1) In this post, I discussed how Macs are indeed vulnerable and provided data showing exactly this. I observed:
The vulnerabilities are there, including users that can be tricked into doing things they shouldn’t. Mac attacks happen and will become more prevalent as the OS continues to gain adoption.
And then I see this article saying making exactly the same point:
During an eye-opening presentation at the VB Conference 2009 conference here, Sophos Labs researcher Dmitry Samosseikko provided a glimpse into the “Partnerka,” a Russian network of spam and malware affiliates that have turned their attention to the Mac platform — using social engineering tricks to load fake codecs and scareware programs.
Sorry to disappoint the Mac users. Your OS is vulnerable, there will be exploits and, just like on Windows, the unpatchable vulnerability (in the form of end-users) will be targeted.
2) In this post, I talked about how DRM and DLP aren’t really separate problems. I stated:
Digital Rights Management (DRM – alternatively Information Rights Management [IRM]) and Data Loss Prevention (DLP) are typically thought of as separate problems with different vendors and solutions targeting each. The market may have evolved this way, but that’s not the way it has to be.
Then I see the announcement this week from McAfee and Adobe. It’s absolutely the right direction, although there’s no reason why an integrated solution has to come from separate vendors.
3) Finally, in this post and in this Gartner research document, I talked about the impact of (then-beta) Microsoft Security Essentials. The no-cost antivirus/antispwyare protection package was officially released this week.
Free antivirus and antispyware protection is a good thing. At a minimum, it helps to keep pricing rational for the rest of us, including enterprise users. No one should be paying extra for antispyware in 2009. Demand your Endpoint Protection Platform vendors to deliver more at the same price – just like the rest of IT has gotten for years (Moore’s Law and all).
Why should information security be immune to the trends of commoditization and downward pricing pressure?
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.