hype-free

A blog which tries to demystify computer security, point out the half-truths and misinformation which floats around about this subject and hopefully reduce the hype created by semi-informed people. It also has some useful tips from time to time.

Friday, February 13, 2009

Start offering solutions

Some time ago I’ve read two blogposts from security vendors: The Oldest Un-Patched Microsoft Vulnerability from the ESET blog (makers of NOD32) and Consumers deserve less intrusive products from the McAfee Security Insights blog. Both of them were complaining:

On the ESET blog Randy Abrams was complaining that autorun is a vulnerability. I would ask him this: what is wrong with trying to make computers easier to use? Having autorun on all the disks might be considered problematic (although it probably is only the result of an engineering over-generalization), but the concept in itself is very valid. Taking the feature away (and possibly replacing it with a prompt “are you sure you want to run program X?”) does nothing in the way of security, it just serves as a scapegoat to blame the user, who “should have known better”.
On the McAfee blog Madhurima Pawar (luckily I don’t have to pronounce that name :-)) complains that security products display too many prompts. While some of the examples mentioned are valid, but the age old wisdom is: security or convenience – pick one (BTW, my comment saying exactly this got mysteriously moderated away).

Picture taken from kaibara87's photostream with permission.

0 comments:

Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.

Using the embedded comment form requires JavaScript to be turned on for the blogger.com domain. However, you can still comment using the traditional method.

Subscribe to: Post Comments (Atom)