• Donate
    TheWindowsForum.com needs donations to stay online!
    Love TheWindowsForum.com? Then help keep it alive by sending a donation!

Software based Security?

WELCOME TO THEWINDOWSFORUM COMMUNITY!

Our community has more than 63,000 registered members, and we'd love to have you as a member. Join us and take part in our unbiased discussions among people of all different backgrounds about Windows OS, Software, Hardware and more.

DVDR_Dog

Ultimate Donator
Donator
VIP
Nov 5, 2018
2,495
2,064
So I was in a conference with the #1 security hardware manufacturer who was addressing the future of their security offerings. They want to abandon the hardware model of security and move to a software based product.
Here's why that's BS
#1 This is just a money grab to appease the stockholders, which in my mind may result in big temporary increases in revenue, it will destroy that company as people get tired of fees upon fess.
#2 As most members here know "Software based Security" is an oxymoron. We see that's not true every day.
#3 Hardware is just that, hardware. There is just so much you can do to circumvent hardware based solutions.

Well there you go, another legendary company headed down the drain. You should see what they are offering for colo switching equipment, it's more like video games. There stuff used tp be like tanks, now it looks so fragile but that remains to be seen. I was really blown away the direction this company is taking. Perhaps when they are on the way down some capital fund will buy them and put them back on the rails, but that's dreaming.
 
So I was in a conference with the #1 security hardware manufacturer who was addressing the future of their security offerings. They want to abandon the hardware model of security and move to a software based product.
Here's why that's BS
#1 This is just a money grab to appease the stockholders, which in my mind may result in big temporary increases in revenue, it will destroy that company as people get tired of fees upon fess.
#2 As most members here know "Software based Security" is an oxymoron. We see that's not true every day.
#3 Hardware is just that, hardware. There is just so much you can do to circumvent hardware based solutions.

Well there you go, another legendary company headed down the drain. You should see what they are offering for colo switching equipment, it's more like video games. There stuff used tp be like tanks, now it looks so fragile but that remains to be seen. I was really blown away the direction this company is taking. Perhaps when they are on the way down some capital fund will buy them and put them back on the rails, but that's dreaming.
Matrix thoughts.... lol ...
 
Software security is the idea of engineering software to keep it functioning properly under malicious attacks. Most technologists recognize the importance of this initiative, but they need some help figuring out how to deal with it. The purpose of this new section is to provide that help by exploring the best practices of software security.

The field of software security is relatively new. The first books and educational classes on the subject appeared in 2001, showing how recently developers, architects, and computer scientists have begun systematically studying how to create secure software. The recent appearance of the field is one reason why best practices are neither widely adopted nor clear.

The central and crucial aspect of the computer security problem is the software problem. Security-related software flaws, including design bugs such as buffer overflow bugs and inconsistent error handling, promise to stay with us for years. Often, malicious intruders can hack into the system by exploiting software flaws.1 Internet-enabled software applications present the most common security threats today, with the ever-expanding complexity and elasticity of software adding more fuel to the fire. By any measure, security breaches in the software are common, and the problem is growing: the CERT Coordination Center reported 4,129 vulnerabilities in 2003 (a 70% increase from 2002, and a nearly four-fold increase since 2001).

Software security best practices take advantage of good software engineering practices and thinking about security early in the software development lifecycle, knowing and understanding common hazards (including language-based errors and shortcomings), designing for security, and subjecting all software artifacts to full objective risk analysis and Testing Let's see how software security fits into the overall concept of operational security and let's test some of the best practices for building security.

… Opposite application security
Application security means many different things to many different people. In IEEE Security and Privacy Magazine, this means that the software is protected once it is already built. While the notion of securing software is important, it is much easier to secure a defect-free item than a vulnerable one.

Consider the question, "What is the most effective way to secure software?" Software security and application security can help. On the one hand, software security is about creating secure software: designing software to keep it secure, ensuring software is secure and educating software developers, architects, and users on how to create secure things. Application security, on the other hand, is about protecting software and systems that actually run after software development is complete. Important issues for this subfield include sandboxing code (such as Java virtual machine does), protection against malicious code, obscuring code, locking down executables, programs as they run (especially their input), and application of software usage policy with technology. To do and deal with. Extensible systems.

By adopting standard approaches such as Penetrate and Patch 4 and input filtering (attempts to block malicious input) and providing feedback value, application security naturally follows a network-centric approach to security. In a nutshell, application security is primarily based on detecting known security issues and fixing them after exploiting them in fielded systems. Software Security - The process of designing, building, and testing software for security - identifies and eliminates problems in the software itself. In this way, software security practitioners try to create software that can actively withstand an attack. Let me give you a specific example: Although there is some real value in preventing buffer overflow attacks by monitoring HTTP traffic as it comes to port 80, one of the best approaches is to fix the broken code and avoid buffer overflow altogether.

As the operation is practiced by the people
One of the reasons that application security technologies like firewalls have evolved like them is because of the operations people dreamed of. In most corporations and large organizations, security is the domain of the infrastructure people who set up and maintain firewalls, intrusion detection systems, and antivirus engines (they are all reactive technologies).

