1) In this post, I discussed how Macs are indeed vulnerable and provided data showing exactly this. I observed:
The vulnerabilities are there, including users that can be tricked into doing things they shouldn’t. Mac attacks happen and will become more prevalent as the OS continues to gain adoption.
And then I see this article saying making exactly the same point:
During an eye-opening presentation at the VB Conference 2009 conference here, Sophos Labs researcher Dmitry Samosseikko provided a glimpse into the “Partnerka,” a Russian network of spam and malware affiliates that have turned their attention to the Mac platform — using social engineering tricks to load fake codecs and scareware programs.
Sorry to disappoint the Mac users. Your OS is vulnerable, there will be exploits and, just like on Windows, the unpatchable vulnerability (in the form of end-users) will be targeted.
2) In this post, I talked about how DRM and DLP aren’t really separate problems. I stated:
Digital Rights Management (DRM – alternatively Information Rights Management [IRM]) and Data Loss Prevention (DLP) are typically thought of as separate problems with different vendors and solutions targeting each. The market may have evolved this way, but that’s not the way it has to be.
Then I see the announcement this week from McAfee and Adobe. It’s absolutely the right direction, although there’s no reason why an integrated solution has to come from separate vendors.
3) Finally, in this post and in this Gartner research document, I talked about the impact of (then-beta) Microsoft Security Essentials. The no-cost antivirus/antispwyare protection package was officially released this week.
Free antivirus and antispyware protection is a good thing. At a minimum, it helps to keep pricing rational for the rest of us, including enterprise users. No one should be paying extra for antispyware in 2009. Demand your Endpoint Protection Platform vendors to deliver more at the same price – just like the rest of IT has gotten for years (Moore’s Law and all).
Why should information security be immune to the trends of commoditization and downward pricing pressure?
Category: Virtualization Security Tags: