Slashdot Mirror
Symantec to Acquire SecurityFocus
cbv writes "Symantec Corp. today announced the acquisition of SecurityFocus for approximately US$75 million in cash. The press release reads, 'With this acquisition, Symantec will offer customers the most comprehensive, proactive early warning system across the broadest range of threats.' The transaction is expected to close by early to mid-August 2002."
Will we be seeing more minor security issues inflated to cataclysmic proportions just so Symantec can sell a few more virus scanners?
Well, I guess that Symantec doesn't exactly have the best reputation right now... Let's see how that resonates with the community.
tmegapscm
From: aleph1@securityfocus.com [mailto:aleph1@securityfocus.com]
Sent: Wednesday, July 17, 2002 5:28 PM
To: bugtraq@securityfocus.com
Subject: Administrivia: Symantec acquiring SecurityFocus
Good day,
Today, SecurityFocus and Symantec announced that Symantec is acquiring
SecurityFocus. Symantec sees real value in the services SecurityFocus
provides to its customers and believes they are an excellent fit with
their current offerings. We at SecurityFocus see this as an opportunity to
provide even better services for the security community.
Symantec recognizes the value and uniqueness of the public services
SecurityFocus provides to the community, such as the numerous mailing
lists we host and the content we provide via the SecurityFocus Online web
site.
In particular, Symantec and SecurityFocus want to ease any fears as to
whether the character of this mailing list will change.
Frequently Asked Questions:
Q. What is the Symantec strategy for keeping data sources?
A. We believe it is critical to maintain the integrity of the existing
security community currently part of the SecurityFocus portal and
Bugtraq mailing list.
Q. What is Symantec's disclosure policy?
A. Symantec believes in responsible vulnerability disclosure and is active
in initiatives to set best practices in this area. Our first priority
is to help our customers protect their computing assets by providing
tools and information to safeguard their systems.
We will work with vendors, if we discover vulnerabilities in other
products, to report and investigate the issue in a thorough and timely
fashion, in the same way that Symantec will work with other security
researchers if they find an issue with any Symantec technology.
We observe a 30-day grace period after the notification of a security
advisory to give users an opportunity to apply the patch. During this
grace period, we provide our customers significant information about
the vulnerability and the fix, but not step-by-step instructions for
exploiting the vulnerability. We do not provide detailed exploit code
or provide samples of malicious code except to other trusted security
researchers and in a secured manner.
Q. Will Symantec change SecurityFocus' vulnerability reporting policy?
A. We believe that in order for the SecurityFocus/Bugtraq community to be
effective, it must be an independent entity. We believe that its
current disclosure policy is appropriate for the venue. Symantec will
continue to operate with its separate disclosure policy.
Sincerly,
Elias Levy, David Ahmad,
and the rest of the SecurityFocus staff
Prediction: Symantecs products are going to suddenly become very secure.
I am not a number! I am a man! And don't you
This buyout (sellout?) makes the site a lot less credible in my opinion. They are simply going to use the site to sell more virus protection software.
Countdown until Rob Rosenberger has a nervous breakdown begun... 10 ... 9 ... 8 ... 7 ...
Never confuse volume with power.
The sleazy panic-mongers of Symantec have just scored a major victory. Without Security Focus, FUD-fighters will have that much harder a time advocating sane policies. Oy.
Isn't it safer using a credit card?
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
their products will never be secure as long as they do not detect the fbi's spy software.
GoatPigSheep, the 3 most important food groups
I've always had followed closely the bugtraq list, and I belive strongly it's cutting edge anything goes security ... wonder how the Symantec staff would moderate it
I wonder what kind of intentions Symantec has here. If they want to use SecurityFocus as a well-known security company to help make their products better, or if they just want them for the name. Consider "Tommy Boy"...
My other sig is an import.
The contest is on...
Which will be worse, the slashdot effect or the mass unsubscribes pounding the mailing lists??
I hate going to any symantec website. Their web pages reek of ads for different products. I'm glad I use Junkbuster to block all of them.
And I'm doubly-glad I use mozilla to stop those damn pop-ups.
