Written by Gordon Fecyk, 4/27/2008
What follows is a short clip of Robert Lemos' recent dire warning about Microsoft's automatic updates system, with a simple search and replace of "Microsoft" for "Symantec." Now you tell me: Who should I be more afraid of?
A GROUP OF FOUR COMPUTER SCIENTISTS urged Symantec to redesign the way it distributes patches, after they created a technique that automatically produces attack code by comparing the vulnerable and repaired versions of a program.
The technique, which the researchers refer to as automatic patch-based exploit generation (APEG), can create attack code for most major types of vulnerabilities in minutes by automating the analysis of a patch designed to fix the flaws, the researchers stated in a paper released last week. If Symantec does not change the way its patches are distributed to customers, attackers could create a system to attack the flaws in unpatched systems minutes after an update is released by the software giant, said David Brumley, a PhD candidate in computer science at Carnegie Mellon University.
When Symantec releases a patch, what they are saying -- from a security standpoint -- is, 'Here is an exploit.'
Securityfocus is "Symantec's online magazine." They make money when Symantec makes money. And Symantec makes money by selling computer security products. Yes, I know, these products fail to do their job. But that doesn't matter, because they do sell. Average users are so afraid of malware that they'll do anything for a perceived sense of security, including buying after-the-fact products like Symantec's.
Symantec has a vested interest in fear. They paid Google for keyword hits during the sulfnbk.exe hysteria in 2001 to direct panicky users to them. They pay Securityfocus today for the same reason. And Securityfocus nitpicks Microsoft because they "own" the largest part of the computer industry's market. It's just easier to target your fear campaign that way.
You can perform a 'mad libs' game on his article and scare anyone, not just Microsoft fanboys. You can scare Apple's users. You can scare Ubuntu Linux's users. You can scare Red Hat Software's users. You can even scare Symantec's users. Just take Lemos' article, paste it into Notepad, and perform a search and replace of 'Microsoft' for your (least?) favourite firm.
Recently Edited Categories:
All trademarks are property of their respective owners.