UPDATE – New attack bypasses EVERY Windows security product | ZDNet:
UPDATE — headlines from tech blogs may be so wrong that they miss giving you good information.
Dear Adrian. I know you need eyeballs and all that but come on, let’s showcase where you totally blew the role that ZDnet should be doing.
1. The headline
“New attack bypasses EVERY windows security product”…. really. Every single one? Every entire security product on the planet is bypassed with this? Gee I don’t see some like Forefront client like I use. And what about Microsoft security essentials?
We have confirmed that Microsoft Security Essentials and Forefront Client Security are not affected by Matousec’s KHOBE research
Maybe it’s because at least those two are not impacted. So no, not EVERY security program on the face of the earth is impacted.
2. The hype
The you are so screwed attitude of the content. By the time they can do this attack the bad guys have owned me already. The bad guys have gotten bad code on the box through a means that requires a lot of planets to align and to be in the right place at the right time. Come on Adrian. You had the chance to take Matousec to task for making this a headline fest and all you did was to take it up to the higher notch yourself.
3. The jab
“Mac and Linux users, feel free to engage “smug mode” for a little while….
No, this is a Windows user who is obviously being smug. Matousec didn’t come up with an ingenious attack. They came up with a headline grabbing stunt that everyone fell for hook line and sinker. Instead of a reasoned discussion of the probabilty (or lack thereof) of how this attack could come about, all we got was baiting of the fanboys.
4. The bottom line
The sky is not falling. The bad guys would need to get code on my box first. I’d have to be running an XP. The window of how the bad guys could attack takes luck and timing — I mean come on people we’re getting down to where the beancounters and statisticians are talking about rounding errors and bell curves and probabilities whereby the bad guys look at that and say “Dude, I’ll just own you with an easier browser based attack than trying for this one”.
Come on Adrian you had the chance to do a measured analysis of the real threat here. I don’t see one.
All I see is headlines and hype.