The SmartSwipe Online Security, Shopping and Technology Blog

I’m less irked, but still irked nonetheless.

I’m talking about the frequent guarantees, usually in the form of snazzy-looking icons, that are plastered all over online shopping and banking websites. Things like “Guaranteed 100% Secure Transaction” , “Safe Shopping Guarantee”, and “Checked to be Hacker-Proof”. All wonderful little techniques designed to instill confidence in the online shopping process that the site is secure and it’s safe to shop or bank there. The problem is that they cannot make such a guarantee.

Being a security guy, I’m quite cautious about my internet usage.  I always run anti-virus software.  I never open email attachments or links.  I’ve got a keen eye for spotting scams and malicious software.  I never download anything off the net without running a comprehensive anti-virus scan on the file before touching it.  I always do my security patching, and I stay away from questionable websites.  I arrogantly assumed that I wasn’t the guy that would get infected with malware.  That happens to people with less expertise; with less training; with less diligence.  Boy did I get a rude awakening.

Well, the other day, I navigated to a perfectly legitimate website that, as I found out later, was hijacked.  I navigated to the site, and only a few seconds later noticed my hard drive was spinning with activity, which I found strange.  I hadn’t downloaded anything.  I hadn’t clicked on anything to cause such activity.  But something was happening, and I knew it wasn’t good.  A couple of seconds later, my fears were confirmed:  my anti-virus software popped up saying that it had detected a virus.  The problem is, it was too late. 

Yesterday I blogged about fake security products and scareware.  Today, I’m taking it a step futher and throwing down the gauntlet against useless security products.

As part of our competitive intelligence, we often stumble on to security products that claim to be designed to protect the home consumer from a variety of security problems.  I’m not talking about anti-virus software or security suites, which serve valid purposes and for which I have all the respect for in the world.  I’m talking about the gadgets and add-ons people can buy online or in their local stores that promise “security for online shopping” or “security for online banking” while providing nothing of the sort.  Well, I shouldn’t say “nothing” – they do provide protection against a very small subset of the attacks that are out there, but these attacks are typically quite rare, and these products are often quite vulnerable to all sorts of other attacks, many of which are far more common.  It’s like buying a fence where the boards are spaced too far apart.  They may keep out the tigers, but they won’t keep out the dogs.  And what are more common, dogs or tigers?  Personally, I’d rather have a fence that kept out dogs than tigers, because the chances of me running into a tiger are pretty slim.  And if the fence is marketed as a “fence that keeps out wildlife”, that’s when I have to take a stand.

Yesterday's post referred to an article that contained an interesting quote: "The sheer magnitude of the issue of data security has rendered antivirus programs obsolete and ineffective. As such, no single technology can successfully serve to safeguard the network from the multi-dimensional nature of the menace of cyber crime."

Anti-virus software ineffective? Isn't that a little bold? Well, believe it or not, it might actually be true.

I’m irked.  More than irked.  I think it’s downright evil.

I’m talking about security products that aren’t real security products.  They serve no real purpose but to defraud people from hard-earned money.  You may have heard about spyware, you may even have heard about malware, but chances are, you haven’t heard much about scareware.

Today Frost and Sullivan released a report on endpoint security that is precisely in line with what NetSecure has been preaching for a long time: the most significant issue in security today isn’t the firewall or network –it’s the endpoint. Despite the significant investment in security infrastructure at most corporations, breaches occur with shocking frequency, largely due to the gigantic security hole at the end user’s computer. In layman’s terms, companies are spending big bucks on securing their network and data, and almost nothing to secure their end users and customers. They’ve invested heavily in ensuring their doors are locked, but aren’t taking the time to make sure their employees and customers are taking care of the keys.

Cyber criminals know this; they’ve stopped trying to break through the door. They’re coming after you to get the keys. And they’ve gotten very, very good at it.