Language Selection

English French German Italian Portuguese Spanish

Oversold Security Hype

Filed under
Security

A number of the most promoted security risks are nothing more than a load of hype, Gartner has said in an unexpected outbreak of sober assessment.

The analysis firm has decided to use its IT Security Summit in Washington, D.C., this week to name and shame the issues it sees as the most oversold. The top-five list comprises a number of favorites from the last year, namely the fear of mobile malware, the belief that Voice over IP (VoIP) is unsafe, concerns about wireless hotspots, the equation of regulatory compliance with security, and the idea of a superworm that could spread on the Internet in a matter of minutes.

Of mobile malware, company vice president John Pescatore put it bluntly: "Antivirus vendors see huge potential profit opportunities in selling security solutions to billions of cell phone and PDA users. In particular, the antiviral industry sees cell phones as the way to grow sales outside of a flat, commoditized PC market. However, device-side antiviruses for cell phones will be completely ineffective."

Of the obsession with regulatory compliance, his analyst colleague Lawrence Orans said: "The best way to increase enterprise IT security is to buy and build software that has fewer vulnerabilities, but there has been no regulatory focus on this area."

Similarly, attacks on VoIP systems are rare--which renders elaborate security measures unnecessary--and the danger to users of wireless hotspots could be greatly reduced with simple technology. The threat of what the company called the "Warhol worm," able to infect every unprotected PC on the Internet in 15 minutes, has been greatly exaggerated.

"Many businesses are delaying rolling out high-productivity technologies, such as wireless local-area networks [WLANs] and IP telephony systems, because they have seen so much hype about potential threats," continued Orans in the official statement.

Perhaps it is fair to point out that Gartner itself has sometimes sent out mixed messages on these issues. Only last year it produced a report titled "Voice over IP Communications Must Be Secured," which noted in the summary the unique attributes of the medium that made security important. Now Gartner appears to be playing down this issue. "Preventive measures for securing an IP telephony environment are very similar to securing a data-only environment," Orans is quoted as saying.

The company has also produced numerous paid-for reports in recent years on the subject of wireless and mobile security, which doesn't in itself invalidate its current stance but which has added to the general impression in the minds of IT professionals that these are areas of real anxiety.

Gartner publishes a Hype Cycle report on a variety of IT industries, accessible at its Web site.

Source.

More in Tux Machines

Slackware Live Edition – on its way to 1.0?

Last week the second Beta of the upcoming Slackware 14.2 was released. My goal was to have a new Beta of my liveslak ready by that time, so that I could provide new ISO images to test the Slackware Beta2 on a live medium. Unfortunately, there was an attack of the flu in my team at work and things got a bit busier than usual. There was a plus side to this: some last moment bug fixes which could be applied to my scripts – the result of having more evenings available to test. Therefore the new release is not labeled “0.5.0” but “0.5.1” Read more

Leftovers: KDE

  • Cantor migrating to Phabricator: which tools our contributors must to use
    Projects and software developed by KDE community are going to migrate for a new tool to manage our code, commits, reviews, tasks, and more. This tool is Phabricator and you can visit the instance for KDE projects in this address. Since November 2015 we are migrating Cantor to Phabricator. After our first successful review code some days ago, I decided to write a post about which tools our contributors must to use while the migration process is not finished.
  • Kdenlive's sprint report
    Last week-end, Vincent and me met in Lausanne for a Kdenlive sprint. One of our goal was to merge Gurjot Singh Bhatti's GSoC work on curves for keyframes. This was more work than expected and we spent many hours trying fix the curves and make keyframes behave correctly. Not much time was left for sleep, but we still managed to get outside to make a group (!) picture in the woods above Lausanne.
  • Jekyll 3.x
    I’ve found three different types of transition issues (it is cool to look at these in a project I do not upgrade on a daily basis like Plasma and the rest of the KDE software).
  • kdev-python on Windows: try it!
    I spent the last two or three days playing around with KDE on Windows, with the aim of getting my Python language plugin for KDevelop to run there. In the end, it wasn’t that hard to get this to work — not as hard as I would have expected it to be, anyways.

Manjaro ARM launched

Hi community, wonderful news in regard of architecture expanding within Manjaro Linux. It all started with a simple post on our developers mailing list. Somebody wants to do Manjaro for ARM … Just after one month of development our first alpha release is now ready. So what is this all about? Manjaro Arm is a project aimed to bring you the simplicity and customability that is Manjaro to ARM devices. These devices are growing in numbers and can be used for any number of applications. Most famous is the Raspberry Pi series and BeagleBoard series. Read more

Plasma 5.5.4 and Calligra Suite 2.9.11 now available

The 4th update for KDE's Plasma 5.5.x series is now available to all Chakra users. According to the release schedule, unless new issues occur, this will be the last update for this series before 5.6 gets released next month. Plasma 5.5.4 as usually includes a month's translations and bugfixes, with the authors highlighting the improvements for handling multi-screen setups. The Calligra Suite also receives a bugfix update to version 2.9.11, which mainly provides fixes for krita and kexi. Read more