Your missing the point completely. It has nothing to do with AV telling you where you are vulnerable.
It has everything to do with these solutions being marked to IT people as actually having the capability to prevent attacks against your systems. Most people these days are not simply buying the latest AV because it will protect them against executables that signatures exist for. People are buyin these new security suites because they are suppose to protect you from the attacks we all read about day in and day out. And the fact of the matter is that most of these suites do not merely miss a thing here or there but simply DO NOT DO ANYTHING in the way of preventing real world attacks. And if everyone is paying attention they will also have noticed that an increasing number of vulnerabilities are surfacing before a vendor has had a chance to create a patch and therefore patch management is useless in that sense. Security software vendors continue to release garbage that offers little in terms of real world protection for the exact reasons of responses like yours. I am not trying to be overly harsh but instead I am passionate and hate seeing time after time IT people being way off the mark in their understanding of these issues. Just as it was sad to see so many IT people screwed over into believing they had to buy anti-virus and anti-spyware even though the detection technology underneath is the same. Yet another sham and to many people, just as they do with Microsoft security, chalks it up to being the way things are. Let me put it another way in the form of a question... I can take anyone of the major security suites that exists right now and use 2+ year old, or 2+ week old vulnerabilities to compromise systems running the suites. Do you think that is right or that is snake oil? I don't think Secunia was cut out to ask or answer that question, however the problem remains. -Marc > -----Original Message----- > From: David Lum [mailto:[EMAIL PROTECTED] > Sent: Monday, October 20, 2008 8:35 AM > To: NT System Admin Issues > Subject: RE: exploit tests on security suites > > Their point? Yeah, patch :-). > > It also says don't be so ignorant to think your AV will tell you where > you're vulnerable, no different than expecting your patch management to > tell you when you've got a virus. Until someone packages patch > management with AV/Malware and probably even some kind of data > encryption there won't be a single app to handle "endpoint security". > David Lum // SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 // (Cell) 503.267.9764 > > > -----Original Message----- > From: Marc Maiffret [mailto:[EMAIL PROTECTED] > Sent: Saturday, October 18, 2008 3:25 PM > To: NT System Admin Issues > Subject: RE: exploit tests on security suites > > Secunia does sound like they could have done their testing better. > However, > they are trying to highlight something that is indeed a real problem > for > most every security suite, AV or otherwise. > > The fact is that the majority of the solutions people are using from > McAfee > to NOD32 (VIPRE maybe although I have not played with it yet) do > absolutely > nothing in the way of preventing systems from being compromised through > the > use of exploits that leveraging software vulnerabilities. > > All of these security suites are just better versions of each other in > terms > of trying to have better ways to more generically detect files that > appear > to be malicious. That however is not even nearly close to a complete > defense > against the attacks that organizations face today. > > Even suites such as McAfee and CSA that have added some level of > vulnerability prevention simply fail to prevent anything. > > Secunia might have done their testing wrong, but their point is real > and > accurate. > > -Marc Maiffret > > > -----Original Message----- > > From: Stu Sjouwerman [mailto:[EMAIL PROTECTED] > > Sent: Thursday, October 16, 2008 1:08 PM > > To: NT System Admin Issues > > Subject: RE: exploit tests on security suites > > > > Alex has some good observations in his Blog: > > http://sunbeltblog.blogspot.com/2008/10/another-useless-test-grabs- > <http://sunbeltblog.blogspot.com/2008/10/another-useless-test-grabs-> > > headlines.html > > > > Warm regards, > > > > Stu > > > > ________________________________ > > > > From: René de Haas [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, October 15, 2008 12:11 PM > > To: NT System Admin Issues > > Subject: exploit tests on security suites > > > > > > > > Results are a little disappointing . > > > > > http://computerworld.com/action/article.do?command=viewArticleBasic&art > <http://computerworld.com/action/article.do?command=viewArticleBasic&ar > t> > > icleId=9117042&intsrc=hm_list > > > > > > > > ________________________________ > > > > *** > > The information in this e-mail is confidential and intended solely > for > > the individual or entity to whom it is addressed. If you have > received > > this e-mail in error please notify the sender by return e-mail delete > > this e-mail and refrain from any disclosure or action based on the > > information. > > *** > > > > > > > > > > > > > > > > > > > > > > . > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
