Yankee Group Blog

Blog Home

Analyst Pages

Categories

Search:

Blog Alert:

Enter your e-mail address to receive notifications when there are new posts.

Archives

Yankee Group RSS Feed

The Post-Platform Security Era

by Andrew Jaquith
February 25, 2008

Greetings everyone! I’m Andrew Jaquith, a security analyst at Yankee Group.

The attraction of posting to this blog was plain, because it is about what we at Yankee Group call Anywhere. At its core, our mission is to forecast how mobility, miniaturization, exploding numbers of form factors, plentiful bandwidth and networked applications will change our lives. We expect that carriers, corporations and consumers alike will benefit from a rising tide of innovation that will bring us new forms of entertainment, commerce and access to information.

With that in mind, it is with a mix of resignation and bemusement that I was recently asked to respond to a study by security vendor Sophos about malware predictions for a particular platform (how very 2001), in this case the Mac. You can read the story (which includes my comments), but I’ll save you the time and cut to the chase. According to Sophos, “93 percent believed malware writers would increasingly target the Mac in the future.”

I’m not really sure what to make of this study. While I recognize that not all of the security vendors speak with one voice, the narrative on the subject of Macs and viruses has gotten so twisted that it would make Ernö Rubik gasp.

First, the line was “Watch out! Mac users will, we are very very sure, be targets of malware in the very near future.” This was generally accompanied by, “Mac users need to stop living in a false paradise!” But now, according to Sophos, Mac users aren’t living in a false paradise after all, because they “expect to see more malware.” So which is it? Are Mac users all beret-wearing, latté-sipping artistes that don’t have a clue about security, or are they world-weary realists warily awaiting their next attack?

Of course, it doesn’t really matter. Frankly, all of these things are just justifications to sell more OS X software. And Sophos’study should be seen for what it is: a publicity event in service of that goal.More broadly speaking, though, all of this hot air about Mac versus PC security has nothing to do with the real problem: cyber criminals trying to trick end users so that they can take over their PCs, steal money or steal account credentials. That’s a platform-agnostic problem.

For Anywhere Consumers — who use whatever operating system they want — the targeted device or platform is much less important than the goal of the attacker. The story really ought to be about whether end-users are safe, educated and aware, not what platform they use. It is high time for the dialogue to shift to the post-platform security era. Let’s stop the usual finger-pointing, schadenfreude and scare-mongering.

Filed under: Anywhere Consumer, Core Transport Network |

One Response to “The Post-Platform Security Era”

El Cas
April 12th, 2008 - 5:05 pm

Hi Andrew,

We are running a New Company in Isael, developing and marketing Network’s Traffic Intelligence Systems and Technologies enabling to Identify and Manage Applications / Transactions within Encrypted Traffic Channels such as Identifying Skype, GoogleTalk, File Sharing, Joost and many other transactions within Port 443 (SSL / HTTPS) / Port 80 etc. - we Identify these applications / transactions before any content or encrypted content is delivered among and between parties / peers.

Once I know to “Flag” what you are going to do on a Network, now I can track it, monitor it, block it, or send the information to any destination within and outside the organization, you name it !!

I would like to discuss it in more details with you as we believe that each and every Enterprise, Federal Agency or any Financial / Health care and other organizations will need our “Black-Box” on the Network to be aware of what is going on or what is going to be on their Networks including within their Encrypted Tunnels / Ports - this should be side by side or following the Firewalls, IPS, IDS, DPI products which are not giving the security and awareness each organization needs.

Please contact me via Email at EldadCa@Gmail.com

Nice weekend

Leave a Reply