Tuesday, April 18, 2006

McAfee misses the target

I've just read Richard Bejtlich comment about today's most noisy new, the McAfee report. I read in bloglines when I was looking for more information on the subject to be able to post a comment here. Well, I think Bejtlich said it all.

The real menace of rootkits wouldn't be clearly understood without the disclosure of what the Sony CD's where doing, and security professionals would be shooting at random without information provided by sites like rootkit.com. I don't feel comfortable with some sorts of vulnerability disclosure (like what happened with WMF and those last in IE), but blaming information like rootkit.com is a bit too hard. I'm discussing some thoughts about ways that trojans can steal money from Internet Banking accounts or even how worms can be more destructive or hard to fight. I don't do that to help people that create them, but to help those that need to avoid them. Rootkit.com is the same thing.

However, there is one thing that we need to think about. There is a lot of research like rootkit.com that is presented in a way that seems to be directed to black hats, to be used in a improper way. Even if this way of presenting results seems to be "cool", it won't help on gaining respect from places like Gartner or IDC. If it's security research, let's try to present it like that. Do you know anybody that does (biological) virus research and present its results saying "0wNeD! KiLlInG QuIcK AnD DiRtY!"????

(Does anybody remember that scene from "The Jury", where Dustin Hoffman shows that the gun industry was using "fingerprint proof" as a sales pitch?)

No comments:

Post a Comment