And SecurityFocus.com was a great site... I can only hope Symantec doesn't run it into the advertising ground.
From: xxxxx@xxxxx.xxx
to: BugTraq Mailing list
Subject: Large hole in Norton Firewall
Would you like to not send this message to the list?
>Yes
Message Deleted
(Score:0, Interesting)
"With this acquisition, Symantec will offer customers the most comprehensive, proactive early warning system across the broadest range of threats." How long do you think it will take befor an update is released for it after it is released? 5 10 mins? the most! Some one is going to be able to get through it just like everyone else.
There was a new list started about 2 weeks ago, directly because of this potential issue:
Here was the announcement:
Subject: Announcing new security mailing list
We are pleased to announce the creation of a new security mailing list
dedicated to FULL DISCLOSURE. When Scott Chasin handed over the bugtraq
mailing list, it was clearly dedicated to the immediate and full
dissemination of security issues. The current bugtraq mailing list has
changed over the years, and some of us feel it has changed for the worse.
If you believe in full disclosure, and wish to participate in unfettered,
and unmoderated discussions, please feel free to subscribe to the new
mailing list by accessing http://lists.netsys.com
...inasmuch as Symantec are competitors of Network Associates, a fine corporation with a long history of upholding the values of freedom and good corporate governance,... I'm very happy for Symantec =)
What's REALLY interesting is I've heard that NAI/McAfee have been in acquisition discussions with Symantec.
So, Symantec buys SecurityFocus, NAI busy Symantec, and boom, overnight you have a huge amalgam of one-stop Security and Anti-Virus.
Jeez, kinda scary. No?
--jordan
"Symantec To Aquire Bugs"
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
Norton's products are quite good. NAV and NIS are the best in their class and absolute requirements for any internet pc.
With this acquisition, Symantec will offer customers the most comprehensive, proactive early warning system across the broadest range of threats.
Does that include threating emails from ex-girl freinds?
Cause if soo Sign me up!
I don't really know what to say. It'd be like Ford buying Volvo or something. Oh, wait . . .
Do not touch -Willie
REALLY BAD SECURITY VULNERABILITY EXPOSED
DATE: July 17, 2002
AFFECTED SYSTEMS:
All systems for which Symantec sells products.
DESCRIPTION:
Holy Fucking Shit!! The computer just, like, explodes! It's the end of the world!
WORKAROUND:
Install Norton Anti-Virus. If you already have Norton Antivirus installed, buy another copy and install it. That'll fix it, we promise.
What sort of changes should we expect from Security Focus? I imagine anything to remain profitable.
Reality flayed open before your eyes, a macabre spectable to be suppresed lest one becomes disturbed. Nothing to see here, return to your television and its subliminal scalpels because the brain cannot feel pain. Follow the path lain before you, avoid all troubles. Eyes wide open in blank ingnorance, forever young and stupid. But it's OK, others will pick up the chain where you've fallen and continue on. Your bones will lie parallel to some milestone in the march of time, and hopefully you didn't spend your days as a fucking moron.
A distillation of Alice in Chains, Jar of Flies.
There goes another usefull service being prostituted by corporate morons with a MILK THE MASSES mission statement, I guess well have to use another means of information :D
SYMC is larger than NAI by quite a bit. This isn't gonna happen.
Ahh, Symantec pledges to acquiese to FBI backdoor demands
This is a real problem and needs to be addressed.
Has Symantec policy changed with respect to things
like magic lantern and so forth?
bugtraq. Poof.
I'm sure SecurityFocus will suck by the time they are done with it.
(Sorry if this is trollish but it just seems like things get worse when an outside company aquires something useful.)
- Would we believe the seriousness of virus threat anouncements? (BTW, please see the interesting musings of Bruce Schneier in the last issue of CRYPTO-GRAM.
- Would we believe in the security of Symantec's products?
- Would Symantec take advantage of first hand information before releasing it to public knowledge?
