Utterly clueless "security" companies

Sources have recently informed us that two different security products are now blocking visits to the DigiCrime web site.

The first is called "WebNOT" from Raptor Systems. According to their web site,

...the optional WebNOT capability prevents inappropriate materials from being downloaded into your site.

Yeah right, like educational materials.

The second is called WebScanX. What's most disgusting about WebScanX is that they also block access to their competitors - specifically, CyberSoft. Since the US Justice Department has recently become interested in anti-competitive activities in the computer industry, perhaps we will see McAfee investigated in the future.

Vulnerabilities in commercial computer systems are a fact of life, and this is why companies like Raptor and Mcafee are able to sell products. It's beyond comprehension why they would consider DigiCrime as inappropriate. We can only conclude that they prefer their customers to be utterly clueless. So do hackers.

Moreover, the most likely compromise of a web browser's security is through a visit to a completely legitimate site that has been broken into by hackers. If a hacker broke into a site like www.cnn.com and implanted dangerous content there (perhaps in a hidden frame), then they could inflict far greater harm because there are far more visitors to such a site. For a hacker bent on mayhem, this makes a lot more sense than planting harmful content on their own site, because they could easily cover their tracks this way.

Products like WebScanX and WebNot would be about as effective against this as a screen door on a submarine. Too bad they only sell assurance of security, rather than actual security.

We just hope that their software engineers have more of a clue than their censors and marketing people.

ADDENDUM added December 10, 1997 Several news agencies have reported today that a hacker group carried out a graffiti attack on the popular Yahoo site and implanted a message threatening such a virus attack. At this time no evidence of such a virus was found, although the site was indeed hacked. In spite of the fact that no virus was found, it was certainly possible in spite of numerous industry PR people falling over themselves trying to deny it. In the meantime, this attack reinforces the fact that the strategy used by censors such as Raptor and McAfee would be of no value against such an attack.

For further information on graffiti attacks, see www.hacked.net

Return to DigiCrime (if you can...)