fixing the issue by
patching the problem itself? (as the patch was out in hours) and how
long had it taken to get the signitures out there?.....oi I got a nasty
look......"everyone knows there are linux viruses out there" really I
replied, name one outside of a anti-virus compnies lab, in the
wild.....second nasty look....

There have been some severe critisims over such buy a black box and
forget security strategies.....somehow it always comes back to the sys
admin knowing what he/she is doing and having the time to do it.....

On amore positive note I think there are more and more signs of snake
oil salesmen getting the shove....
regards

Thing

Lawrence D¹Oliveiro wrote:
> In article <42b64814$0$91618$>,
> "Mark" <> wrote:
>
>
>>"Lawrence D¹Oliveiro" <_zealand> wrote in message
>>news:ldo-...
>>
>>>Interesting BusinessWeek article
>>><http://www.businessweek.com/technolo...0050617_1613_t
>>>c024.htm> suggesting that relying on additional "security" software to
>>>plug holes in an insecure underlying operating system is simply making
>>>the problem worse instead of solving it.
>>>
>>>Here's a table of flaws found in security software:
>>><http://www.businessweek.com/technology/tech_stats/flaws050616.htm>.
>>
>>Pretty uninformed article, looks like another uneducated reporter looking
>>for a story when there is none. In fact I'd go as far to say its misleading
>>and bad advice.

I thought it actually high lighted an going problem.

> Why exactly do you say that? The basic fact is that these security
> companies are increasingly running into flaws in their own products, is
> it not?

Yes, rapid development of get it to market cause the margins are high.
The biggest piece of advice I could give anyone looking to prove
security is go for mature products, eg Firewall1 on
Linux/Solaris/Windows and not be a beta tester for some unkown blackbox...

>>Hell, she even lists hardware appliances as
>>"Computer-security programs".
>
>
> Those boxes are in fact computers running programs, are they not?

Yep, many have Linux or BSD though some have embedded XP....

>>She exhibits a lack of understanding of how
>>these products work and what exactly these "flaws" are.
>
>
> It is enough to know that those flaws threaten security, is it not?

Yes IMHO.

regards

Thing

thing <> wrote in news:42b67032$:

> Lawrence D¹Oliveiro wrote:
>> Interesting BusinessWeek article
>> <http://www.businessweek.com/technolo...tc20050617_161
>> 3_t c024.htm> suggesting that relying on additional "security"
>> software to plug holes in an insecure underlying operating system is
>> simply making the problem worse instead of solving it.
>>
>> Here's a table of flaws found in security software:
>> <http://www.businessweek.com/technology/tech_stats/flaws050616.htm>.
>
>
> But it means salesmen get fed, CEOs feel safe as they can say they did
> something and sys admins because they trust the "black box"
> software....!!!!!
>
> I remember attending a cisco seminar, they discussed how installing
> their "protection" software would stop a known Linux worm (I think it
> was BIND actually), once their software had had its virus/worm
> signitures updated....so I asked why not guarantee fixing the issue by
> patching the problem itself? (as the patch was out in hours) and how
> long had it taken to get the signitures out there?.....oi I got a
> nasty look......"everyone knows there are linux viruses out there"
> really I replied, name one outside of a anti-virus compnies lab, in
> the wild.....second nasty look....
>
> There have been some severe critisims over such buy a black box and
> forget security strategies.....somehow it always comes back to the sys
> admin knowing what he/she is doing and having the time to do it.....
>
> On amore positive note I think there are more and more signs of snake
> oil salesmen getting the shove....
> regards
>
> Thing
>

Did you see this?:
It is quite relevant to the topic:
http://news.zdnet.com/2100-1009_22-5749234.html

"Matt Thomlinson, whose job it is to help make Microsoft engineers create
more secure code, noticed that some of the engineers were turning red,
becoming obviously angry at the demo hacking incident. Yet as painful as
the lesson was, he was glad to see the crowd of engineers taking things
personally."

