funsec mailing list archives
Re: ? - I don't know where to send this one, so I'm sending i t here...
From: Drsolly <drsollyp () drsolly com>
Date: Thu, 3 Nov 2005 12:33:29 +0000 (GMT)
Because Willy Wonka never *did* figure out how to sell somebody a second Ever-Lasting Gobstopper.Of course I know that, but you are absolutely correct to focus on the _suppliers'_ needs. The supplier wants an income stream. Long ago MS realized that the way to achieve the best income stream was to regularly update the software. The contemporary anti-virus (and then "anti-Trojan and now anti-spyware) industry recognized it could achieve this even better than MS with an enduring avalanche of VERY regular updates. Of course, why this has NEVER changed through force of pressure from intelligent, informed, diligent system admins at large corporate and government clients is actually the important question. The answer is, in short, there are actually incredibly few intelligent, informed and diligent sys-admins able to (or at least willing to try to) wield any useful amount of economic pressure. The reasons for that are multitudinous, with some intelligent, informed and diligent sys-admins being ham-strung by ludicrous policies and other entirely internally developed and enforced (within their employing organizations) mechanisms, but it's not entirely incorrect to say that a large part of the problem is that there are actually very few intelligent and informed sys-admins, due to the dominant IT culture being one of "it's right if it works" rather than one of "make this work right". The latter means businessmen like Dr Solly get rich supporting the "need" of others to keep their systems stupid and ill-run...
This sounds a bit like "People don't know what's best for them, but I do!". The fact is, these corporate users had a wide choice of AV systems, including systems that controlled what software users could run. For you to tell these intelligent and well-informed people that you know better than they do, what is the best way to deal with the virus issue, makes me concerned that you might not have fully appreciated the problem that they were trying to solve. And perhaps those programmers like Dr Solly who had a better understanding of the problem, got rich because they understood the real wants and needs of these users, and addressed those, as distinct from writing software that they didn't want. Certainly when I was in the AV field, a signature-based scanner was the most cost-effective way of using a bunch of computers in a world that included viruses. That was true, because it took months, even years, for malware to spread. Today is different - malware spreads in hours, or even minutes. However, I note that despite the huge difference in the nature of the problem, no "forbidden unless permitted" system has captured any substantial market share. This makes me think that, quite possibly, the signature-based scanner is still the optimum solution for the problem that corporates actually face (as distinct from the one that some journalists think that they face).
Of course, SOHO is an entirely different kettle of fish, with "stupid and ill-run" being a given and requiring a different approach. In fact, current AV practices probably are the best approach for such users, but that is no reason to adopt it or even _allow_ it in properly designed and run corporate IT systems...
Not as different as you might think. I remember talking to one major bank, and I was opining that because their systems were run by systems admins, they could assume a considerable degree of knowledge. They fell about laughing - most of their "system admins" were accountants, bankers and secretarial staff who had "system admin" added to their job description at the same time as someone plonked a server down in their branch office. To put it bluntly, I think you're overestimating the technical capability of users. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: ? - I don't know where to send this one, so I'm sending i t here... Fergie (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Blue Boar (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Nick FitzGerald (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Valdis . Kletnieks (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Nick FitzGerald (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Drsolly (Nov 03)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Blue Boar (Nov 03)
- RE: ? - I don't know where to send this one, so I'm sendingi t here... Larry Seltzer (Nov 03)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Nick FitzGerald (Nov 03)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Valdis . Kletnieks (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Nick FitzGerald (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Drsolly (Nov 03)
- <Possible follow-ups>
- Re: ? - I don't know where to send this one, so I'm sending i t here... Fergie (Nov 02)
- Re: ? - I don't know where to send this one, so I'm sending i t here... Gadi Evron (Nov 02)