Panda Security Insight

Every once in a while a security company faces a tough week due to a false positive.  Last week was one of those for a competitor I respect.   Since they released a now infamous signature update, a lot has been talked about them, their QA processes, their PR strategy, their products, etc.

The easy reaction is to hammer them due to the consequences it had for clients, partners and businesses in general.  Some even go a step further and try to take advantage commercially pointing out to prospective clients that their approach would have prevented something like this from happening, which I don’t think it is realistic by the way.

The reality (at least the one I see) is somewhat different:

·         All security companies are acutely aware of how mission critical our business is.  We are all in the business of ensuring business continuity fighting against an army of bad guys whose only interest is to make money, steal information and cause disruption to legitimate businesses and consumers around the world

·         This fight has become more sophisticated as time passed due to the increasing monetary rewards that cybercriminals get

·         We all have procedures in place to avoid false positives, but sometimes for many different reasons, those procedures do not work as planned.  A wide variety of factors can affect an intended flawless process:  human error, faulty procedures or their execution, changing teams, sabotage, etc

·         In security, like in any other business, we rely on people to design, implement and execute systems and procedures.  The very systems we protect often have “holes” in their initial design that are used by hackers to gain access, were designed by other people that also worked hard to try and make their systems flawless and secure

·         The vast majority of days those processes work, however, from time to time, they don’t work as intended: there is a glitch, a bug, etc. and that is because they are not 100% safe, they can’t be.  And it may affect a critical component of the operating system or any other software, and that creates a “big mess”.

·         That is what happened last week. The bad news is that, as it has happened in the past to virtually every vendor  it may happen in the future

Security users may (legitimately) ask: how can the companies that are supposed to be protecting me can say that it may create such a mess in my systems? Why should I trust security companies when they openly admit that this may happen in the future? Don’t they have the right technology / people to guarantee that this does not happen? Why don’t they establish procedures (whitelist, blacklist or “whatever lists”) to avoid it from happening and impacting me? If that is the case, why not change to another operating system that someone told me is “guaranteed safe”? etc, etc.

The answer to all that is all security companies will always do everything we can (and trust me, we all do a lot) to avoid it from happening, but, I believe, nobody can guarantee that it will not happen to them.  Regardless of what they say.  In addition, no operating system is 100% safe and if there are some less attacked is just because they have not yet become a profitable target, but as their share increase, they will be, hence they also require protection.

Our business has reached a level of sophistication and requirement for speed (to protect our users from the incredibly vast amount of malware out there) that is virtually impossible to, at the same time, timely protect our users and guarantee 100% that we will not fall under a false positive.

Equally to the “physical world”, if there is something valuable, someone will try (and may succeed) to get unlawful access to it.  Equally to the physical world, you have people trying to prevent that from happening (security companies), and equally to the physical world their preventive measures may have unintended consequences that we all try to avoid and correct if they happen.  It comes down to whether the preventive actions are justified and done in the better interest of the users.  The battles that we win every day against cybercrime prove that in a vast majority of the cases, the security industry is taking the right actions.

Equally to the physical world, the benefits outweighs the risks.  Same in Cybersecurity: we are all better off protecting our systems despite the very few unintended consequences like a false positive. All security players I have talked to over the years have their users’ security as a first priority and that we all work extremely hard to protect our users, clients and partners.  We will continue to do so, improving even further our technology and procedures.

You can count on us at Panda Security (and I am sure it applies to all our competitors) to work hard every day to continue to protect you!

Tweet This Post 

Uncategorized