Chapter 18. Snake Oil: Legitimate Vendors Sell It, Too
Traditionally, when security experts talk about snake oil products (i.e., security products that don’t actually offer any security), they are usually only brave enough to call out products from dubious companies that make claims that are obviously false—almost always around cryptography. Few people call out venture-backed companies with well-known people on the management team.
This is partially because with most products, it’s not so clear-cut whether they are crapware. That is, the company’s marketing department can always find someone happy with the product, so it turns into a battle of credibility and opinion. The technical merits become secondary. A more common issue is that products do something to help, but they’re not as awesome as their vendors would have you believe.
At the end of the day, if we say snake oil products are ones that don’t do what the marketing leads customers to believe they do, many reputable security companies peddle snake oil.
For example, consider the company Trusteer. It’s backed by the firm U.S. Venture Partners. It has some seasoned veterans on its team, and some smart people. Plus, it has one big customer, ING Direct, who I’ll assume is happy with them.
Trusteer’s product is snake oil.
Its marketing claims that its product, Rapport, “…protects login credentials and transactions, from desktop to Website, even if a computer is infected with malware.” When I first heard this claim, I heard it directly ...
Get The Myths of Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
