转个结论来:
Conclusion
These results clearly show that the major security vendors do not focus on vulnerabilities. Instead, they have
a much more traditional approach, which leaves their customers exposed to new malware exploiting
vulnerabilities.
One could argue that this isn't a problem, since no single product can offer a 100% protection. Yet, many of
these suites clearly indicate that they are comprehensive and offer protection against “all” Internet threats,
thus many users would rightfully expect these suites to protect them against all current threats.
The combination of security vendors not being able to detect exploits and users patching software too
infrequently (almost one-third of all installed software lack one or more security related updates) leaves the
door wide open for professional Internet criminals.
While we did expect a fairly poor performance in this field, we were quite surprised to learn that this area ismore or less completely ignored by most security vendors. Some of the vendors have taken other measures
to try to combat this problem. One is Kaspersky who has implemented a feature very similar to the Secunia
PSI, which can scan a computer for installed programs and notify the user about missing security updates.
BitDefender also offers a similar system, albeit this is more limited in scope than the one offered by
Kaspersky and Secunia.
We do, however, still consider it to be the responsibility of the security vendors to be able to identify threats
exploiting vulnerabilities, since this is the only way the end user can learn about where, when, and how they
are attacked when surfing the Internet.
This does not mean that the user shouldn't patch. On the contrary, patching remains of key importance since
this is the only proper and efficient way to secure a system against covert attacks hidden in “legitimate” files
and web sites.
The best of it all – patching is free-of-charge!
请达人翻译下!天哪!原谅我的英语水平吧! |
发表于 2008-10-17 17:35:12
楼主
发表于 2008-10-18 11:21:39