However, these people are operators, not builders. Given the fact that they do not create software to operate, it is not surprising that their approach is to move standard security techniques "down" to the desktop and application levels. The idea is to protect sensitive objects (in this case, software) from attack, but the problem is that vulnerabilities in the software allow malicious hackers to skirt standard security techniques.
 
It is never a good strategy to buy the latest security tool and be done with it. Software security is not plug-and-play. You need to invest in multiple tools, as well as focused developer training and tool customization and integration before you see a return on your security investment. So before buying a tool that eliminates only a small fraction of your security risks, take the time to ensure you have a solid software security strategy; check through https://www.zaptest.com/api-testing-automation.
 
Last edited:
"private security" at your home pc starts with how you implement your system at your computer.
for private use, a slightly normal security software is fully sufficient.
for a Home Office PC it's better to have a "more secure software", there you should buy a good one.

for corporate use, that's a totally different issue.
 
So I was in a conference with the #1 security hardware manufacturer who was addressing the future of their security offerings.
- - -

Translated......................

So I was in a conference with the #1 BIG PHARMA hardware manufacturer who was addressing the future of their POTIONS....... and HOW TO MAKE THE SHEEP WANT THEM.................
 
Dude...seriously?!

that's super-cringy.

Not really...

There are two forms of security today... among many other similar issues

Nanny State Security and Off-Grid Security.

The former is an AIO (All In One) solution where someone else takes care of the user and their personal things and has full control over everything. The latter is where the user does that themselves, and nobody else interferes nor has any control over the user and their personal things and anything else.

As the (Punish/Reward) Social Credit System gets deployed soon, my "sheep" analogy will perhaps be more understandable to you, and the "creepiness" not so creepy... unless one is a sheep, and has been behaviorally trained to hate the wolves... who are "hesitant" and refuse the "change" to being a sheep... with the lie that they will be ... "happy" when they own nothing (K. Schwab)

Sheep demand a shepherd. Wolves eat shepherds if they get too close.
 
So I was in a conference with the #1 security hardware manufacturer who was addressing the future of their security offerings. They want to abandon the hardware model of security and move to a software based product.
Here's why that's BS
#1 This is just a money grab to appease the stockholders, which in my mind may result in big temporary increases in revenue, it will destroy that company as people get tired of fees upon fess.
#2 As most members here know "Software based Security" is an oxymoron. We see that's not true every day.
#3 Hardware is just that, hardware. There is just so much you can do to circumvent hardware based solutions.

Well there you go, another legendary company headed down the drain. You should see what they are offering for colo switching equipment, it's more like video games. There stuff used tp be like tanks, now it looks so fragile but that remains to be seen. I was really blown away the direction this company is taking. Perhaps when they are on the way down some capital fund will buy them and put them back on the rails, but that's dreaming.
I had to learn this lesson the hard way. About 3 years ago my PC was hacked and my desktop BTC wallet was kindly emptied for me. I vowed that would never happen again and bought a Trezor hardware wallet. It was only a few hundred bucks but it had taken me months to mine it so it stung pretty bad. But as the old saying goes "A hard head makes a soft ass"
 
Not really...

There are two forms of security today... among many other similar issues

Nanny State Security and Off-Grid Security.

The former is an AIO (All In One) solution where someone else takes care of the user and their personal things and has full control over everything. The latter is where the user does that themselves, and nobody else interferes nor has any control over the user and their personal things and anything else.

As the (Punish/Reward) Social Credit System gets deployed soon, my "sheep" analogy will perhaps be more understandable to you, and the "creepiness" not so creepy... unless one is a sheep, and has been behaviorally trained to hate the wolves... who are "hesitant" and refuse the "change" to being a sheep... with the lie that they will be ... "happy" when they own nothing (K. Schwab)

Sheep demand a shepherd. Wolves eat shepherds if they get too close.
Sheep demand a shepherd. Wolves eat shepherds if they get too close.
fold ureself a tinfoilhat and stop bugging me with your nonsense.
 
fold ureself a tinfoilhat and stop bugging me with your nonsense.

Let's examine the chronology of your accusations...

Are you the OP? No!

Did I respond to you first, with a veiled ad hominem?

No! You did.

Are you persisting now?

Yes!

You flatter yourself.

Take your straw man to leave me alone. *chuckle* Go on now... ignore my posts now,
 
Just to revisit, the hot new item Cisco "NGFW" a feature available on Firepower firewalls. So Cisco pushes a blacklist of IP's and traffic to those firewalls that have a current license. Anybody else see a problem? Exposing your assets to manipulation from the Internet no matter how secure the software house thinks it may be, well we see sometimes many of those schemes defeated many, many times. It will get breached a few times and then withdrawn to allow Cisco to figure what's going on .
Meanwhile Cisco is just catching up on orders we placed for these units requested by our customers. We ordered a bunch last January and they just showed up late last week.
 
Back