Forget The Economy, Security Vendor Says Cybercrime Is The Real Threat
from the that's-not-my-job-man dept
You might have noticed that the economy is in the tank. Something about this “credit crunch” and “recession” and whatnot. But the amount of attention governments around the world are paying to these issues is giving cybercrime a foothold, according to a new study from a — yep, you guessed it — security vendor. This is the same vendor that’s been saying the government needs to create new laws to combat cybercrime for at least a year. While their consistency is notable, their implication that the government is in the best position to fight cybercrime seems misguided. The best solutions remain technical and market-based in nature, while the usual mess governments make out of this sort of thing are hardly a ringing endorsement of their abilities to solve technological problems. All this makes you wonder if maybe the vendors see some way for themselves to gain from cybercrime legislation. Surely that’s not right…
Filed Under: cybercrime, threats
Comments on “Forget The Economy, Security Vendor Says Cybercrime Is The Real Threat”
I don’t know about you, but the economy being in the crapper hasn’t affected me. I have nothing in the stock market, it is all buried in the yard, so I’ve lost nothing.
Gas prices are dropping faster than a hookers bloomers and things are looking up!
and I’m sure they have an expensive product that will succeed where others have failed.
The “problem” is not the focus on the economy. The problem is that signature based anti-virus software is no longer effective in stopping attacks (application control or white listing is the way to go). Of course you can’t expect an AV vendor that makes a good chuck of $$$ from selling AV signature subscriptions to tell us that. The problem ***HAS*** to be somewhere else. 😉
RE:Cybercrime Is The Real Threat
Sadly, the typical user wants no part of educating themselves about online safety. They are poorer now, cant go out to party and theres nothing on TV to watch.
So they surf, and eventually get infected and maybe even end up losing their personal data and having it used to empty what little they have in their bank account.
The problem is the bad guys
Not the good guys. I’m a loyal reader of TechDirt and I participate in the discussions, but I am also frequently surprised at the amount of security vendor bashing.
Re: Carlo – who else is funding research in to cybersecurity problems? Of course the reports come from people with a product to sell, but the alternative is fewer research projects and less end-user education. Lighten up.
Re: Chris – sigs (AV, IDS, FW, etc.) have worked (to some degree) for 20 years. Don’t assume that it is all a conspiracy. Can *you* can come up with something better?
Re: The problem is the bad guys
In response to your response to Carlo, it’s being widely done in computer science departments of universities around the world.
In response to your response to Chris — you’re right that signature based detection will continue to be something that will help in the future the reality is that it doesn’t work at all for things like rootkits or botnets.
And one of the reasons that security vendors, McAfee always in the lead, are frequently releasing chicken little “the sky is falling” press releases which are duly taken up as evidence that something is actually going on by the computer press bloggers who, as it turns out, work for security vendors! (ZDNet being among the prize offenders of that sort of conflict of interest.)
Add to this that McAfee’s client software is slow, buggy and can’t even keep up with ClamAV, an open source project who are much better at identifying new threats than either Sophos or McAfee, as far as releasing up to date signature packages is concerned.
As far as on line security is concerned it’s going to take more than an AV package or a weak firewall(hello, Microsoft!) to protect you. It needs a proxy married to a good firewall that works both in and outbound, software like tripwire and montoring of servers and the OS kernel.
As for phishing and other attacks require user intervention we’re back to educating users again about these things.
I’m not talking about blaming the victims I’m saying they need to be armed with information to identify the attacks and deal with them.
As for government intervention in technology to make us “safer” I feel far more confident without that and far better able to respond that bureaucrats.
The other question is “why do open source projects do a far better job of security than commercial ones do”?
Oh, as the sooner security vendors stop running around screaming to high heaven that the sky is falling and actually develop and deliver decent product I’ll stop being cynical about them and their allies (employees, mostly, it seems, in the computer “press” on and off line).