Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

anonymized

From: "Mike Bailey" <mike.bailey () sunbladesecurity com>
Date: Fri, 27 Aug 2004 11:54:40 -0400
 
Just playing devils advocate here,

I don't think we should fault these guys 100%, They are trying something at
least. Do some have too big an ego? Most certainly, but anytime you try to
grow a business on a large scale you have to have business people and they
rely on marketing like this. It's a painful fact but marketing companies are
really just civilian PSYOPS battalions wearing cute little outfits and
making pretty little advertising copy.   Government contractors have the
same people only they pay people to scour for and write convincing contract
proposals to the Gov instead of pretty ads in magazines.  

If I could write a HIPS software and get it deployed tactically ala JWICS
and JDISS where I didn't have to worry about getting attacked from the
internet or anywhere else our execs would certainly want to market that as
our software being used to protect troops and the nation with comments like
it never being broken in X years of production whether I the developer
intended it to be presented that way or not.  

There should be a consumer reports division for security technology. I'm
sounding too much like I'm defending people I don't like anyway so I'll shut
up now.



To reiterate what Rodney said, just because companies like iDefense 
and Fatelabs have government contracts doesn't make them a viable 
security company. All too often, it ends up being more hype than 
product especially when the marketing team starts saying they have a 
government contract [ most likely with the Department of Education ] 
but because of an NDA they can't say who it is. Also for those of us 
out there who have ever audited a government network, lets remember 
that in most cases the network is wide open otherwise how would have 
people like Marc "I'm gonna roll you motherf*cker"
Maiffret or Chris "I cat manpages into a book for OReilly"
McNab got their start into this lucrative security business.

But putting flames aside, I'm highly critical of "black box" 
or closed source technologies that provide security. If they really 
want to get some recognition, they should at the very least explain 
some of the technical underpinnings of the tool because for all we 
know it could be Windows port of Grsecurity PRODUCT or PaX. Just my 
two cents.

Cheers

--------------------------------------------------------------
--------------------------------------------

At 04:00 PM 8/26/2004 -0600, Bradley, Terry (CONTR) wrote:

Anyone have any experience with this product?  The article makes it 
sound like the best thing since Microsoft(r) Bob(tm)...

http://www.fcw.com/fcw/articles/2004/0816/news-agencies-08-16-04.asp


The web site makes it sound like a Host IDS that's better, stronger, 
and faster due to being built by some military-industrial complext 
type folks who don't appear to have any experience building Host IDS'

It's not on my Host IDS list (and I'm on the product review team for 
Network World that reviews such things) so I have strong urges to make 
some Dave-esque comment like "they can't have clue, they're not in my 
office doorway asking me to review their product" but in reality 
that's too harsh for civilized company.

I don't care what street addresses in the District of Columbia uses 
their product.  Prove to me it stops - and logs
- everything Canvas can throw at a target it's allegedly defending and 
I'll start considering it to be for real.

There are a lot of Host IDS products out there.  Some of them are 
complete crap.  Some of them "fail to suck" sufficiently to use.  This 
one ain't on the radar so I don't know what category it fits in.

Those of us working in the private sector find it quite tedious to 
have a vendor hopping up and down in our faces claiming their stuff 
must be good because they conned someone into letting them suck at the 
government teat which has "Department of Homeland Security"
tattoed on it.  Without meaning any disrespect to the fine folks who 
drive them for a living, I don't give a DAMN if the thing runs on a 
Hum-Vee - show me a normal computer running the stuff.


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave



_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: