Here at iGuRu.gr we often mention that better safety on the internet it does not exist and of course there are many who agree. Companies spend billions of dollars every year to purchase updated security products and yet cyber attacks and data breaches do not stop. Recently, even "trusted security tools" were discovered that contained vulnerabilities!
Recently, Google's Project Zero has revealed a bunch of critical vulnerabilities in two security products using dozens of businesses and consumers from Symantec and its Norton brand.
The vulnerabilities allowed hackers to gain complete control over computers using the applications by sending email messages post officeυ που σερβίρουν malicious αυτοαναπαραγόμενο κώδικα σε δίκτυα, ακόμη και αν αυτά τα μηνύματα δεν ανοιχτούν ποτέ και κανείς δεν πατήσει τις συνδέσεις που περιέχουν, σύμφωνα με τον ερευνητή Tavis Ormandy of Google's Project Zero.
Ο Ormandy has previously discovered security holes in high security business security products such as: Kaspersky, FireEye, ESET, Comodo, McAfee, and Trend Micro.
As you can tell from the above, we have reached an age where it is impossible to trust products that are supposed to keep our data safe. The security industry that has been set up seems to be taking it seriously problems with omissions that endanger its customers.
Of course, suppliers to date do not seem to be accountable, although they should be held accountable for the security vulnerabilities found in their products that put their customers at risk. It is a different problem if the products they sell do not recognize a threat and completely different when the products they sell in the market provide a "window" of access to the attackers.
Mr Ormandy rightly states that security software should benefit from techniques such as sandboxing that can help control malicious code activities. And everyone should have a specific development life cycle with best-of-breed security practices such as those launched by Microsoft and Cigital. Suppliers should also look for vulnerabilities in the design of their products that can be used by attackers to exploit legitimate features or functions to compromise systems. Suppliers should prioritize security in their products and there should be no justification when they do not.
But when vulnerabilities are found, the patch does not last long. Spam in the media keeps little, and some lawsuits or law changes should be made to make things better.
After all the above: How can you protect yourself? You should probably minimize your exposure online by better adapting your mindset. So it is rather a question of having realistic expectations.
Do not assume that the security products are safe
Companies should implement security policies on all security tools they use. This means that they should require vendors to provide automated repairs, in-depth examination of their infrastructures and pen-testing on all security products.
Assume your network will be compromised
Even when the security products that usesthey work as advertised, that doesn't mean they catch all threats. The online community and companies should prepare for the possibility of a breach (which is increasingly a reality).
Traditional antivirus products that control systems by identifying specific malware signatures when signatures change (something that happens constantly), malware is not recognized.
Responsibility
The security industry is responsible for promising security, to make sure that the sold security products not only work as they should but also do not endanger the end user by sparing backdoors to the hackers.
And the utopia
Security vendors should act as standards for the entire technology industry by developing secure software to restore customer loyalty.