QUOTE
March 31st, 2009
McAfee fails the Conficker test
Posted by Ed Bott @ 8:55 am
The hysteria over the Conficker worm is reaching a fever pitch, with mainstream media doing their bit to whip Windows users into an unjustified panic over something that will affect a tiny fraction of the user community, made up almost entirely of people who were too stupid or negligent to apply a Windows patch issued nearly six months ago.
Ironically, many security professionals are in the amusing position of having to tamp down the hysteria. See, for example:
Please, the world is NOT ending on April 1 (Sunbelt Software)
Watch out for the Honda Accords (ESET)
Conficker April Fools Hype (SecureWorks)
The trouble with virus scares is that they do a wonderful job of driving people directly into the arms of rogue security vendors (thank you, F-Secure). What makes this phenomenon even worse is when one of the largest security companies in the world creates a website filled with sloppy mistakes that make it look exactly like a rogue vendor.
Yes, I’m talking about you, McAfee. Let’s go through the list.
For starters, McAfee’s W32/Conficker.worm information page is hosted at a very strange URL: http://vil.nai.com/vil/content/v_153464.htm. Now, an old-timer like me will remember that McAfee Inc. used to be Network Associates, Inc. (NAI) until about five years ago. So I didn’t find that nai.com domain too alarming. But a casual computer user certainly won’t know that obscure bit of corporate history, and the McAfee logo and name are splashed all over that page, even though the domain name is completely unrelated. You know, like rogue security sites do.
More to read:
http://blogs.zdnet.com/Bott/?p=778
McAfee fails the Conficker test
Posted by Ed Bott @ 8:55 am
The hysteria over the Conficker worm is reaching a fever pitch, with mainstream media doing their bit to whip Windows users into an unjustified panic over something that will affect a tiny fraction of the user community, made up almost entirely of people who were too stupid or negligent to apply a Windows patch issued nearly six months ago.
Ironically, many security professionals are in the amusing position of having to tamp down the hysteria. See, for example:
Please, the world is NOT ending on April 1 (Sunbelt Software)
Watch out for the Honda Accords (ESET)
Conficker April Fools Hype (SecureWorks)
The trouble with virus scares is that they do a wonderful job of driving people directly into the arms of rogue security vendors (thank you, F-Secure). What makes this phenomenon even worse is when one of the largest security companies in the world creates a website filled with sloppy mistakes that make it look exactly like a rogue vendor.
Yes, I’m talking about you, McAfee. Let’s go through the list.
For starters, McAfee’s W32/Conficker.worm information page is hosted at a very strange URL: http://vil.nai.com/vil/content/v_153464.htm. Now, an old-timer like me will remember that McAfee Inc. used to be Network Associates, Inc. (NAI) until about five years ago. So I didn’t find that nai.com domain too alarming. But a casual computer user certainly won’t know that obscure bit of corporate history, and the McAfee logo and name are splashed all over that page, even though the domain name is completely unrelated. You know, like rogue security sites do.
More to read:
http://blogs.zdnet.com/Bott/?p=778