Subscribe in a reader
Dark Reading's Top 10 IT Security Myths Demystified - Part 4
Submitted by Mike Rothman on Wed, 2006-07-26 06:41.
Home stretch baby. Here is Day 4 of the DR Top 10 IT Security Myths posts. The link to the main article is here.
Myth #7 - Hackers are a Necessary Evil (link here)
Now there are some ethical issues to overcome. If someone spent time as a black hat, many organizations won't work with them on principle. I think they are right. I guess there's that whole forgiveness thing, for those that have repented, but if I am looking at two similarly capable folks - one with a clean background and another...not so much - I'm taking the clean person every day of the week. That minimizes risk, and that's what we do for a living, no?
But again, I think this is a poorly written and communicated myth-buster, so it gets a D.
Myth #8 - Antivirus Software is 100% Effective (link here)
Does anyone still believe that anything is 100% effective at anything? If so, smack them with a 2x4 HARD. There is no silver bullet and nothing is effective all the time. Nothing. But AV is still important. Why? Because it's all about the old adage, "if you don't remember history, you are bound to repeat it." AV signatures represent the history of malware. If we see the same thing again and we know it's bad, shame on us if we can't stop it.
But there are things that kind of just appear. Zero-day has become a horrifically overused moniker, but the reality is that it takes time to generate the signatures. And in that time, some heuristics-based or anomaly-based detection technique to get an idea that something is bad will help. It's all about layers. Gateway AV is one. Desktop AV is another. Other malware defense mechanisms provide additional layers. So, don't count on anything.
This one is pretty close, so it gets a B+
We'll wrap this puppy up tomorrow and take it over the finish line. Till then...
Myth #7 - Hackers are a Necessary Evil (link here)
Just because an attacker can break through security doesn't mean he or she can actually secure it.Clearly hacking and protecting are different skills. If you spend your time protecting systems and assets, understanding how a hacker thinks is a critical skill. But I guess to me the term "hacker" is kind of arbitrary. Most "hackers" nowadays don't try to break into networks, they let the networks (or the people that is) come to them. Phishing, pharming and other new fangled social engineering attacks are the new wave of crime, not "hacking."
Now there are some ethical issues to overcome. If someone spent time as a black hat, many organizations won't work with them on principle. I think they are right. I guess there's that whole forgiveness thing, for those that have repented, but if I am looking at two similarly capable folks - one with a clean background and another...not so much - I'm taking the clean person every day of the week. That minimizes risk, and that's what we do for a living, no?
But again, I think this is a poorly written and communicated myth-buster, so it gets a D.
Myth #8 - Antivirus Software is 100% Effective (link here)
AV tools are effective as a means of stopping known bugs, but attackers now routinely design new exploits to bypass them, experts observe.
Does anyone still believe that anything is 100% effective at anything? If so, smack them with a 2x4 HARD. There is no silver bullet and nothing is effective all the time. Nothing. But AV is still important. Why? Because it's all about the old adage, "if you don't remember history, you are bound to repeat it." AV signatures represent the history of malware. If we see the same thing again and we know it's bad, shame on us if we can't stop it.
But there are things that kind of just appear. Zero-day has become a horrifically overused moniker, but the reality is that it takes time to generate the signatures. And in that time, some heuristics-based or anomaly-based detection technique to get an idea that something is bad will help. It's all about layers. Gateway AV is one. Desktop AV is another. Other malware defense mechanisms provide additional layers. So, don't count on anything.
This one is pretty close, so it gets a B+
We'll wrap this puppy up tomorrow and take it over the finish line. Till then...
Recent comments
1 week 5 days ago
2 weeks 3 days ago
6 weeks 1 day ago
6 weeks 1 day ago
6 weeks 2 days ago
6 weeks 2 days ago
6 weeks 2 days ago
6 weeks 2 days ago
6 weeks 2 days ago
6 weeks 2 days ago