Up for grabs is a first prize of $10,000 USD and six further $500 USD category prizes.

 
To win the cash and the glory, you need to do is be 13 years of age or over and you need to submit a video in one (or all if you want to maximise you chances) of the three categories; Being a good online citizen, Using a mobile phone wisely and Maintaining your privacy online. The film can be in any style you like, you can pour your heart out, make us laugh or even teach us a thing or two, but you have to be in it to win it.
 
You can find the official rules here, and you can register yourself here
 
Have a squint at last year’s winner for a dose of inspiration, but remember originality and honesty are key.
 

Let ‘em know that security curmudgeons have hearts too.

Used under creative commons from elliottbledsloe's photostream

 
UPDATE: This promotion has now closed
 

Hopefully regular readers of the blog will have noticed that I try to avoid using Countermeasures to push product. However, this afternoon I have been offered 100 licence keys for our new Windows security software to give away to readers of the blog and I thought giving you free stuff was definitely something I should be doing!

Trend Micro Titanium was released this week and is already getting great reviews from journalists and testing houses alike. In all honesty, I love the product too, I know I sound like a shill but it has to be tried to be believed. Titanium is security software that has been designed not to get in your way, it won’t slow down your PC and at the same time it doesn’t compromise on the quality of protection. Anyway don’t take my word for it, give it a test drive and I’ll give you a free serial number.

You knew there was going to be a catch though, like Alice Cooper said “Nothing’s Free”… I only have 100 serial numbers to give away, so here’s what you have to do. Go here. Click the blue button to download a trial copy and install it. There’s an option to log in with your Facebook account rather than your email address if you prefer. The first 100 people to post a review of their experience with Titanium, either here as a comment to this blog post or on the Titanium page on Facebook will each get a 12 month subscription free of charge and obligation.

So there you have it, end of shameless promo!

Like all the big, crunchy questions, the answer is a lot more complex than initially seems possible.
 
You could take some sort of statistical approach – what proportion of businesses deploy antivirus software to their desktops? – and come up with a big number that implies ‘yes, it does’. (Or maybe not).
 
You could interview the CTOs of a representative sample of large organisations and ask them for more in-depth examples and views. Again, it’s pretty likely that you’ll come up with a positive picture.
 
However, those results are misleading in some respects. And I think that’s because the question involves two big abstract terms. ‘Business’ is an idea, not a person, so it doesn’t care about anything much. Security doesn’t appear on the mission statement, I’d be willing to wager. Nor would it be appropriate for it to be there. Alongside things like Health and Safety, environmentalism and equality of opportunities, it’s the sort of thing we expect businesses to care about, but we know it’s not their primary function. And does ‘business’ mean the board, the IT department or every single member of the organisation?
 
Similarly, ‘security’ is extremely slippery as an idea: we’re talking about systems, software, attitudes, processes and policy.
 
So to break it down: does Jon in logistics make sure his internet browser is patched* to the currently advised levels? No, he couldn’t care less. He’s got a big shipment that needs to be in Paris tomorrow – so don’t start messing with his machine right now, thank-you very much. But he does care –a lot – that his system works and that he doesn’t get in trouble.
 
What we keep arguing for is an holistic approach to security. That doesn’t mean that we need to persuade Jon that his patch levels need to be up-to-date. That isn’t going to happen. Sorry.
 
What it does mean is that the security and IT department are able to manage his security for him – all the time. It’s pretty much impossible for Jon to screw-up or for his machine to get compromised because the policies are baked into the processes and the technology.
 
What are your views on this? Voice your opinions on the Register’s Security That Fits Workshop before it closes later this month.
 

 

So once again many many thanks, and here’s to next year!

___________________________________________________________________________________________

I am very proud to be able to say that Countermeasures has been shortlisted for the Computer Weekly IT blog awards 2009 in the IT Security category.

 

So firstly, many thanks to all of you who felt motivated enough to nominate the blog in the first place.

 

Now the contest heats up as voting has opened, so if you’re a regular reader, or are simply coming here for the first time and like what you see please head over to the voting page at Computer Weekly and vote for Countermeasures in section 9: IT Security.

 

Thanks again for reading and now back to your regular program.

Back in June of 2008 you may remember there was some noise in the IT press, as Trend Micro was declining to participate in some of the well known anti-malware tests, such as VB100. Our argument at the time, and this still stands today, was that those tests simply do not accurately reflect the threat as our customers encounter it, and as such the results may offer a false sense of security.

The internet has emerged as the most abused attack vector, attacks are multi-variant, multi-protocol, distributed in source (botnets), often targeted in nature and can no longer be defeated by the pattern-matching techniques that have been at the core of security software for so long.

Traditional security product testing has mostly been conducted in an isolated lab environment with a selected list of malware and this does not allow modern security software to perform to the best of its abilities. Trend Micro uses the internet based capabilities of the Smart Protection Network to provide real-time dynamic protection, focusing not just on the malicious file, but the malicious email and web site as well, creating smart correlated rule-sets designed to thwart malicious activity.

This is a threat-centric philosophy not a file-centric one. The aim is to break the chain of infection, or block the threat, as early as possible; looking first at the “exposure layer” or where threats come from and subsequently at the infection layer, or “what the threat does when it arrives”.

Independent and importantly unsponsored testing, from NSS Labs, has just been released that underlines the importance of this new approach. In July and August of this year NSS Labs performed 17 days of 24×7 testing on 9 consumer and 10 enterprise products.

Is Trend Micro’s cloud-client Smart Protection Network ready for prime time? I think the results speak for themselves…

"Trend Micro achieved the best download and execution protection with 96.4% overall" - Source: NSS Labs Consumer Report, September 2009

NSS Labs Consumer Report, September 2009

NSS Labs Consumer Report, September 2009

Download the full reports from NSS Labs here