Re: Check Point boss snipes at Microsoft's security

[InfoSec News <alerts () infosecnews org>]

Forwarded from: security curmudgeon <jericho (at) attrition.org>

: http://www.techworld.com/security/news/index.cfm?newsID=9058
: 
: By Raphael Fogel
: 
: Check Point's chief executive has taken a swing at rival Microsoft, 
: saying its security products leave a lot to be desired.
: 
: Gil Shwed, also founder of the firewall vendor, made his remarks during 
: a lecture on the global security market, before a group of network 
: security managers at an IDC security conference in Israel.
: 
: "Microsoft has been in the security market for more than ten years. It 
: has firewall, VPN, anti-virus capabilities and disk encryption," Shwed 
: said. "But it doesn't have the leading products in any of them, and 
: apparently, the management and integration levels of its products is 
: unsatisfactory."

Why do security vendors insist on waving their virtual penis like this? 
Check Point, the same vendor with a steady stream of vulnerabilities in 
their enterprise/corporate products since 1998, possibly earlier? The same 
maker of Zone Alarm, their personal firewall that is a "$50-million-a-year 
business" that has had vulnerabilities published since 2000?

: He refrained from mentioning other rivals like Cisco and Juniper. But he 
: did say that security managers at major enterprises don't want to delve 
: into the nuts and bolts of the security systems and components under 
: offer. What they really want is a certificate guaranteeing that the 
: security systems and components meet the regulations.
: 
: They want to know their systems will be safe. They care less how that's 
: achieved.

Meeting regulations and 'being safe' are NOT mutually inclusive.

Check Point Connectra NGX sre/params.php ICS Security Bypass                            Jan 25, 2007    
Check Point VPN/Firewall Traversal Arbitrary File Access                                Jul 24, 2006    
Check Point VPN-1 SecureClient SR_Watchdog.exe Path Subversion Privilege Escalation     Jan 17, 2006    
Check Point Firewall-1 Internal Certificate Authority (ICA) Information Disclosure      Jan 1, 2006     
Check Point VPN-1 SecureClient Security Policy Bypass                                   Dec 7, 2005     
Check Point NGX R60 CIFS Rule Packet Verification Failure                               Sep 7, 2005     
Check Point VPN-1 SecuRemote/SecureClient Registry Information Disclosure               Jul 20, 2005    
[..]

ZoneAlarm Pro vsdatant Driver Local DoS                                                         May 1, 2007     
ZoneAlarm Spyware Removal Engine (SRE) srescan.sys IOCTL Handling Local Privilege Escalation    Apr 20, 2007    
ZoneAlarm vsdatant.sys Hooked SSDT Function Local Privilege Escalation                          Apr 15, 2007    
ZoneAlarm VETFDDNT\Enum Registry Key Multiple Function DoS                                      Jul 1, 2006     
ZoneAlarm Security Suite VSMON.exe Path Subversion Local Privilege Escalation                   Mar 8, 2006     
ZoneAlarm ShowHTMLDialog() Outbound Filter Bypass                                               Nov 8, 2005     
ZoneAlarm Pro DDE-IPC Method Ruleset Bypass                                                     Sep 29, 2005    
ZoneAlarm Vet Anti-Virus Engine Remote Overflow                                                 May 23, 2005    
ZoneAlarm vsdatant.sys NtConnectPort() Hook Invalid Pointer Dereference Remote DoS              Feb 11, 2005    
[..]


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com