Even if bugtraq keeps its objectivity (and what a big "if" is that!), doubt will ever remain. A critical resource for the security community has been lost, at least because of the lack of credibility in the new owners.Serve as a FW/VPN
Act as a network IDS
Serve as a management console for Host IDS
Act as the A/V Manager
Because they have agents installed on every machine when you run Intruder Alert, NAV, or other tools, it would allow them to sync up the status of a host, network, etc. with the mothership at Symantec-Focus, and determine in real-time what devices are vulnerable. This is kind of cool in concept but not easy in execution.
My concern is that they already have bought other products, which are completely jacked up and are still not fixed. I spent my Thanksgiving morning last year doing a disaster recovery on a Symantec Intruder Alert System...what a mess that product is...where is the high availability, the fault tolerance, etc.? Again...cool concept, crappy execution.
This merger puts Symantec in direct competion with folks like eSecurityOnline, and I can tell you that for people already in bed with Symantec who have legal obligations to stay on top of vulnerabilities (e.g. Banks) this makes it a one stop shop for them. I see it as a conflict of interest. They should buy a couple of pen-test companies while they're at it and they can even validate their product implementations are secure ;)
Not that I have anything against Symantec, but it depresses me to see a great resource such as SecurityFocus acquired by a company that notoriously blows the very thing people look to SecurityFocus to provide out of proportions.
Not more than you need, just more than you want
Now Symantec can screw up SecurityFocus like they've screwed up everything else that was useful until they bought it!
Sorry for the flamebait, but I've bought too many Symantec products over the years, and they seem to get worse with every revision. I remember when Norton Utilities was something beneficial, now I refer to that package as Norton Anti-System.
Other fun past experiences with Symantec products have included Act, which was a big pile of poo, and WinFax, which was pretty good last time I used it, as long as you limited your use to a specific subset of it's advertised functionality.
Under capitalism man exploits man. Under communism it's the other way around.
Yeah it chnaged;
http://www.rense.com/general17/balk.htm
If Symantec wishes to maintain the bugtraq in similar fashion as it presently exists, why would they shell-out 75 million dollars when they could have just perused the site fo' free?
Next is dotSymantec, subscribe for yearly fee to get AntiVirus software, updates, and security advisories...The Internet is beginning to suck, I'm going back to the library, some of those are still FREE!
As if they were the enemy or something...
the enemy is NOT microsoft nor virus authors.
the enemy IS those ignorant programmers that have no idea how to test their code to see if the CODE is vulnerable...
Symantec taking over should have little effect on the amount of product they sell. They are simply heading into a new market and doing so by purchasing the leader in that market. By being ready for what may come, they can better attack the problems when they arrive and better serve their customer base.
--Huck
"Just Smile and Nod." --Huck
At the company-wide meeting about the acquisition, Symantec president John Schwarz said repeatedly that Symantec is committed on the highest levels to keeping the SecurityFocus Web site alive, and editorially independant. A written policy will set this out explicitly in the weeks to come.
They (the list administrators for securityfocus.com) have sent me this about a billion times now- one copy to each list I subscribe too. Then I check slashdot for a break from all the email spam and there it is again..
So I guess that means that Symantec has acquired SecurityFocus. I also heard that Symantec has acquired SecurityFocus. And in related news, yeah, you guessed it- Symantec has acquired SecurityFocus.
Never trust an atom. They make up everything.
symantec made 331 million this quarter, NAI made 22 million... good luck with that idea.
Yeah this really is depressing. However, another site I like in case any of you are unaware is Packetstorm. I like it a lot and so far it hasn't sold out. :-(
You forget the overwhelming majority of us on /. run Windows with IE.
Symantec claims that it SecurityFocus will still be "independent". It's possible, but unlikely. The true test will be how often a vulnerability shows up before Symantec releases a fix.
"Why should we leave America to go to America Junior?" - H. Simpson, on visiting Canada
They also acquired Recourse Technologies and Riptech. Symantec corporate
No kidding! Here's Riptech's press release and Recourse's news. This follows the purchase of MountainWave earlier this month.
Helevius
While it appears that Symantec will generally leave Bugtraq alone (not that it's been very useful for some time, imho), I don't really trust them.
Let me provide my basis (petty as it may seem): I'm the system administrator at an ISP small enough that I do some of the tech support. I've seen NAV's mail scanner totally screw up peoples' mail settings enough times that I don't think quality is something they emphisize. To make matters worse, this problem tends not to be fixed by a reboot, and NAV will lock the mail server fields in OE (I don't think it can do that in Netscape/Mozilla, but I'm not sure) making it impossible to use the affected mail account without completely deleting it and readding it. Sometimes, disabling and re-enabling mail scanning will fix the problem, but that's not always the case.
I used to prefer NAV over most other virus scanners (and some other Symantec products back in the days of MS-DOS), but I really think they've gone downhill in the past several years. I hope that the same fate doesn't come to Bugtraq--the list has already become bad enough.
Now I'm terrified.
The company who's tech support told me "Sir, you shouldn't use that program, it's dangerous" when I called, as their customer, to ask how I could remove a so-called 'virus' from the scanning list.
If they believe they just need to shell out 75 million dollars for a stinking mailing list in order to contral an important part of the world's infrastructure, they are idiots.
Getting something to work like bugtraq technically is absolutely no problem. A mailing list with 30000 subscribers, ok let it be 300000, isn't voodoo.
The "selling point" of bugtraq is/was the trust many people have in them, the people which post there, their policy. If anything would cause people to mistrust them, it needs just one trusted guy from the security community to start a new list, and bugtraq is dead. I've even read a post that one alternative has already started.
If someone like Dan Farmer, Wietse Venema or, for the hell of it, Bruce Schneier decided to start a bugtraq clone, the original would not stand a chance if its reputation had already been damaged.
I think we need to start looking for another security site. I don't want one controlled by a large Corp.
:(
This is a sad day
Mike
I didn't use the preview button, so get over it!!!!
Mike
SecurityFocus is an excellent asset to the security community and I do hope it manages to retain its journalistic independence through this whole process. I've been running my own small security portal/company the past few years - helps pay the college tuition and all. We do have very thorough daily coverage of news and significant vulnerabilities and the site has a Slashdot-esque feel...URL is in my sig if anyone wants to check it out.
Not really scary to me, seeing how their entire product line is useless on any of my Linux machines anyways.
The normal "cracker" hates big corporations. If enough crackers realize that every virus they write helps Symantech, they will stop for a while, so Symantech's value to a customer goes down. Symantech will shrink, and security minded people are smart. If security focus is no longer the place to find out about risks, then another source will emerge. The Darwinism of internet communities is great. As soon as one company starts charging for a service, 3 more come out and do it for free, often time learning from the mistakes of the first. Watch this cycle with music sharing. The only music sharing that is viable for more than 6 months at a time is IRC and FTP.
-- the computer doesn't want any beer, no matter how much you think it does. NEVER, EVER feed your computer beer.
ssshhhhhhhhhhiiiiiiiiiitttttttttttttt
Boy, it's a rotten, commercial world out there.
Now I'll get my Symantec-slanted Bugtraq chock full O' commercial advertisements.
This just seems wrong.
Good day,
Today, SecurityFocus and Symantec announced that Symantec is acquiring
SecurityFocus. Symantec sees real value in the services SecurityFocus
provides to its customers and believes they are an excellent fit with
their current offerings. We at SecurityFocus see this as an opportunity to
provide even better services for the security community.
Symantec recognizes the value and uniqueness of the public services
SecurityFocus provides to the community, such as the numerous mailing
lists we host and the content we provide via the SecurityFocus Online web
site.
In particular, Symantec and SecurityFocus want to ease any fears as to
whether the character of this mailing list will change.
Frequently Asked Questions:
Q. What is the Symantec strategy for keeping data sources?
A. We believe it is critical to maintain the integrity of the existing
security community currently part of the SecurityFocus portal and
Bugtraq mailing list.
Q. What is Symantec's disclosure policy?
A. Symantec believes in responsible vulnerability disclosure and is active
in initiatives to set best practices in this area. Our first priority
is to help our customers protect their computing assets by providing
tools and information to safeguard their systems.
We will work with vendors, if we discover vulnerabilities in other
products, to report and investigate the issue in a thorough and timely
fashion, in the same way that Symantec will work with other security
researchers if they find an issue with any Symantec technology.
