Comments on: RSA: Standalone security firms are doomed

Security vendors have been 'too self-righteous and smug,' says RSA president Art Coviello.

[dfpconsult]

Cry Wolf

What he means is: "I had to sell my company to stay afloat, so I don't want any other security companies to succeed either."

[ajbright]

Reactionary

IMHO I think most security firms are far to reactionary.

Their products don't appear to be of any use until AFTER you've been infected, and in many cases, not even then.

With the possible exception of a decent firewall, nearly every anti-malware product on the market hardly leaves you brimming with confidence even if it does detect and remove the problem.

However the chances are you will be presented with the immortal "found threat xyz - action : none"

In other words it was unable to fix the problem, and a system rebuild is you only 100% safe bet.

Now I readily admit that's a touch paranoid, and you really have to be an expert at getting yourself into trouble in order to do this more than once or twice a year - but often even these so-called experts say this is your best course of action when infected with certain brands of spyware or Sony rootkit.

Messing with the Dark Side of the internet may mean downloadable movies, games and music - but nothing is for free. Eventually you will pay, and even if your PC is in a state that data can be recovered - can you honestly say that everything you want to save is free and clear of malware?

Anyhow I reckon that until we have more basic protections in place - such as defaulting to using non-administrative accounts or a correctly configured firewall - the best you can hope for is that the other side of the world got infected first, and by the time whatever malware reaches your corner of the globe, the relevant patch or definition file has been released.

[umbrae]

And this statement is not self-righteous and smug?

Hypocrite!

[jackelshowl]

What Exactly Gives?

I find that using a combination of firewall, and then other virus fighters still "works". I agree
a bit with the first commenter, but I find it is the American firms that seem to tout promotion over real committment to on-going Defense over Profits. of course I realize that's the name of the game, but before being not net savy I purchased some rather inferior products.

Not to be USA Bashing as Symantec is definetely the exception, as they are constantly up-dating threats. They also offer solutions, which I've taken advatage of, one being a viscious Trojan that nobody elso had a grasp on.

I have found shareware, that I still use for ADWARE/SPYWARE that is very effective, much more so than what I could pay for. So what gives?
The same is true for KeyloggerHunters and the like, best to look outside the field/box.

[Too Old For IT]

Need to learn a lesson from the CIA

You can't fly over the fray in your suit and tie with any hope of succeeding in the chaos below.

You absolutely have to put boots on the ground, infiltrate bad organizations, change a regime or two, occasionally assassinate a warlord or two.

Just my 2 cents.

[ghostboy005]

"Need to learn lesson from CIA"

It seems to me the CIA would be the worst organization to dran an example from. The only way to construct true and actual change is through social revolt and revolution. CIA, what a joke.

[Schratboy]

Bigger Security Companies are better?

Gee whiz, with only a handful of security companies around, if the RSA CEO had his way, how do the customers benefit with such huge overhead which is passed along in all their products?

Free market economies are a thousand fold better than what these self-important and over-blown CEOs believe. If bigger was really better, why is our government continuing to cost all the money and deliver nothing? Same goes for the security consolidations. Good for the share holders but the customers end up getting hosed.