<$BlogRSDUrl$>

arcana imperii :: the book of j

20.6.05

who watches the watchers?

as some of you know i've spent the last few weeks dealing with virii, hijackings and malware in general. there are some important lessons to be learned and it's sometimes hard to see the forest for the trees. it's as much about how to protect one's investments in hardware and software, along with one's data, as where the surf would land one. in any case, brilliant and careful surfing habits can only reduce the risk but does not increase protection.

yet it's quite disheartening when recovery and related tasks become rather unbearable because it's almost impossible to find safe and secure tools to execute all steps required to identify, clean, prevent attacks, intrusions and infections for most security products are themselves riddled with bugs and plagued by vulnerabilities, making them the conduits for professionally designed malware. and one is supposed to PAY for the commercial releases of these products which are, for all practical purposes, still in beta! we test them suffering the consequences and are supposed to pay again for the patched-up upgrades? this is wrong.

the register reports today that in the fifteen-month period between January 2004 and March 2005, security vendors reported seventy-seven separate vulnerabilities and the rate is rising. based on current trends, a study by the Yankee Group reckons the number of vulnerabilities for security products this year will top 2004 levels by as much as 50 per cent.

at the same time one does not want to lock up the box so tight one ends up unable to step beyond once's virtual backyard.

do have a look at these related stories:

witty attacks your firewall and destroys your data
witty worm traced to 'patient zero'
pc-cillin killed my pc
anti-virus vulnerabilities strike again
bitdefender bug bites gfi
red alert over symantec firewall flaw