We observe a 30-day grace period after the notification of a security
advisory to give users an opportunity to apply the patch. During this
grace period, we provide our customers significant information about
the vulnerability and the fix, but not step-by-step instructions for
exploiting the vulnerability. We do not provide detailed exploit code
or provide samples of malicious code except to other trusted security
researchers and in a secured manner.
Q. Will Symantec change SecurityFocus' vulnerability reporting policy?
A. We believe that in order for the SecurityFocus/Bugtraq community to be
effective, it must be an independent entity. We believe that its
current disclosure policy is appropriate for the venue. Symantec will
continue to operate with its separate disclosure policy.
Sincerly,
Elias Levy, David Ahmad,
and the rest of the SecurityFocus staff
Now if they would just release a version of NAV for Linux. It would help those of us (most I would guess) who have to suffer WinX crap all day with some Linux mixed in.
Miles Lott
(If the link stops working, then I guess the answer would be "No".)
This brings up the interesting point of what Symantec will do about employing people with felony convictions. Anyone know what Poulsen is going to do?
We believe that in order for the SecurityFocus/Bugtraq community to be effective, it must be an independent entity. We believe that its current disclosure policy is appropriate for the venue. Symantec will continue to operate with its separate disclosure policy.
Pretty words, Mr. Levy and Mr. Ahmad. Now where is the proof?
Those of us who are working journalists remember the transition of ABC News under Roone Arlege from Cronkite-esque "news" to "entertainment" -- and know that "independence" is a very fragile concept, one that can be crushed very quickly and with little fanfare at any level including the board room. All it takes is one vote of no-confidence on the part of the management to completely change the editorial head, and thus the independence of SecurityFocus. You most likely mean well -- can the same be said of your bosses? Can you point to one Symantec acquition that proved that editorial independence has been achieved in the long run?
I was an expert witness at a multi-million dollar trial because a well-respected computer magazine's editorial staff prostituted themselves to shore up a bad space-sales management decision. It only takes one episode to sully the good name of a publication. (The name of the publication is withheld from public statement to protect the guilty and to keep me out of civil court for defamation.)
I'm happy you were able to get a pile of money, but don't think that SecurityFocus will be viewed the same way. Now, if you had made the sale to an outfit like O'Reilly, the SecurityFocus name would have retained its luster and elan in the industry.
All good things must come to an end. Thanks for all the fish.
"With this acquisition, Symantec will offer customers the most comprehensive, proactive early warning system across the broadest range of threats."
I take it that this comprehensive, proactive early warning system offers protection against the broadest range of threats, including hostile air strikes, early warning Surface to Air Missile detection, drive by shootings, nuclear tipped ICBMs and the occasional Gene Simons appearance on TV...? Come to think of it, I could use a product like that. Thanks Symantec!
You need a FREE iPod Nano
These aquisitions have nothing to do with anti-virus. In fact, they deal with beefing up their enterprise security solutions (NIDS, HIDS, etc). They also bought Mountain View, RipTech, Recourse and a few other small time security software developers (check the PR's). Why make technology when you can wait till someone else makes it, buy them, and then stick your own label on it?
Unfortunatly for the people in the Symantec San Antonio office, (who were already developing a HIDS/NIDS hybrid solution) this makes their software redundant. They layed off about 20 people today, with about 40 more expected in mid-September. Seems insigifigant, unless you me, now having to find a new job *sigh*
Symantec AntiVirus 2.5 for Lotus Notes/Domino for Linux:
c fm ?articleid=1447&PID=11273711&EID=0
http://enterprisesecurity.symantec.com/content.
Is there an alternate source? Will Bugtraq still be on there?
If you're not a Liberal in your 20's, then you have no heart.If you're still a Liberal in your 30's you have no brain.
umm i hate to break you the news but micro$uck's programmers DONT HAVE ANY IDEA HOW TO TEST CODE !!!!
