There is a problem that we in the online security game almost never try to fix. I am going to call it the reality gap.
THE SET UP
You see, we attempt to educate you all on how to stay safe and secure online, and reporters always want us to list five easy things you can do to secure your data. As if you were baking a cake or tuning up your car. And we oblige, we tell them about better passwords and antimalware solutions and firewalls and whatever the hot topic of the day might be.
And every time we get that message across, we are damning some of the people who understand the message just fine and do the things that we suggest.
This is not like any situation you have ever dealt with because there are BAD GUYS on the other side of the equation. We tell you to patch things, or to do whatever, and the bad guys change their plans to get around that almost immediately. In some cases, they exploit the security advice to turn it against you (the user) but they always react and shift their attacks.
It’s not that the advice is bad, it just changes very rapidly. Here is rule one for system security:
You will need to change your protection ideas on a regular basis, there is no “solid ground” for you to stand upon. Yesterday’s ideas might actually be toxic.
THE GOOD NEWS
You will get more and newer and better advice all the time. We will do our best to keep you secure and safe.
ANTIVIRUS IS DEAD?
This recent news article got all our attention.The truth is, nobody in the industry (including the company that made the announcement) has made an actual antivirus product for quite a while. Today’s internet security products contain reputation analysis, behavior monitoring, whitelisting and about a dozen other tools. Some prevent intrusion, some detect it, some repair it. It’s about as high tech as anything you put on your computer. And despite all that, we still call it Antivirus because we have established a market segment that you all understand.
By the way, I do work for a security company called F-secure. We are going to discuss the modern paradigm for malware and intrusion fighting, and we are going to do it in detail. This is going to take a while, so bear with me.