Some time ago I’ve read two blogposts from security vendors: The Oldest Un-Patched Microsoft Vulnerability from the ESET blog (makers of NOD32) and Consumers deserve less intrusive products from the McAfee Security Insights blog. Both of them were complaining:
- On the ESET blog Randy Abrams was complaining that autorun is a vulnerability. I would ask him this: what is wrong with trying to make computers easier to use? Having autorun on all the disks might be considered problematic (although it probably is only the result of an engineering over-generalization), but the concept in itself is very valid. Taking the feature away (and possibly replacing it with a prompt “are you sure you want to run program X?”) does nothing in the way of security, it just serves as a scapegoat to blame the user, who “should have known better”.
- On the McAfee blog Madhurima Pawar (luckily I don’t have to pronounce that name :-)) complains that security products display too many prompts. While some of the examples mentioned are valid, but the age old wisdom is: security or convenience – pick one (BTW, my comment saying exactly this got mysteriously moderated away).
Picture taken from kaibara87's photostream with permission.