........
why do you think bill gatesey said 'if our source code was realeased it would COMPLETELY DE-STABILIZE ALL WINDOWS MACHINES" there code is flawed, always has been always will be. and who can see it to fix it ? them ? and them fixing it is like admiting they were wrong all these years
and billeys ego is too damn big for that
"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe." --Albert Einstein
SecurityFocus is ideal for archives ...(beware there is too much FUD & drivel).
I got laid off a year ago and decided to delve into the innards of AV & Security tools. (How they work or don't work)
The last time I was interested M$ had an AV. (always wondered why they got out of it & sold mice instead).
With the help of SecFoc archives I stumbled across the grandfather of computer security who in short, concluded that there is no secure tool.
To put it simply, AV products are generally, clean up tools. Completely useless to unknown dangers. Unknow sig. no detection.
The authors/owners of these kinds of tools are likely to be Proffessionals, the kind who would know what to do with your private info. (clone your ID, stealthly log your habits & send them to some Corp... e.t.c) these are the ones we should all be worried about.
Eye opening stuff. Needless to say, this also led to the end of my adventures (& less sleep)
for now.
So just start a better site and send Security Focus to the Museum.
keep us posted, I can't see any reason for the panic here beyond the inate herding instinct.
If things change then it is time to move...
errr....umm...*whooosh* *whoosh* Is this thing on ?
MSFT today announced the acquisition of Integrity for $358 billion(USD).
This follows on the footsteps of several recent corporate buyouts, including the impending $5.8x10^300 (USD) Church of Scientology buyout of Truth and Morality.
Man, I am so glad I'm a fucking trans-national megacorporation. Suckas!
(2,3-Benzopyrrole)
There are many of us that are working for Symantec that love SecurityFocus. I have been subscribed for a number of years now. I take this purchase as a way of being in touch with the customers. Symantec has no need or plan to change the company. Doing the math: Purchase a company and destroy it's customer base so you can make money? wrong! What is it about the herd mentality on around here. I read almost no well thought out comments about the purchase. Just a bunch of me to's. Where is the independat thought? I guess I may not miss some of these commentors on the BugTraq lists.
-- Go figure.
The "announcement" of the Netsys list's creation was spammed to everyone who's posted to BugTraq lately. Let's see: unsolicited, bulk, advertising something, and sent to email addresses scraped from a webpage or mailing list. In my world, that's spam. What's worse, the list's owner - Len Rose from Netsys - said that people who were unhappy about the spam were "lunatic diehards". He then proceeded to tell one of them in particular to, quote, "FOAD."
I don't trust a spamming pompous ass to run a security list any more than I trust Symantec to do it. I'm sorry, but Netsys really dropped the ball on this one; I'm not about to hand my email address over to them.
Shaun
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
I guess some people have faulty irony detector.
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
This is the same company that made Xtree into what it is today? The same company that made msav into what it is today? The same company that (ANYTHING) it touches goes to crap?
With the horrific track record this company SY-MAN-TICK has, the question is:
how long will it be before we need to unsubscribe from securityfocus.
History has shown, and Time will tell.
I HATE SY-MAN-TICK!
All our email address's are sold and abused.
I do not trust symantic as fas as I can spit.
look at the wonderful work they did with Xtree
the geekgirl
ps. it is on topic
One more site to not visit anymore.
Editorial independence does not necessarily end if one company buys another. It is premature to assume that the quality of SecurityFocus (however you assess that) will materially change for the worse. Don't jump to conclusions until there is a reason to warrant the charges that are being thrown around.
That said, if Symantec simply wanted to support the growth and dissemination of security-related information it could have paid for ads and provided technical resources to SecurityFocus, (however much that may have spurred charges of bias or interference) instead of buying it outright.
The acquisition legitimately raises questions of conflict of interest.
Will we see Symantec advertorial content written by product marketing managers? Will we see Symantec's products being touted as the solutions to problems and vulnerabilities?
The most valuable commodity that SecurityFocus had was its independence (of ownership) from any of the product vendors. Without that independence there will always be doubt and doubters.
Obviously the world needs a new impartial bug advisory web site.
Just like a locomotive down a dirt road.
Where can I download a trial of Hogwash 1.0?
