Slashdot Mirror

← Back to Stories (view on slashdot.org)

Antivirus Inventor Says Security Pros Are Wasting Time

Posted by Zonk on from the think-outside-the-para-digum dept.

talkinsecurity writes "Earlier this week Peter Tippett, chief scientist at the ICSA and the inventor of the progam that became Norton Antivirus, had some interesting things to say about the state of the security industry. In a nutshell, Tippett warned that about a third of the work that security departments do today is a waste of time. Tippett goes on to systematically blow holes in a lot of security's current best practices, including vulnerability research/patching, strong passwords, and the product evaluation process. 'If a hacker breaks into the password files of a corporation with 10,000 machines, he only needs to guess one password to penetrate the network, Tippett notes. "In that case, the long passwords might mean that he can only crack 2,000 of the passwords instead of 5,000," he said. "But what did you really gain by implementing them? He only needed one."' Some of his arguments are definitely debatable, but there is a lot of truth to what he's saying as well."

1 of 282 comments (clear)

  1. Re:Actually by hackerjoe · · Score: 0, Offtopic

    Its like flu shots. I travel, talk, do meetings, etc. I get sick very rarely, yet I see so many immediately taking "flu vaccines" out of fear that the flu will kill them. I've never had a relative who either died of the flu or had complications. Neither have I known anyone in my personal life who had these complications, and I have associates who have lived in first, second as well as third world scenarios.
    What a terrible argument! "I don't know anyone it happened to so it doesn't matter". I've never been in an air crash, and I don't know anyone who has, but I'm damned happy that aircraft design, certification and maintenance is done very carefully even if it is a little inconvenient, because I'd really rather keep it that way.

    Anyway, influenza probably won't kill you as long as you're young and healthy, but it's well-documented that it does kill people, especially older people and the immune-compromised. The flu shot isn't just to keep yourself from getting sick, it's a public health concern: you're preventing yourself from being a carrier and getting other people sick. The argument that you don't usually get sick is missing the point.

    This is all completely ignoring the facts that flu pandemics have happened in the past (3 in the last hundred years, according to Wikipedia), that the only thing different today is that we have vaccines (do I have to point out that they're useless if nobody uses them?), and that in these days of global travel, if a particularly nasty strain were to break out it could be immensely devastating internationally. It's not like flu shots are exactly onerous... I spent probably 20 minutes lining up and getting mine this past fall. If they hadn't done a free clinic at work it would've been maybe a couple hours out of my life, tops, and $15.

    I mean, don't live your life in fear... but don't use bad logic to justify skipping things that hardly cost you anything and provide a measurable benefit to yourself and to society.