uninstall
Surely everyone uninstalls all the dubious vendor software "tools" & assorted crud that comes preinstalled on a PC anyway?
Users ought to upgrade following the discovery of a flaw in Samsung’s software update tool that opens the door to man-in-the-middle attacks. Security shortcomings in Samsung SW Update Tool, which analyses the system drivers of a computer, were discovered by Core Security. Following the discovery of this vulnerability, Core …
"Surely everyone uninstalls all the dubious vendor software "tools" & assorted crud that comes preinstalled on a PC anyway?"
Joe User is not doing that ever ... A high percentage of users I support are not even aware you can launch applications without an icon of app/document being on the desktop.
Last time I tried to update the updater(within the last month), as per their instructions, it failed due to being signed with a 2 year out of date cert.
When I queried this with them, they could give me no timeframe for when they might actually renew their certs, so I am not convinced they take security very seriouly at all.
I am not convinced they take security very seriouly at all.
I don't think any of the mass-market vendors, outside of the security industry itself, take security seriously. Security isn't sexy. Security isn't shiny. People will buy a product that's "50% faster than last generation!" but let's face it, "50% more secure than last generation!" isn't going to pull in the crowds.
The IT industry is at the same stage that the automobile industry was in the 50s and 60s, regarding safety. Despite a few weirdos (step forward Volvo, Bricklin among others) pushing safety as a feature, the other manufacturers preferred to make their engines bigger, and their chrome shinier, instead.
What changed matters in the car world was a combination of growing public awareness, plus regulatory intervention and a few high-profile and grisly accidents.
See the parallels with IT?
Normally I'd be the last person to argue for more government intervention, but I think it's the only way we'll get acceptable standards of designed-in security - for everything from smart thermostats to datacenter clusters.
"People will buy a product that's "50% faster than last generation!" but let's face it, "50% more secure than last generation!" isn't going to pull in the crowds."
Perhaps that's because "50% faster than last generation!" can be a genuine improvement,
while "50% more secure than last generation!" means it's still shot through with vulnerabilities and still leaks like a sieve.