|
Monday, 19 July 2010 09:16 |
|
 The repeating updates
Many antivirus vendors provide updates generating false positives. If it happens once it can and will happen again. The Q&A department loses the race against the clock. The fix for the failures can be difficult to implement. The worst thing however is the damaged trust for which no update can fix that. Their Q&A departments should manage my expectations.
 The security updates
Microsoft, Adobe and Apple are well known for their products but just as (in)famous for their bugs and the need for frequent updates. Every day security bugs are found in products from each vendor. The only diffrence a vendor can make is by the way they respond to it. It is not only about fixing security bugs but also about managing their image and our expectations.
 The missing updates
Most of us are walking around with smartphones with an update technology. My previous four phones (Nokia, Sony, Samsung and Philips) did have firmware upgrade technology built-in and had the need for updates due to serious design bugs, but the vendors NEVER introduced an update. Our LCD television and home theater sets can be updated as well and yes, they also have irritating bugs, but no updates. The lack of updates are irritating and I would have preferred a product not able to update above a product with updates from a vendor never providing them. The vendors should not ignore my expectations.
 The unknown updates
Our washing machine and dryer both have got an update connector via USB. The vendor however doesn't register us and is not able to inform me about updates. I don't care and I'm not willing to search the internet for an update. But every time we clean the filters we are faced with the update connector. We are missing the point and the vendor is missing the opportunity by not knowing about my expectations.
 The provided updates
My cable modem and provider can offer updates and they do update them and make visible changes and improvements. My iPhone and iPad were in the need for updates, just like for any software or firmware device and Apple does provide them. Most vendors forget to make the changes visible and if offered at all, they just point you to a techie internet page. Their marketing departments should manage my expectations.
 The failing updates
For failing security updates please see my previous blog about the McAfee update. My car (Citroen) has a built-in navigation and speaks partly French while I don't. The last two updates were supposed to solve it but didn't. The maps can be updated but they offer it at least one year after the map provider introduced them. Guess they wait for the roads to change first. My previous car (Volvo) had a bug in the built-in phone system and after several updates they were unable to fix it and decided to call the bug a feature (really!).... They completely failed to understand my expectations.
To cut a long story short updates will always fail to manage expectations. Or better said: once failed it is often beyond repair since we no longer have faith in the quality of the product. One thing we must not forget and that's the fact that vendors providing updates deserve a second change since they do take responsibility to improve their products. And some of them even listen to our needs to make better products. When providing updates change is the only constant factor, while challenging and crossing barriers. We would never have been to the moon without that, but some vendors should not bother and only travel locally using public transport :-)
|
|
|
300.000 dollar USB stick! |
|
Wednesday, 14 July 2010 10:22 |
|
Imagine a company ....
 .... who had its hard drive taped in the laptop
.... spending 300.000 dollar on a single USB stick
.... wasting ten years of development just like that
.... specilaized in databases but lacking a backup
 Let's have a look at the damage ....
.... company and brand value down the drain
.... developers must be frustrated for life
.... internet launch delayed for 2 years
Not sure if their website is http://www.dbliquid.com/. However it is a company promoting a service "The unique internet service to connect and engineer the flow of information across all locations". If it is the same company then it would have been a handy service for their own data, but it was not yet launched... If it is another company then it is a funny coincidence.
They should have had a backup procedure in place (and tested frequently) or at least purchased a SafeStick with SafeConsole. Not only to store and encrypt their precious data on the stick but at the same time to have a backup remotely accessible at any time. Even after losing their data. They would have been up and running within a minute. About the same time to read this blog.
If you care about your data you better take care! |
|
Tuesday, 13 July 2010 08:11 |
|
 The use of Skype is blocked by many organisations. Not only because it is an unwanted d-tour passing the organisations own VOIP servers, but also because it is impossible to monitor the actual data for DLP reasons. Once you allow skype communication you no longer know what information enters and leaves your network.
Skype is using it's own undocumented encryption algorithm, leaving secret services and hackers at the sideline. No wonder that on the opposite terrorist groups and criminals have found their favorite at the same time.
Skype uses a modified version of RC4 encryption for it's client-server communication, while the skpye server uses AES256. The clients and supernodes use up to three versions of RC4 (TCP RC4, UDP RC4 and DH384). Details of the Skype encryption concept has been reveiled recently
 For their security measures the sky(pe) is still the limit but after years of research we start to see some shady clouds. Security by obscurity offers protection for a limited period, just like any security measure it is a matter of time...
|
|
Why a large size does matter |
|
Monday, 21 June 2010 13:35 |
|
While spam is focusing on Viagra and enlargement tools and props we see other area’s where size really does matter. Due to the large number of files and the increasing size of them the storage capacity requirements doubles every 6-12 months. A few years ago you could make a good impression showing your large stick with 8 GB of storage capacity. Today you won’t be noticed with less than 64GB. At the same time we are getting used to exchange large files and we copy and share them easily since capacity seems to be unlimited.
