A bug in the way Norton Antivirus software uses the ActiveX programming language could cause serious problems for users of Symantec Corp.'s products.
ComputerWorld reported that Symantec patched the bug in two ActiveX controls used by Symantec's client software that could allow an attacker to run unauthorized software on a victim's computer. Security vendor Secunia ApS rates the problem as "highly critical."
Now, I am wondering whether "security" peddlers realise that slapping a piece of software onto a vulnerable operating system in an attempt to protect the system is analogous to trying to put out a fire by pouring scotch onto it. Perhaps they do, but it's just that they also know that arson is a cash cow.
A simple OS without much add-ons can be (and it usually is) a lot more secure than a complicated one that's bloated with all sorts of expensive security software. Basically, the more stuff you add to your OS, the more vulnerable it becomes. Simplicity is one of the key factors in determining whether a system is secure or not.
It is not by chance that *nix OSes are a lot more secure than M$ OSes. *nix OSes got their fundamentals right - M$ OSes didn't. Really, a security add-on to a vulnerable OS will only serve to give a false sense of security, as the root of the problem (a vulnerable OS) isn't addressed.
Related:
"Security" Peddlers
Unpatched Symantec flaw leads to U. of Colorado breach
Persistent zombie attacks target Symantec corporate software
Why Symantec sucks
McAfee and Symantec get vocal about Vista - but do they *really* have our best interests at heart?
1 comment:
Or, to paraphrase Bruce Schneier, in order for a system to be secure, every part of it must be secure first.
I agree. Security is also very hard to achieve, because quite often it stands in stark contrast with convenience. And most computer users "simply" want both.
Post a Comment