Silicon Shecky

Years ago I use to think McAfee was a good Anti-Virus program. Then they got bloated. Now McAfee is becoming chicken little.

You can see the reports regularly. New exploit in this, new trojan here, new zero-day exploit, and on. The world of securing your information and your identity, either individual or corporate, is a complex and never ending battle. Nothing is going to be 100% secure. you know it, I know it and the bad guys know it. Its a matter of mitigation. The smaller area of attack we give the bad guys, the more chance that they will pass us up for an easier target.

It becomes more complex every year. New devices come out, connectivity becomes better, people become more greedy. In fact the more complex things get, the easier it is to break into them with simplicity. You may ask how is that the case. Simply put you just showed how. We tend to gloss over the simple items for the more complex ones, including bugs and holes. That is a discussion to have another time though.

Right now, in the security field, McAfee has been making a lot of headlines lately. From a RAT Report that other companies are calling “shady” to the latest report from them about cars becoming the next hacking target, McAfee keeps getting their name out there. The problems with these reports is their are either obvious or disputed. That McAfee look more like an attention hound than anything else.

This grab for attention comes on the heels of a decade of McAfee putting out worse and worse products. Suites that are so bloated that you machine drags to a crawl during start up. Anti-Malware products that let too much Malware through. Software that is difficult to remove from a system should you prefer to go with one of their competitors. How the mighty have fallen.

Most companies in the consumer security field, especially those that make Anti-Malware software, can run into these same pitfalls as the become more popular. Norton has, although they are slowly turning things around, they still have a long way to go. Kaspersky is doing its best not to fall down that path, but it does seem to be getting more resource intensive. AVG, well they put out a decent product but we are about due for another bad patch that messes machines up. None of them are perfect, but some are better than others, and McAfee has been considered part of the bottom of the heap for a while now.

So McAfee throws up a smokescreen. Instead of improving their product, they try to show that they know more. Sorry but knowledge of what is happening, and the ability to translate that into a decent working product do not have to be equal. In fact, McAfee has shown me that you can have the knowledge without the product. Then again, McAfee lately has been more like Chicken Little. Just remember, the sky isn’t falling, things are just progressing. We as the ones in the field need to keep our wits about us and it will all be fine.

We all know that Mac fanatics claim how secure Mac OSX is. Is it really that secure though?

The last couple of months have not bee kind to OSX. The Mac operating system has seen its first round of widespread malware. Apple has been busy playing whack-a-mole trying to stop it. The Mac fanbois have been denying it. Apple is still more secure they claim. If this is true, then how did Apple top the Stack of Shame this week?

The reality of the situation is that Apple is entering uncharted territory for OSX. Not only does it have enough percentage of the market to make it a more viable target for the underground Internet, but it doesn’t have a true plan in dealing with such issues. This was shown by Apple’s response to the MacDefender malware. The denials, the bad press, and finally a solution that keeps getting circumvented. Yes, overall the amount of people infected might be small beans, but it is a larger outbreak than ever before, plus it shows that it can be done.

The next question comes in with these 26 vulnerabilities, how quickly will they be patched? That is the key to preventing exploitation of said holes. Is Apple ready to do monthly patches, weekly patches, out of band patches? How will they respond to all of this?

No Operation system is 100% secure. There is too much code, too many different vectors to attack from, and there is always the end user who is the biggest threat to security. Apple response to the OSX security issues should enlighten us to the iOS plans for security issues. No, there aren’t many now, but there will be.

With all the hacks going on out on the net today, patching your machines is more critical than ever.

Microsoft is releasing 16 Patches, 9 of which Microsoft deems critical. Patches include Windows, Office, and .Net, and all attempt to address RCE attacks.

Oracle has also released a major patch for Java in the past few days which addresses a number of security vulnerabilities. Adobe has patches out recently for Flash, Apple is playing whack-a-mole with malware, and basically there is a lot of patching to do.

Don’t forget though, with all these patches, to test them before deploying them. It doesn’t happen very often, but some patches can break your software.