As method for file sharing we have changed focus to email as well. More and more we see attachments in the range of 2-20MB and the ICT guys are even sending software back and forth using email. Where a typical user spends a third of it’s time on email, a third of the email messages contain attachments. And one in 5 contains files larger than 5MB.
For the larges sizes we do not let the email bottleneck stop us from sharing data. Lots of companies set rules to limit file size in Exchange but smart users immediately discover the workaround of webmail and other alternatives. In our urge to sent large files we see companies using FTP servers, or worst using online services, where the company data is stored and lost in space once you press the UPLOAD button.
 We have seen several customers using their web server to host large files as well. The receiver gets a link for the file but the sender tends to forget to remove the file from the web server afterwards... Not to speak of the risk of the file being stored in the cloud.
In a survey about file transfers a year ago 40% of the customers were frequently sending files larges than 100MB. Ad hoc file transfers take place in 55% showing a 20% increase to the year before. One in 2 of the companies see it as a “manageable problem” while one in five see it as a serious problem. Organizations should be concerned about the related breach of security policies, privacy issues, compliancy and manageability of the large files in transfer or transferred.
Free whitepaper
Bottom line there is no way to stop large files, but there is a need to get in control. We have got a free whitepaper available for you, no strings attached, just a small pdf :-) you can get it by sending an email to
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
with subject "whitepaper-cs"
For the ones looking for a solution as well, click here
|
|
Thursday, 22 April 2010 09:43 |
|
Today many McAfee customers have been hit by a faulty update file from the McAfee malware scanner. It resulted in Windows XP machines rebooting and or losing network connectivity. There is a fix to roll out, but guess what? Without network connection you will need to have your IT department visit each individual computer. This means there is no easy fix for this and it is time and money consuming.
This is happening frequently to many vendors, but becomes a serious issue if the computer can no longer be used. See historical serious false positives since 2009 from e.g. Symantec, Avast, CA, GData, McAfee, Bitdefender, AVG, Panda and Kaspersky. It proves that during product selection or evaluation you should not only pay attention to speed, detection rates, size and color of the clouds, management and reporting capabilities, but also look at false positives. In an earlier blog we explained about malware test results and the (little) value of that. Alternatively you could do a Google search on products combined with UPDATE FAIL, FALSE POSITIVE and ERROR. Compare the results to the market share of the vendors and be ready for shocking findings.
Update challenge number 1
Signature updates rely on exact identification, or mismatch in this case. It is a relatively fast way to produce updates for new outbreaks. But for every new variant you will need a new update. During an outbreak you can be faces with hundreds of updates within a few days.
Update challenge number 2
Technologies like heuristics, pattern or behavior analysis take more time to build detection technology but will be sufficient for most of the new and even unknown future versions. However for unknown variants it offers detection but a cure might not be available. False positives remain possible.
Update challenge number 3
PR and marketing departments insist on the release of updates as soon as possible to secure the window of opportunity to be the first to break the news and talk to the media. The company gets a lot of attention and will not care a lot about the quality of the update. It is a battle between the malware analyst and PR department in their race against the time.
Update challenge number 4
The updates are created by malware analysts. It is logical to declare a detection pattern to be OK if it generates no error on a given test set. The quality of the test set is the main bottleneck here. If the test set is small you can approve and release a pattern in short time. If the test set is too big you will need more time while customers demand a pattern now. In the choice between speed and quality we need to meet in between.
Update challenge number 5
Many vendors are jumping on the cloud wagon. In this case you would be lost in space since the faulty pattern kills you network connection. In the best case the vendor would be able to react a bit faster to a false positive using cloud technology, but then again the connection is already to be lost. It would be much better to have a vendor invest in avoiding false positives.
Vendor challenge
I challenge the antimalware vendors to build a global application cloud. This would be the ideal test set shared, maintained and built by all vendors. We would all benefit, getting better products and protection with less false positives. As a consumer I do not want my actual protection to depend on cloud technology. I hate to have the internet availability as bottleneck. Use your Marketing Buzzword Cloud Technology for the application cloud so that we can all benefit. |
|
|
|
|
|
|
Page 1 of 6 |
