When Security Software goes BAD

Some security software can actually make you less secure.

In the age of Anti-Virus, SPAM, Spyware, IDS and firewalls…here comes a set of products to make you ….less secure. I received an email about new identity management software that will collect all the sensitive data that is residing in your email, browsers, documents, etc and then proceeds to show you how vulnerable you are to attack. The idea behind this software is that you can secure these items using their package to ensure your data is safe at all times. Here is my problem with this whole thing. To begin with the vendor claims that hackers know all the locations to all your secure files passwords and data. (I would name the software directly, but I am sure their lawyers would have a field day with me if I did. So I won’t do that, what I will do is address this group of software products as a whole). The wizard that runs initially brings all that together into their program. Thinking like a nefarious person for a moment I would think…Great now I only need to hack one program instead of maybe 5 or 6 programs. My other issue is that the software does not in any way do an initial sweep on your system before going and dredging up your sensitive information. So if a hacker has already infiltrated you and has spyware on your system, they can easily capture all that information on the screen before them and they do not even have to look hard. The software makes it all available to them without effort. I watched the demo and was asking myself who is realistically putting all this information on their computer in the first place? And why would I want to have all my passwords and sensitive data stored in a single-point-of-failure- location. One hack and it is all out there…not a good solution. Identity theft is a problem and it needs to be addressed, but I do not think this is the way to address the situation at all. I installed and tested the software and ran a scan on my system. The software found passwords that I had added to my browsers. Passwords for FaceBook, Twitter, My Yahoo, stuff that I do not really care about securing. It did not find passwords to my banks, credit card numbers, social security numbers or information on anything that needs to be tightly guarded. And that is my point, anything that needs to be tightly guarded should not be left in a document, browser or anywhere without it itself being encrypted and saved with a password that is at least 8 characters long. It makes no sense that we make sure that the online bank login is HTTPS, and yet a user will save the username and password in a text file on their laptop. Security starts with humans not with software, because all the software in the world cannot save us from ourselves. But putting all you sensitive data into a program that promises it is safe… is just plain stupid. Leave it off the machine; if you need to enter it make sure the site is secured, and for goodness sake make sure you do a sweep of your machine BEFORE you even enter the information.

Recent Posts PageNest: Easily browse Internet sites offline PowerGUI unleash the power of PowerShell while using a familiar GUI management interface Nexsan and Falconstor team up to make a greener, de-dupe solution Performance Analysis of Logs (PAL) Tool: Is a PAL every Administrator needs VisualRoute 2009: A tool to help you analyze, track and diagnose Internet traffic KontrolPack 2.0 Alfresco: Effective Content and Document management with a low TCO
Windows 7 Windows 7 Unveiled Will Windows 7 upgrade strategy keep XP users away…NO! Fun with Windows 7 Why Windows 7 will crush Linux Why XP users will switch to Windows 7 Why IT will adopt Windows 7
See my lists of great tools 12 killer freebie SharePoint add-ons Five great Windows open source tools 8 little-known technologies that instantly make Microsoft shops run smoother 9 wickedly useful Web sites for Windows administrators 12 cool cross-platform tools for Windows, Macs and Linux 20 great Windows open source projects you should get to know A Better Windows World Tools Library
Like this and want more? Check out the other tools I've written about in A Better Windows World. the Microsoft Subnet home page for more bloggers, news, humor, security alerts and more.

Plus, check out

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.