Proxomitron sees all, filters all. Regexp your Internet connections.
This happens when the greed goes over the truth.
I believe that Mr. Ahmad and Mr. Levy got their
money.
I predict that in a year SF is dead.
I agree. It is amazing how badly managed Symantec is.
There are many stories to tell, so I'll tell only one. Once I was having a problem with a Symantec product and I called Symantec technical support and told them how much time I had lost over it. This time they actually had an answer: The problem was caused by another Symantec product.
Microsoft wannabes.
Symantec is not as badly managed as Microsoft, but they are putting in an impressive effort.
even if not as intended but bugtraq will loose
a lot of reputation over the time anyway. Especially
to those people posting serious things. Maybe it's
like fighting satan with the devil but this will
make the world a lot more secure in the long run.
Shure such a simple step can not prevent full
disclosure from existing but it will split up the
scene pretty well.. it will be intresting to watch
the full impact within the next month and thank you
symantec!
Yes, we all know the evils of Microsoft, Symantec, IBM, HP, Compaq, GE, Sears, 7-11 and, oh yes, I can't stand Pizza hut. So I ask you. Is there any company we actually trust?
I am a cynic's cynic and agree that this purchase spells the doom of SecurityFocus. But why do I feel this way? I was just going over this in my head and I cannot remember why I believe this. Because "everyone" says so? That's just not good enough. I have been using securityfocus for years. I am sure some things will change. Some changes I'll like and some I won't (we fear change... Unless it's happens to a *nix OS!) I think, for now, I'll stick with SF and avoid the panic unsubsrcibe.
Corporations may be evil but in this crazy mixed up world of ours they seem to be a necessary evil.
Cheers!
I think that's an absolutely valid concern, particularly given the propensity for the virus-killer companies (as they see themselves, anyway) to overblow virus threats.
But, I would say two things in their defense:
1) They tend to hype more than hide. The worst thing is that they will try to get securityfocus.com on the map with IT execs by hyping the security flaws disclosed in bugtraq. Now, it's a double-edge sword, but I don't think it will be awful if certain M$-based operating systems were a bit more publicly scrutinized.
2) Slashdot didn't change after the aquisition, at least not outwardly. I don't work here, so I can't talk about the behind-the-scenes, but the postings are as hard-hitting as ever. Granted, Andover isn't a corporation the size or with the intrests of Symantec. But it's a valid point.
Amateurs discuss tactics. Professionals discuss logistics.
More than 90% of the desktop computers in the world run Windows. And... Windows ESPECIALLY needs filtering. Now Internet Explorer has a kind of serial number that it transmits to every site you visit.
With Proxomitron, your browser can identify itself as "Space Bison", one of the built-in options, or anything you choose. I choose to take out the serial number.
It gets old, Slashdot people saying they don't run Windows. I posted a link to an article on my web site, and lots of Slashdot people visited. Most were running IE and Windows. Other people have mentioned this also.
There will be a day when almost everyone runs Linux, but that day is not here yet. I can't yet sell Linux to my customers because it is a little too technical yet.
In spite of what the OSDN Terms of Service says at section "4. CONTENT", paragraph 6, I own this comment, exclusively.
Heh. I'm betting on a-ftp. A recent virus update manages to quarantine the hell out of any copy of this wonderful program (that I used every single stinkin day to do f a s t file transfer over windows network)
This program has no malcious code, just a plain ole SIMPLE ftp server.
Really a shame, just think, when will *your* program be added to the new symantec blacklist?
I patented screwing your mom. But it got revoked for "prior art."
They're running Mailmain 2.0.9. Many XSS vulnerabilities exist in that version.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
This is the point I have yet to see in the replies so far.
We need an alternative to trust, since we obviously don't trust that corporate-owned list now.
Why has no one posted one yet?
(Posted AC so this can be modded up, and the REPLY to this made and seen ... then this can be modded back down to oblivion)
Has all the useful security news for *nix sites have been going down the drain lately?
I mean, I am sure symantec is a great windoze security company, but what do they care about securityfocus?
Now that website is probably going to be filled with even more useless HTML and crap
bleh!