What are the Myths of IT Security?

A deconstruction of the book Myths of Security

Signature based Anti Virus is largely useless

Vulnerability disclosure actually helps the bad guys

Most exploits are based on public disclosures –  so it becomes a race to patch first

It’s better to write down a strong password than to memorize a weak one

Google click fraud

More on Click Fraud

Google makes more money is there IS click fraud, so they are not really very motivated to stop it, just look like they are trying to stop it

Anti Virus vendors are losing battle against malware

There are not enough people to handle the volume of new malware each day

 

Recommended to turn off On Demand scanning – Basically scanning whole system – slow and resource intensive

Better to run On Access scans – e.g when you open a file

Consumers buy the cheapest or most expensive options

IDS / IPS are not that great, it takes a lot of upfront tuning to stop you being swamped with alerts

IDS/IPS not great idea for SME’s only Enterprises