RE: Quote of the Day: Bruce Schneier

["David Harley" <david.a.harley () gmail com>]

> What, you saying that old school social engineering *isn't* a 
> major factor in Storm's spread?  

No. I'm saying that the social engineering is much the same as we were
seeing in mass mailer 5-10 years ago. I'm not dismissing it as a factor: I'm
saying that it's not what makes Storm unique, if it is unique. (Not getting
into that argument.) If Schneier thinks it is, he hasn't been paying
attention.

> Or that AV is doing an 
> incredible job at stopping these things before they infect 
> more machines? 

Don't be silly. AV is doing a moderate job of detecting some variants
heuristically. What it isn't doing is still struggling to detect Storm as it
was a year ago, which is the impression that Schneier gives. "Storm has been
around for almost a year, and the antivirus companies are pretty much
powerless to do anything about it."

Newsflash: AV can't stop malware authors creating new variants and repacks,
or eradicate social engineering. In fact, it's not The Answer. But while
Schneier describes the some of the problem accurately, he doesn't provide an
alternative to AV except counterworms and re-engineering Windows, which he
obviously doesn't believe in, then starts panicking about Storm Phase II. 

I'd go so far as to say you're taking this more seriously because it's
Schneier rather than the Register. But the fact that he's often right about
the broad principles doesn't mean he doesn't sometimes miss the point,
disappointing though I invariably find it when he does.

-- 
David Harley
http://www.smallblue-greenworld.co.uk  


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.