I agree, TRUST is extremely important in security. And one of the biggest
factors in trust is the history behind the company. That is why certain
companies (whom I will not name here) I trust about as much as I would trust
Adolph Hitler to watch the welfare of the Jews.
I used to use a TIS, having the source code was a great asset, and YES I DID
READ IT. Heck, going through it I was able to diagnose a problem with
another vendor product. The vendor product assumed that a response would
come back in one packet. Well the TIS broke it into two TCP packets,
perfectly legal, but it broke the vendor product.
-----Original Message-----
From: mouss [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 08, 2000 12:34 PM
To: Ng, Kenneth (US); 'Kathy'; [EMAIL PROTECTED]
Subject: RE: More info on NAI & McAfee website hacked.
This again shows that anti-virus companies cannot be considered security
vendors.
security vendors _know_ they don't just sell a _product_, they also sell
_trust_, and trust is not a set of claims such as "believe me".
no one is gonna ask a vendor how he handles bold fonts in a desktop
soft, nobody needs to see what's happening in a PCMCIA card. But
if one buys a product to secure his site, the main question is how to
make sure the product really secures anything.
many still regret the crystal days of TIS, but open source is sure to take
things back....
cheers,
mouss
At 10:17 07/12/00 -0500, Ng, Kenneth \(US\) wrote:
>As a matter of fact, I have been asking Symantec the same question about
>their anti virus software updates for the past 2 years. Even for one of
the
>security staff at KPMG who would be willing to sign a NDA, they
>catagorically refuse and will only say that "the site is secure, there is
no
>way in". Now I think we know the REAL REASON why they don't want to
>disclose their security, they have none.
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
