Security dud No. 4: So-called supersecure programs
This category of false promise is one of the most common. Several times a year, a particular vendor promises it's going to make the most secure version in a particular product category. Sometimes the vendor's CEO goes so far as to claim the software is forever bug-free and challenges hackers to prove otherwise.
The vendor claims that all past vendors have been horrible at security and it's the only company with the brain power capable of making a truly secure software program or device. The vendor comes out with a new security model that everyone loves and raves about. Then the exploits arrive.
The new, more "secure" product may even survive a year or two before the big exploits start landing. But everything that becomes popular ends up exploited -- which I call the Grimes corollary.
Many readers will write back to tell me about such and such a product, which is never exploited, especially if used the way the vendor intends. Write to me now, then write back in another two years. It takes hackers about that long to figure out new systems and software. But hackers will not be stopped forever. It's only a matter of time.
How do I know? Ask every single vendor that has announced its product is the most secure, unhackable item or device for longer than two years. They don't exist. They fall -- all of them.
Security dud No. 5: Data analytics
One of the latest trends I keep hearing about is how big data will save the computer security industry. The idea is that data -- lots of data -- solves the big problems. For example, if you want to solve a particular disease, all you need is lots and lots of data on that disease: patient data, outcomes data, laboratory data. You get all the data together, mine if/for patterns, and begin creating solutions.
Now several vendors are saying that if you have enough data about your threats and attackers, you can successfully defend against them. You just need to pay them for the data collection and analytics, and they'll tell you what to do.
The problem is that hackers are like a biological virus. Block a real virus with a particular medicine or vaccination, and they will adapt and evolve around it. Or better said, stopping one virus strain does nothing against the other few hundred million strains. Stop a hacker from using a particular modality, and like most viruses, they will move on to what works now.
As long as humans desire an easy way to make money and get rich, you won't stop hackers by identifying a few avenues of attack.
This story, "5 hot security defenses that don't deliver," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.