The Six Dumbest Ideas in Computer Security

Marcus J Ranum of Gauntlet, TIS and NFR fame just published the six dumbest ideas in computer security. It's a must read for everyone ! Apart from his top 6 list Marcus also mentions some minor issues, such as Domain Naming System.

I think he missed the top dumbest idea ever, one that tons of vendors are trying to sell you, the idea that security can be bought in a box, as product. The idea that if you implement antivirus product such and firewall so you are safe. It's not the fact that those products only enumerate badness, it's the fact that vendors try to make people believe that these products will solve their problems.

No matter how you look at it , security can't be solved by a product, Security is an everlasting ongoing proces.