Comments on: The French and German governments agree… And they are both wrong.

By: Doug Finley @ Naknan

Doug Finley @ Naknan — Fri, 29 Jan 2010 19:21:48 +0000

Maybe the Europeans should take it one step further. If problems with IE is good cause for banning IE, then we should ban technicians and SysAdmins because they sometimes misconfigure systems, making them vulnerable. And what about users who, no matter how much we train them, still click on sucker links which download malware. If we ban software that has vulnerabilities (that’s almost all software), and techs and SysAdmins, and users, we’d probably have a pretty secure environment.

By: Operation Aurora illustrates greater need for effective preventative endpoint security — CoreTrace WhiteSpace

Thu, 28 Jan 2010 16:25:21 +0000

[...] detection of weaknesses, patching and signatures. We posted a blog on this topic last week titled: “The French and German governments agree… And they are both wrong” that has generated a lot of discussion between security [...]

By: himanshu

himanshu — Thu, 28 Jan 2010 12:05:05 +0000

I am really amazed at people’s way of thinking. If IE is getting attacked they are telling to stop the use of it. Now hackers know that you might using firefox and they will exploit the new browser, then?

And If they believe that by stopping the use of IE they will be safe then they should say such things for PDF Reader also. Stop Adobe PDF Reader and use something else like Foxit etc..

By: David Thomason

David Thomason — Tue, 26 Jan 2010 16:31:12 +0000

While realizing that the referenced articles were referring to the typical home user, my comments regarding APT were not. Having said that, I believe there has to be a shift in the way a typical user thinks about security even their home PC. Antivirus, anti-spam and every other “signature-based” technology has failed and will continue to fail as long as the effort to create malware outpaces it. We didn’t think we needed AV until we viruses became a part of everyday life. Do you really think there won’t be a technology like Application Whitelisting that can change the game and the mindset of the typical user to at least have extreme visibility, particularly when it is as simple as notifying a user when unauthorized code wants to execute? My 64 year-old mother with no technology experience seemed to understand that concept. It’s a change in thinking… but that’s marketing’s job. I hope they can get it done.

By: Paul Moorman

Paul Moorman — Tue, 26 Jan 2010 14:30:55 +0000

So the proposed solution is to get a few billion people on this planet who have no clue what this all means, and simply want to use the Internet, to participate in some manner in an “extreme visibility and intelligence” campaign? We can’t get them to pick strong passwords.

The fact of the matter is no platform will ever be perfectly safe. And it’s a fact that Windows, with its origins in DOS and non-networked PCs, is simply riddled with holes that appear, after 10+ years of trying to fix, to be never-ending. My belief is that platforms conceived in a shared environment will be secure (e.g. MPLS networks) because they are designed that way from the beginning. Conversely, platforms conceived in a non-shared environment will rarely achieve a high level of security as they are retrofitted later on.

Recommending to users to begin using a more secure browser is decent idea. Maybe that changes from time to time. So what. If you found a new anti-virus vendor that would reduce your exposure by 95%, would you dismiss it simply because it doesn’t tackle the core problem. I hope not.

But you’re right that the browser is not the core problem. Neither is Acrobat or whatever the current vulnerable application. Windows is. Since it appears to be impossible to fix, it needs to be replaced. Unfortunately that’s not as easy as changing a browser. But it is the answer, whether we like it or not.