The Insecurity of Security Software

H316 writes "BusinessWeek is reporting that, despite a number of software products meant to safeguard Windows PCs from harm, a rising number of them endanger their hosts because of poor design and flaws. From the article: 'A new Yankee Group report, to be released June 20, shows the number of vulnerabilities found in security products increasing sharply for the third straight year -- and for the first time surpassing those found in all Microsoft products.'"

Insecure

[MarkRose]

Security software is insecure? Maybe it's just having a bad day and needs a hug. *hugs security software*

Re:Insecure

[Master+of+Transhuman]

Let's put it this way:

Windows is the Paris Hilton of operating systems.

It looks good, but it's wide open all the time.

windows

Windows seems to be responsible for that 40 million credit card breach:

posted originally at groklaw:

All of the marketing hype in the world cannot make Micro$oft a better system
http://finance.messages.yahoo.com/bbs?action=m&boa rd=1600684464&tid=cald
&sid=1600684464&mid=274625
A Tucson Arizona credit card processor has been implicated in a security breach
which resulted in fraudlent charges and the exposure of 40 MM accounts.
CardSystems Solutions has helpfully posted a Computer Operator job listing. This
makes it clear that the system breached was running M$ OS.
www.cardsystems.com/careers/ComputerOperator_ 0410. pdf
A seperate database developer job posting has a VBScript experience requirement,
leading to the presumption that VBScripts were at the heart of the card
processors data management.
A quality assurance job posting required experience in Windows NT and Windows
2000. Using these obsolete systems was part of the innovative "security
through obscurity" policy of the part of the card processors.
http://toolbar.netcraft.com/netblock?q=UU-63-83-95 ,63.83.95.0,63.83.95.255
3330975
www.cardsystems.com
CardSystems Solutions, Inc., 6390 East Broadway, Tucson, 85710, United
States April 1997
Microsoft-IIS/5.0 Windows 2000

Mastercard is running Apache on Solaris
http://toolbar.netcraft.com/site_report?url=http:/ /mastercard.com
Mastercard International
2200 MasterCard Blvd OFallon MO US 63366
Solaris 8 Apache/1.3.27 Unix mod_ssl/2.8.12 OpenSSL/0.9.7
mod_perl/1.27 29-Jul-2003

Was Mastercard to blame running a decent OS
Or was CardSystems to blame for running Micro$oft crapware.

Re:it wasn't supposed to be like this!

[64nDh1]

In my experience Norton Antivirus ignores default browsers and uses Internet Explorer when you ask it to take you to the instructions for manual virus removal.

Norton Antivirus, despite regular updates by LiveUpdate, does not give full scans in that it does not find certain very frikkin' major trojans on any Windows system. The Shinwow virus that still resides on my XP system is a case in point, as is the Java byte exploit which allowed another user on the system to accidentally have it put there by some scurrilous website,

On Mac Norton Antivirus lost a lot of respect, and a lot of Mac users will just tell you that AV is for suckers anyway, but Norton pissed off people when their existing disk utilities (Speed Disk, Disk Doctor I think) which handled drive optimization was not Panther compatible. Certain people (those running the 10.2 Norton on Panther 10.3) lost complete functionality on their hard drives ("churning" is how I saw it described) requiring formatting with (AFAIK) no chance of file recovery. Same goes with using Norton 9 on Tiger - don't.

When using Norton Antivirus year on year the 'upgrades' mean that your boot time, and logon times increase. See my first point that this does not mean that you are more protected as at least one older known trojan is still undetected by a full system scan.

If you enable Program Launch Monitoring then Norton will tell you about absolutely every little thing that accesses the internet. This is a good thing, but from what I can see, they've taken out the damn option to "Don't show me this bullshit again, of course Firefox is going online!" and it keeps happening.

Just earlier today, I let Norton integrate itself into my Dad's mail client, Outlook Express, then I got 5 warnings that NORTON was being called by another program, and accessing the internet. This isn't even the veil of a false sense of protection. I increasingly think this junk is being coded by morons. Compared to each other, EZ Armour, eTrust Antivirus whatever it's called runs a scan faster, finds more, and I trust it more. It's not any worse to boot speeds. And while 'the devil you know is better than the devil you don't' I'm looking to return to some sort of honeymoon period so that you don't feel cheated and abused for spending on a program which you need due to stupid security holes and ignorant malicious script kiddies.

My antivirus experience is getting so bad, and so resource intensive, that I have taken to schooling every member of my family who use the computer and who will listen, and I am showing them how everything can be done as promptly on SuSE 9.1 Pro in KDE with Firefox and KMail. This switch is nothing to do with Windows frustrations which are relatively minor, this is just to do with lugubrious boot times and all those lost proc cycles.