Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Industry Faces Attacks It Can't Stop

Posted by kdawson on from the crying-out-for-paradigm-shift dept.

itwbennett writes "The takedown of the Mariposa botnet and so-called advanced persistent threat attacks, such as the one that compromised Google systems in early December, were hot topics at the RSA conference last week. What both Mariposa and the Google attacks illustrate, and what went largely unsaid at RSA, was that the security industry has failed to protect paying customers from some of today's most pernicious threats, writes Robert McMillan. Traditional security products are simply not much help, said Alex Stamos, a partner with Isec Partners, one of the companies investigating the APT attacks. 'All of the victims we've worked with had perfectly installed antivirus,' he said. 'They all had intrusion detection systems and several had Web proxies scan content.'"

4 of 305 comments (clear)

  1. I'll give you a clue... by advocate_one · · Score: 5, Insightful

    Traditional security products are simply not much help, said Alex Stamos, a partner with Isec Partners, one of the companies investigating the APT attacks. 'All of the victims we've worked with had perfectly installed antivirus,' he said. 'They all had intrusion detection systems and several had Web proxies scan content.'"

    the "victims" were all running MS Windows...

    --
    Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
  2. Re:Security theater by localman57 · · Score: 5, Funny

    Kittens don't have hands. They have paws. But yes, I agree with you. Maybe seeing a few pictures like that would get people to stop clicking the links.

  3. So why not change it? by khasim · · Score: 5, Insightful

    The security industry will always be unable to protect everyone 100% of the time.

    The problem is that they haven't even hit the 50% mark. They cannot even, reliably, detect threats that are over a year old.

    AntiVirus is imperfect as it relies on signatures and known processes, and will always be imperfect.

    Exactly. Which is why that needs to change. Instead of trying to chase the latest variant of a threat, why not save time and effort and identify the LEGITIMATE files? Then, if something is trying to write a file to the OS portion of your drive, and that file is not recognized, it should block it (and MAYBE allow the user to override it after a few hoops and maybe online comparisons with the latest threat databases).

    In my opinion, as long as the security industry, and end-users as a whole, continue with the thought that end-user basic security ignorance is OK, things will never get better.

    I think it is different. The "security industry" depends upon the ignorance of users and the continuation of those users being infected.

    It is not in the "security industry"'s best interest to commit to real improvements in security.

  4. What idiot types their shopping list... by da5idnetlimit.com · · Score: 5, Funny

    Your mom.

    Possibly mine also ...

    --
    It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker