In the security hot seat - Interview with Tim Mather

[whatthe]

http://news.com.com/In+the+security+...l?tag=nefd.top

[nihil]

Hmmmmmmmmmm,

We have our National elections coming up shortly, so I suppose I am in hyper cynical mode

/ me thinks: "He eats too high off the hog.............someone wrote it for him"

c'mon, at his level you are not responsible...........you delegate, then spend your life playing office politics...............or are things so much different in the US than over here?

Don't get me wrong, the article in itself is interesting because you can be sure that it is Symantec's "corporate take" on things.

[Tiger Shark]

Zero-day attacks seem to be getting nearer to becoming a reality. How should we address this?

*COUGH*.... Bullshit question.... utterly ridiculous and uninformed(?) answer...

Mather: Oh, that's very real. And it's not just the fact that an attack is out, and there isn't a patch for it. It's the fact that the exploit already exists, and nobody knows the vulnerability was there. If you look at the threat lifecycle here, there are two time lags. First, the time when a vulnerability is discovered and a patch made available. Second, the time the vulnerability is discovered--which may not be the same as the time it's announced publicly--to when the exploit is available. And this is the one that is shrinking. A zero-day exploit is the exploit arrives before the vulnerability is even announced. It used to be that the patch beat the exploit. The time difference between the two has shrunk substantially. And now in many cases, you're lucky if the patch actually beats the exploit, let alone the time it takes to apply the patch which, in an enterprise, can be considerable.

There are numerous examples of "zero days" out there throughout the history of remote attacks. At least he know the definition.... The question was a rubbish question and he should have "hit it out of the park". As it was his best response was weak at best... and he's the CSO of Symantec.... I hope his security skills exceed his communication skills...

There were other "softballs" thrown at him to and he _could_ have been a much better interviewee... But he isn't... Frankly, I'm unimpressed by him as a corporate figurehead.... I really hope he is better than he comes across.... But then again I lost a lot of faith in Symantec's bloatware a long time ago....

[nihil]

Hey Tiger~

I never came across a senior executive giving a magazine interview without seeing all the questions up front?

[Tiger Shark]

... and that was the best he could do.....

I'm sorry, (no I'm not), Symantec _used_ to be a good product.... No longer....

[XTC46]

Ive said it before, and Ill say it again.

Symantec is to anti-virus what AOL is to the internet.

It is a huge name that too many people think is the end all, when in fact it is substandard and bloatware.

[Tiger Shark]

Ahhh... It _used_ to be pretty good....

I remember back in 1991 or 1992... Yes, I'm reminiscing...

Stoned, (the virus), was on the receptionist's computer... It was broken, but it was there in the boot sector and showed itself. I decided to go and buy the only publicly availabe, (without those high speed dial ups to BBS's we had back then), anti-virus solution in the local store... Norton AV, (this was just before McAfee who I already knew about but wouldn't have dealt with if he was the only game in town). Now Frisk was out there but at work we had no modems so downloading his AV, (F-Secure it is now... I seem to remember it was different back then), wasn't an option.

Having installed it and run the detection it told me it found "Stoned". So I told it to fix it.... It failed dismally... Looking at the boot sector it was clearly still there and Norton even told me that too... In panic and fear - the receptionist was also the typist that typed all the documents and thus they were at risk on her box because the backup was _huge_ on 5 1/4" floppies I called Norton....

Suffice it to say we were lucky.... The _only_ reason Stoned was broken was exactly the same reason Norton couldn't fix it... It was an NEC drive that had a different sector size than the other common drives and Stoned and Norton relied on the sector size to be "common". The tech talked me through a replacement of the boot sector using Debug and it worked perfectly....

I still use a couple of Symantec products... mainly because they are "mainstream" and if I have to change staff I would expect a new employee to be familiar with their networked products rather than some "proprietary" thing....

They _were_ good... Their growth has caused them to try to create "the be all and end all" of products... In doing so they messed up their product.... Oh well..... Didn't IBM do something similar?

[Amanda]

There are numerous examples of "zero days" out there throughout the history of remote attacks. At least he know the definition.... The question was a rubbish question and he should have "hit it out of the park".

Well look at AO as a fine example of what you've just posted. Truely the only person who seems to be active in the "security field" is Tony. And all we've ever seen from him is his BS articles with his name and photo plastered on it. This is only good in comparison to alot of other stuff that ends up here.

[nihil]

Hey Tiger~,

Somewhere I have NAV 1.0 on a 5.25"................it claims to detect all 760 known viruses

It used to be a good product....................

I also remember using McAfee.............I would get this packet of update floppies once a month from Holland

Ahhhhh................"the old days"