Forwarded from: security curmudgeon <jericho (at) attrition.org> : http://www.techworld.com/security/news/index.cfm?newsID=9058 : : By Raphael Fogel : : Check Point's chief executive has taken a swing at rival Microsoft, : saying its security products leave a lot to be desired. : : Gil Shwed, also founder of the firewall vendor, made his remarks during : a lecture on the global security market, before a group of network : security managers at an IDC security conference in Israel. : : "Microsoft has been in the security market for more than ten years. It : has firewall, VPN, anti-virus capabilities and disk encryption," Shwed : said. "But it doesn't have the leading products in any of them, and : apparently, the management and integration levels of its products is : unsatisfactory." Why do security vendors insist on waving their virtual penis like this? Check Point, the same vendor with a steady stream of vulnerabilities in their enterprise/corporate products since 1998, possibly earlier? The same maker of Zone Alarm, their personal firewall that is a "$50-million-a-year business" that has had vulnerabilities published since 2000? : He refrained from mentioning other rivals like Cisco and Juniper. But he : did say that security managers at major enterprises don't want to delve : into the nuts and bolts of the security systems and components under : offer. What they really want is a certificate guaranteeing that the : security systems and components meet the regulations. : : They want to know their systems will be safe. They care less how that's : achieved. Meeting regulations and 'being safe' are NOT mutually inclusive. Check Point Connectra NGX sre/params.php ICS Security Bypass Jan 25, 2007 Check Point VPN/Firewall Traversal Arbitrary File Access Jul 24, 2006 Check Point VPN-1 SecureClient SR_Watchdog.exe Path Subversion Privilege Escalation Jan 17, 2006 Check Point Firewall-1 Internal Certificate Authority (ICA) Information Disclosure Jan 1, 2006 Check Point VPN-1 SecureClient Security Policy Bypass Dec 7, 2005 Check Point NGX R60 CIFS Rule Packet Verification Failure Sep 7, 2005 Check Point VPN-1 SecuRemote/SecureClient Registry Information Disclosure Jul 20, 2005 [..] ZoneAlarm Pro vsdatant Driver Local DoS May 1, 2007 ZoneAlarm Spyware Removal Engine (SRE) srescan.sys IOCTL Handling Local Privilege Escalation Apr 20, 2007 ZoneAlarm vsdatant.sys Hooked SSDT Function Local Privilege Escalation Apr 15, 2007 ZoneAlarm VETFDDNT\Enum Registry Key Multiple Function DoS Jul 1, 2006 ZoneAlarm Security Suite VSMON.exe Path Subversion Local Privilege Escalation Mar 8, 2006 ZoneAlarm ShowHTMLDialog() Outbound Filter Bypass Nov 8, 2005 ZoneAlarm Pro DDE-IPC Method Ruleset Bypass Sep 29, 2005 ZoneAlarm Vet Anti-Virus Engine Remote Overflow May 23, 2005 ZoneAlarm vsdatant.sys NtConnectPort() Hook Invalid Pointer Dereference Remote DoS Feb 11, 2005 [..] _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jun 11 2007 - 00:10:42 PDT