Do you have to trust your security software?

Here at iGuRu.gr we often mention that there is no security on the internet and of course there are many who agree. Companies spend billions of dollars every year to buy up-to-date security products, but cyber attacks and data breaches do not stop. Recently, "reliable security tools" were discovered that contained vulnerabilities!

Recently, Project of αποκάλυψε ένα σωρό τρωτά σημεία κρίσιμης σημασίας σε δύο προϊόντα ασφάλειας που χρησιμοποιούν δωδεκάδες επιχειρήσει και καταναλωτές από τη Symantec και το εμπορικό της σήμα .

The vulnerabilities allowed hackers to gain complete control over computers running the applications with the shipment emails that serve malicious self-replicating code on networks, even if those messages are never opened and no one clicks on the links they contain, according to the researcher Tavis Ormandy of Google's Project Zero.security key

Ο Ormandy has previously discovered security holes in high security business security products such as: Kaspersky, FireEye, ESET, Comodo, McAfee, and Trend Micro.

As you can see from above, we have reached a time when it is impossible to trust products that are supposed to keep our data safe. The security industry that has been set up seems to be facing serious problems with omissions that endanger its customers.

The suppliers of course to date do not seem to be held accountable, although they should be held accountable for the που ανακαλύφθηκαν στα προϊόντα τους και θέτουν τους πελάτες τους σε κίνδυνο. Είναι διαφορετικό αν τα προϊόντα που πωλούν δεν αναγνωρίζουν κάποια απειλή και εντελώς άλλο όταν τα προϊόντα που διαθέτουν στην αγορά παρέχουν “παράθυρο” πρόσβασης στους επιτιθέμενους.

Mr. Ormandy rightly states that security software should benefit from techniques such as the test environment () that can help control the activities of malicious code. And they should all have a specific development lifecycle with security best practices, such as those pioneered by Microsoft and Cigital. Vendors should also look for vulnerabilities in their product design that can be used by attackers to exploit legitimate features or functions to compromise systems. Suppliers should prioritize security in their products and there should be no excuse for not doing so.

But when vulnerabilities are found, the patch does not last long. Spam in the media keeps little, and some lawsuits or law changes should be made to make things better.

After all the above: How can you protect yourself? You should probably minimize your exposure online by better adapting your mindset. So it is rather a question of having realistic expectations.

Do not assume that the security products are safe

Companies should implement security policies on all security tools they use. This means that they should require vendors to provide automated repairs, in-depth examination of their infrastructures and pen-testing on all security products.

Assume your network will be compromised

Even when your security products work as they advertise, it does not mean they're taking all the threats. The online community and companies should be prepared for the possibility of a violation (which is more and more a reality).

Traditional products που ελέγχουν συστήματα με τον προσδιορισμό συγκεκριμένων υπογραφών κακόβουλου λογισμικού, όταν αλλάζουν οι υπογραφές, (κάτι που συμβαίνει συνεχώς), τα malware δεν αναγνωρίζονται.

Responsibility

The security industry has a responsibility when it promises security, to be sure that the security products being sold not only work as they should, but also do not put the end user at risk by opening wide to hackers.

And the utopia

Security vendors should act as standards for the entire technology industry by developing secure software to restore customer loyalty.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).