Very true article. Knowing than an attack exist doesn't mean you have to isolate yourself in a fortress permanently. the chance for a home user to being hit by those PoC attack are almost nihil. Security forums are also part of this, because members are more aware of those threats and how to fight them so they grease the wheel unconsciously. Most members will rather advertise the use of their favorite products instead of promoting safe habits and careful behaviors. Vendors do business, they need money , they need a reason for customers to buy their products , then enter the FUD and Hype. Look at the baby boom of "next-gen" softs; two years ago nobody would even care , then enter Cylance smartly naming their heuristic engine "Ai" , managed to got millions of dollars funds and suddenly we have spontaneous appearance of dozen of "Ai" products...
That is, without a doubt, one of the best articles I have read in quite a lot of years. Perfectly highlighting the biggest problem in the entire industry.
Always consider the source when considering the relevance of an article. The UK of late has had a dismal record in the malware prevention area. Its schools have been repeatedly hacked by ransomware, its banking system repeatedly targeted and hacked, etc. etc.. So it is quite obvious that they believe preventive security software is unnecessary, isn't it? What the author and many others for that matter don't seem able to comprehend is that the AV security software industry is a vital and necessary source for malware research. A large portion of their operating budgets go into like activities. Without those activities, malware will remain undetected for much longer time frames resulting in substantially greater impact. It is also reasonable to expect any organization to self-promote when such discoveries are made; what commercial organization does not. As far as "fear mongering" goes if stating a new and documented discovery promotes such a reaction, then the author might just want to relocate to Australia, a commonwealth member, and join the ostriches there sinking their heads in the sand.
@itman the topic isn't about questioning AV vendors doing their jobs, but about questioning some vendors spreading FUD and Hype (and even malware for some) to boost their sales. Look at ransomware , don't tell me you need a dedicated apps to block them, but since most people get scared easily by what they don't understand and are willing to spend for such apps , they bloom like mushrooms. Now it is the turn of Ai softs , vendors' new trend..."we made AVs but they are not good enough to protect you, now we have better , we have Next-Gen AVs !!! , 10 times better , just buy it, don't ask questions because it is too complicated for you..." You are also right, it is normal to promote a discovery , but you don't need to say the threat is at our doors and we have to purchase product x to be protected, if not we are doomed.
You also have to love the websites that trumpet from the highest decryptors for Script-Kiddie class ransomware that maybe affects 10 people worldwide. guest- you mean we shouldn't believe the developers and actually question stuff?
Yeah, like developers of this stuff are knights in shining armor, looking out for your PC AT ALL TIMES. Like I said before: it's all about the cash, caveat emptor, etc. Some bad apples are spoiling it for the good guys with this stuff, that's for sure.
If government's want to do something positive in eliminating the malware epidemic, they should concentrate on the source of the problem. Start leveling sizable fines against Microsoft for every security breech attributable to a vulnerability in the Windows operating system. The threat vectors would be eliminated and individuals would no longer need third party security software.
@cruelsister the devs are generally honest, their marketing team, however...so trust no one. I would educate the users instead because even if Windows is 100% safe, people will still run malwares by using cracks and keygen. Malcoders will always find a way to abuse the users or the OS.
Appears to me, Mr. UK Minister is the one that is spreading the FUD. He should concentrate on fixing the "real issues" behind his country's security problems. The UK ranks bottom of the league for the security of its code, according to a new report. Ref.: https://www.infosecurity-magazine.com/news/uk-code-is-least-secure-report/
Yes but isn't this old news, of course a lot of the computer security business is based on FUD, but we can't deny that a lot of companies are not that well secured. So I wouldn't say that most of the security tools are not needed. And I don't blame security companies for trying to make their products look extra sexy, it's all about the money and I don't see this as a problem, as long as their products do deliver the goods. And for people on security forums it's more of a hobby.
Indeed they are needed if someone needs them, all is about the offer and the demand. Yes i see nothing bad about making them sexy but trying to increase the sales by FUDing isn't a proper behavior... but you know business is business...
