Okay, I don't apparently need to hunt for any security topic. They just find me. There is one company (and CEO) that just continue to amaze with their statements. Does anyone take this guy seriously? Yes, it's Symantec again. Today at the CeBIT conference in Hanover, Germany, their CEO, John Thompson stated "It’s a "huge conflict of interest" for one company to provide both an operating platform and a security platform." (but he of course didn't mention any names of vendors doing that).
I want to sell seatbelts.
I want all automobile manufacturers to stop providing them to customers. I need to contact GM, Ford, Chevy, BMW, etc. to "cease and desist" immediately. I can make a far better seat belt, since I'll be dedicating all my time and resources to making the best seat belt (of course, it won't be a seat belt that can prevent every injury, since we never know who's driving or where they'll be driving...). You should buy my seatbelt.
Mr. Thompson's premise is simply that we shouldn't be providing security in our own products.....so Symantec can. Ridiculous. We have the responsibility to do everything we can to ensure that we are successfully addressing the existing risks to computer users (yea....that's the whole purpose of the Trustworthy Computing initiative). We also have the the right to do so.
Later in his interview with the IDG News Service, he mentions that as the threat landscape evolves every 18-months, "that Vista being a more secure platform becomes somewhat irrelevant". Really? <sarcasm> Again, I'm sure that Symantec has the ability to identify and predict the future of all security threats. </sarcasm> (If so, why didn't they have a more proactive plan to the Windows Vista release?)
Here's the deal.....I don't care what products you buy. I'd be a liar if I said I didn't want you to run a complete Windows shop. I'd love to retire next year. However, I'm very much a realist and the majority of you run a heterogeneous environment and here's the real kicker: Security isn't about technology. Security is about people and process. If you don't have trustworthy people and good processes.....it's game over. It's not about products, theirs or ours.