--
Ciao, Dave

Dave Taylor wrote:
> thing <> wrote in news:42b67032$:
>
>
>>Lawrence D¹Oliveiro wrote:
>>
>>>Interesting BusinessWeek article
>>><http://www.businessweek.com/technolo...tc20050617_161
>>>3_t c024.htm> suggesting that relying on additional "security"
>>>software to plug holes in an insecure underlying operating system is
>>>simply making the problem worse instead of solving it.
>>>
>>>Here's a table of flaws found in security software:
>>><http://www.businessweek.com/technology/tech_stats/flaws050616.htm>.
>>
>>
>>But it means salesmen get fed, CEOs feel safe as they can say they did
>>something and sys admins because they trust the "black box"
>>software....!!!!!
>>
>>I remember attending a cisco seminar, they discussed how installing
>>their "protection" software would stop a known Linux worm (I think it
>>was BIND actually), once their software had had its virus/worm
>>signitures updated....so I asked why not guarantee fixing the issue by
>>patching the problem itself? (as the patch was out in hours) and how
>>long had it taken to get the signitures out there?.....oi I got a
>>nasty look......"everyone knows there are linux viruses out there"
>>really I replied, name one outside of a anti-virus compnies lab, in
>>the wild.....second nasty look....
>>
>>There have been some severe critisims over such buy a black box and
>>forget security strategies.....somehow it always comes back to the sys
>>admin knowing what he/she is doing and having the time to do it.....
>>
>>On amore positive note I think there are more and more signs of snake
>>oil salesmen getting the shove....
>>regards
>>
>>Thing
>>
>
>
> Did you see this?:
> It is quite relevant to the topic:
> http://news.zdnet.com/2100-1009_22-5749234.html
>
> "Matt Thomlinson, whose job it is to help make Microsoft engineers create
> more secure code, noticed that some of the engineers were turning red,
> becoming obviously angry at the demo hacking incident. Yet as painful as
> the lesson was, he was glad to see the crowd of engineers taking things
> personally."
>


hmm.....yes well........I hope so too, though its not all the engineers
fault, for to long security took to low a priority at Redmond.

I think that a huge industry has grown up around MS OS's weaknesses, and
now they blow out of proportion anything and everything to sell their
snake oil. MS is getting its act together, I wonder when we will get to
the stage that Symantec and the like wont be able to sell their charms....

regards

Thing

thing <> wrote in news:42b69379$:

>
> hmm.....yes well........I hope so too, though its not all the
> engineers fault, for to long security took to low a priority at
> Redmond.
>
> I think that a huge industry has grown up around MS OS's weaknesses,
> and now they blow out of proportion anything and everything to sell
> their snake oil. MS is getting its act together, I wonder when we will
> get to the stage that Symantec and the like wont be able to sell their
> charms....
>
> regards
>
> Thing
>
>

Well, I think that could be good for consumers. I really should look
more into tripwire and process guard though. Stupid AV and Antispyware
is still signature based...
At least not running as admin has been publicized, perhaps not where it
counts, but the message is getting out there.


--
Ciao, Dave

In article <>,
Porky <> wrote:

>On Mon, 20 Jun 2005 17:25:30 +1200, Lawrence D¹Oliveiro wrote:
>
>> Why exactly do you say that? The basic fact is that these security
>> companies are increasingly running into flaws in their own products, is
>> it not?
>>
>>> Hell, she even lists hardware appliances as
>>>"Computer-security programs".
>>
>> Those boxes are in fact computers running programs, are they not?
>>
>>>She exhibits a lack of understanding of how
>>>these products work and what exactly these "flaws" are.
>>
>> It is enough to know that those flaws threaten security, is it not?
>
>Another ***** LAME ***** troll from a COLA fruitcake ...

Another attempt to lay down a smokescreen of abuse to distract attention
from the real issue at hand.

By the way, up to this point, it has not been a Linux-versus-Dimdows
thread, but if you insist...