Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Your Opinion

from [Jim Harrison] Network Security [Permanent Link]
Subject: RE: Your Opinion
Date: Fri, 16 Mar 2007 15:55:18 -0700 
Thanx, Mark

One phrase; "consider the source".

The expert participant in this interview is (catch me before I faint) -
Symantec CEO John Thompson.  Symantec and other security vendors have
had more than ample opportunity to get in this game and it wasn't until
Vista hit the Beta track that Symantec folks even started noticing that
their hooks were (re)moved.  It's a potentially questionable process
that uses the same mechanisms as the malware they seek to defend
against.  Yes, I know; "think like a criminal"...

I agree that functional and security patches should be free (and they
are), but software packages to protect Jo(sephin)e User from their
propensity for digital self-abuse should be sold.  You want me to
protect you from your own actions? - pay me.  This is the basis for most
consultant businesses.  The argument that the OS vender shouldn't "get
into the security game" is self-serving at best (remember the source?).
Thanks to recent EU and DoJ decisions, no one can argue that "they don't
have access to the same information as MS teams".  This is freely
available on MSDN and if you want protocol specifics, to anyone willing
to sign a licensing agreement with MS.

IMHO, he's just plain wrong and is only making "they're being
meanie-poo-poo-heads" noises.

Jim

-----Original Message-----
From: Mark Litchfield [mailto:Mark@ngssoftware.com] 
Sent: Friday, March 16, 2007 11:49 AM
To: bugtraq@securityfocus.com; vulnwatch@vulnwatch.org;
full-disclosure@lists.netsys.com
Subject: Your Opinion

I have heard the comment "It's a huge conflict of interest" for one
company 
to provide both an operating platform and a security platform" made by
John 
Thompson (CEO Symantec) many times from many different people.  See
article 
below.

http://www2.csoonline.com/blog_view.html?CID=32554

In my personal opinion, regardless of the vendor, if they create an OS,
why 
would it be a conflict of interest for them to want to protect their own
OS 
from attack.  One would assume that this is a responsible approach by
the 
vendor, but one could also argue that their OS should be coded securely
in 
the first place.  If this were to happen then the need for the
Symantec's, 
McAfee's of the world would some what diminsh.

Anyway I am just curious as to what other people think.

Thanks in advance

Mark 


All mail to and from this domain is GFI-scanned.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Your Opinion +, Mark Litchfield
Next by Date:  Re: Your Opinion, Casper . Dik
Previous by Thread:  Re: Your Opinion, The Fungi
Next by Thread:  RE: Your Opinion, Alex Eckelberry
Indexes:  [Date] [Thread] [Top] [All Lists]