Language Selection

English French German Italian Portuguese Spanish

Oversold Security Hype

Filed under
Security

A number of the most promoted security risks are nothing more than a load of hype, Gartner has said in an unexpected outbreak of sober assessment.

The analysis firm has decided to use its IT Security Summit in Washington, D.C., this week to name and shame the issues it sees as the most oversold. The top-five list comprises a number of favorites from the last year, namely the fear of mobile malware, the belief that Voice over IP (VoIP) is unsafe, concerns about wireless hotspots, the equation of regulatory compliance with security, and the idea of a superworm that could spread on the Internet in a matter of minutes.

Of mobile malware, company vice president John Pescatore put it bluntly: "Antivirus vendors see huge potential profit opportunities in selling security solutions to billions of cell phone and PDA users. In particular, the antiviral industry sees cell phones as the way to grow sales outside of a flat, commoditized PC market. However, device-side antiviruses for cell phones will be completely ineffective."

Of the obsession with regulatory compliance, his analyst colleague Lawrence Orans said: "The best way to increase enterprise IT security is to buy and build software that has fewer vulnerabilities, but there has been no regulatory focus on this area."

Similarly, attacks on VoIP systems are rare--which renders elaborate security measures unnecessary--and the danger to users of wireless hotspots could be greatly reduced with simple technology. The threat of what the company called the "Warhol worm," able to infect every unprotected PC on the Internet in 15 minutes, has been greatly exaggerated.

"Many businesses are delaying rolling out high-productivity technologies, such as wireless local-area networks [WLANs] and IP telephony systems, because they have seen so much hype about potential threats," continued Orans in the official statement.

Perhaps it is fair to point out that Gartner itself has sometimes sent out mixed messages on these issues. Only last year it produced a report titled "Voice over IP Communications Must Be Secured," which noted in the summary the unique attributes of the medium that made security important. Now Gartner appears to be playing down this issue. "Preventive measures for securing an IP telephony environment are very similar to securing a data-only environment," Orans is quoted as saying.

The company has also produced numerous paid-for reports in recent years on the subject of wireless and mobile security, which doesn't in itself invalidate its current stance but which has added to the general impression in the minds of IT professionals that these are areas of real anxiety.

Gartner publishes a Hype Cycle report on a variety of IT industries, accessible at its Web site.

Source.

More in Tux Machines

today's leftovers

F2FS Tools Gain FSCK Support

The F2FS Tools v1.4.0 release introduces fsck.f2fs for fixing corrupted images/partitions for Samsung's Flash-Friendly File-System. There's also now dump.f2fs for retrieving a specific file. Additionally, the f2fs-tools 1.4 update also has bug-fixes for the stat and fibmap utilities. Last but not least is some code refactoring for the Android build. The release was mentioned today on the kernel mailing list by Samsung's Jaegeuk Kim. Read more

xorg-server 1.16.1

xorg-server 1.16.1 is now available. A single fix since Monday's 1.16.0.901, to address an issue when building Xwayland from the tarball. Julien Cristau (2): xwayland: always include drm.xml in tarballs Bump to 1.16.1 git tag: xorg-server-1.16.1 Read more

Geary Email Client Receives Major Overhaul and New Features

Geary, a lightweight email program designed around conversations and built for the GNOME desktop by the Yorba software group, has reached version 0.8 and it comes with a ton of new features. Read more