Most Security Products Fail To Perform 99
An anonymous reader writes "Nearly 80 percent of security products fail to perform as intended when first tested and generally require two or more cycles of testing before achieving certification, according to a new ICSA Labs report that details lessons gleaned from testing thousands of security products over 20 years. Across seven product categories core product functionality accounted for 78 percent of initial test failures. For example, an anti-virus product failing to prevent infection and for firewalls or an IPS product not filtering malicious traffic. Rounding out the top three is the startling finding that 44 percent of security products had inherent security problems. Security testing issues range from vulnerabilities that compromise the confidentiality or integrity of the system to random behavior that affects product availability."
Re:Two things cause security problems. (Score:3, Informative)
If your office door has a physical lock on it, a postit note isn't insecure
And the cleaner, being paid minimum wage, won't be tempted to make a couple of years' salary selling the password to an unscrupulous competitor? Depends on your market and how well you vet your staff...
I'd like to know why there's the "change your password monthy" rule?
Cargo cultism. This one actually used to make sense, but was copied by people who didn't understand it. Passwords are stored encrypted. To reduce CPU load, they used to use very simple hashing / encryption algorithms. A month was about as long as you could guarantee that a copied password file would remain secure. This hasn't been the case for several decades, however (and on Windows systems it takes about ten minutes to decrypt the passwords, because they are (were?) stored in a very silly way).
Re:This just in! (Score:3, Informative)
Let's now imagine your competition builds and sells defective cars for half your costs
So if that would work, why hasn't anyone done it? The answer is simple -- car buyers are smarter than people who buy software. Also, it's a lot easier to patch a program than to recall a defective car.
And cars have warrantees. I'd like to see warrantees on software.
Also, see the AC who responded to your comment, he said a few things I was going to.
Re:This just in! (Score:1, Informative)
I think we're all missing something in the article summary:
when ***FIRST TESTED***
Read the rest of that sentence, too. "Two or more cycles of testing before achieving certification". That means that it hasn't been released yet.
When was the last time you coded something and it not only compiled the first time out, but worked perfectly? Was it entitled "Hello World"?
Sorry, but this article is not news.