Hacker News new | ask | show | jobs
by hello_moto 699 days ago
> I predict we’ll see other vendors removing similar bonehead “features” very very quietly over the next few months.

Absolutely this is what will happen.

I don't know much about the practice of AV definition-like feature across Cybersecurity but I would imagine there might be a possibility that no vendors do rolling update today because it involves Opt-in/Opt-out which might influence the vendor's speed to identify attack which in turns affect their "Reputation" as well.

"I bought Vendor-A solution but I got hacked and have to pay Ransomware" (with a side note: because I did not consume the latest critical update of AV definition) is what Vendors worried.

Now that this Global Outage happened, it will change the landscape a bit.
1 comments
XlA5vEKsMISoIln 699 days ago
>Now that this Global Outage happened, it will change the landscape a bit.

I seriously doubt that. Questions like "why should we use CrowdStrike" will be met with "suppose they've learned their lesson".

link
hello_moto 699 days ago
I'm referring to the landscape how current Cybersecurity vendors deliver "detection definition" (for lack of better phrase) to their customers.

If you don't send them fast to your customer and your customer gets compromised, your reputation gets hit.

If you send them fast, this BSOD happened.

It's more like damn if you do, damn if you don't.

link
skydhash 699 days ago
> If you don't send them fast to your customer and your customer gets compromised, your reputation gets hit.

> If you send them fast, this BSOD happened.

> It's more like damn if you do, damn if you don't.

What about notifications? If someone has an update policy that disable auto-updates to a critical piece of infrastructure, you can still let him know that there's a critical update is available. Now, he can do follow his own checklist in order to ensure everything goes well.

link
hello_moto 698 days ago
What if they're sleeping and won't read the notification until they wake up?

Wouldn't they get compromised?

link
samcat116 697 days ago
most people will defer updates indefinitely if they are able to.
link
XlA5vEKsMISoIln 698 days ago
Okay, but who has more domain knowledge when to deploy? A "security expert" that created the "security product" that operates with root privileges and full telemetry, or IT staff member that looked at said "security expert" value proposition and didn't have issue with it.

Honestly, this reads as a suggestion that even more blame ought to be shifted to the customer.

link
hello_moto 698 days ago
The AV definition delivery is part of UX of the product.
link