Archive for May 22nd, 2008

I wonder why some people is so much shocked by what Cisco's Chief Security Officer John Stewart publicly stated two days ago:

If patching and antivirus is where I spend my money, and I'm still getting infected and I still have to clean up computers and I still need to reload them and still have to recover the user's data and I still have to reinstall it, the entire cost equation of that is a waste.

It's completely wasted money.

I'm sick of blacklisted stuff. I've got to go for whitelisted stuff — I know what that is because I put it there.

Needless to say, antivirus vendors are violently shaking their heads, and Cisco is not exactly super-partes, since it partially competes on the same enterprise security budgets. Also, I wouldn't go so far as saying that you shouldn't be patching your buggy software, or that a free antivirus scanner can't help preventing your mum from getting caught by opening that apparently innocuous PDF attachment, or that the new Firefox 3 anti-malware features are not be greeted as godsend...

But this pretty logical if not just obvious concept is not new at all, even if kept in the dark as a dirty secret -- maybe because you can't build a long-term subcription-based business model around it?
And you can't tell I'm a last-minute convert :)

Bad Behavior has blocked 924 access attempts in the last 7 days.