We call’m like we see’m! IT philosophy is everything. Take Bit Defender for example, absolutely absurd philosophy and behavior in an article they published titled: “Some router updates fail to protect against known vulnerabilities“. Is that a true statement? Sure, but lots of operating system updates also fail to protect you against known vulnerabilities from lots of different operating systems! That’s what a router is, an operating system controlling the in flow and out flow of network traffic.
What’s hypocritical and dishonest is how they beat up Open Source and Free Software as though it’s junkware and the reason for your router failing to protect you. They go on to state in that piece…
” Security professionals tracking cybercriminal activity have found that hackers can easily compromise consumer routers by leveraging known vulnerabilities that have not been patched. “Ionut ILASCU on the Bit Defender Website
The author fails to launch by suggesting this is only a problem for consumer routers. This happens to all operating systems consumer grade or not, Windows, Mac’s, Linux, BSD, etc and the multitude of server services those operating systems run. The only difference between consumer grade equipment and “business class” or “enterprise class” is typically the hardware. Kind of like getting a four cylinder two door Toyota truck that can carry 1,000 lbs or a Ford F350 heavy duty with an eight cylinder engine that has lots of hauling and towing capacity. The Ford is far more durable and might be considered “business class” in context.
Nobody is arguing that home routers above all else aren’t hackable, they are, this is an undisputed fact. What we are suggesting is that Bit Defender is a hypocrite in that they bash Open Source and Free Software as the reason for it when that couldn’t be further form the truth and is unfounded because this exists in all types of systems; routers or other.
They then go on to misrepresent the ACI perspective by misinterpreting what was said in the report. In my view the ACI isn’t even a reputable organization that has a deep understanding of technology. What Bit Defender did here was go phishing for a point of view that would meet their marketing goals. Bit Defender states…
Firmware is more and more frequently built on open source code, which is, as many believe, to be more prone to hacking.ACI – Securing IoT Devices: How Safe Is YourWi-Fi Router?
The ignorant thing about ACI here and the “tell” on just how ignorant they are is that “firmware” in this context is just an operating system. Routers have been using open source operating systems seemingly forever! The largest multi-national company’s in the world use the Linux Kernel or BSD Kernels for the core of their equipment and to run their router OS’s. We did a piece on this called “Corporate Routers & Open Source – Get Real!“. The Bit Defender author plucks their opinion from the pages of the ACI report noted above as saying:
ACI added that code available under the open source license is believed to be more prone to hacking. A reason for this is open access to the source code.Ionut ILASCU on the Bit Defender Website
Notice it says “…as many believe…” in the ACI report. ACI isn’t suggesting that’s what they believe but rather, many believe…whomever they are. I’m not one of those people who believe this. It sounds like Bit Defender is on the other side of that fence (the wrong side).
The folks at ACI go on to say:
Each of the 32,003 vulnerabilities identified in this report put consumers, our infrastructure, and our economy at risk.
We have written another piece about IT hypocrisy in that “IT Security Company’s” (so called) try and use ginned up talking points to get you to move as a call to action for investment. A.K.A, spending money. It’s not a sober assessment in fact they have conflicts of interest. Company’s using other company’s facts and statistics in an attempt to prove a point. I would suggest that corporate router operating systems also have these vulnerabilities especially if they are not patched and up to date just like the consumer grade home routers they are attempting to beat up on. I’d suggest that the lack of corporate router updates puts THEIR INFRASTRUCTURE (not ours) at risk. It’s not our economy that will have a problem but their personal economy’s. Furthermore, if a bunch of home routers get hacked it’s the responsibility of the rest of use on the net to identify and block those offenders if they are attacking. If they are hacked and their information gets stolen that only affects the home user. Assuming what ACI says is true about the economic impact; overall in terms of total economic productivity being lost it’s a blip. I’m far more concerned about government and public utility infrastructure being hacked.
The funniest thing about all of this is as much as Bit Defender uses ACI’s report to bash Open Source and Free Software they use it in their product. They use BareBox and OpenWRT among many other Open Source and Free Software products in their product. Their full disclosure can be found here: Link although; good luck finding that anywhere on any product pages. I had to email them to get that information! What they are trying to sell you is a subscription to their router service which supposedly protects you. They’ve done this for businesses and are now trying to apply this to the consumer. It’s an opportunity to get recurring monthly revenue like the anti-virus company’s have done for decades. It’s not a terrible idea but they go about it in hypocritical ways.
Lastly, ACI’s “experts” aren’t experts in tech. I suspect the person writing this is their tech writer Zack Christenson who’s resume is lack luster in the context of writing about router vulnerabilities. I didn’t reach out for comment, if you post a fluff piece online be prepared to have it referenced. He might not even know Bit Defender is using his piece, who knows? Here is a list of ACI’s “experts”: Link. They are not technical IT experts nor are they experts in cyber security. They mostly seem like academics and politicians to me.
In conclusion; you need to watch out for the hypocrites, the shysters, crooks, criminals and the smoke screen blowers like Bit Defender. Their piece is fluff promoting fear not their awesome product (eye rolls). Groups like ACI have their own agenda although I don’t know what it is, perhaps pumping out their own fluff to make themselves look legitimate? They are heavily involved in politics from the looks of it so perhaps they are trying to gain political favor or get paid for their opinions?
If you want a legitimate IT firm with knowledge and skill look to EITS, LLC. In most cases our opinions are worth more than most people’s deep research.
Comments or questions are welcome.