I should start by  adding a wee bit of qualification to that title. Don’t even trust security software blindly. With all of the security, technology, and innovation of the day, trust is still at the root of a solid security paradigm. Trust is the backbone of security, but at the same time, non-trust is also crucial.

For example, your web browser “trusts” security certificates presented by “secure” websites enabling SSL encryption between your web browser and the site. It does this by trusting certain “certifying authorities” who sign the certificate. When you visit a site and attempt to access a secured portion, the encryption certificate presented by the site to your browser will have been signed by a certifying authority, and it’s presumably one that’s pre-trusted by your browser. This is all usually transparent to you.

But, guess what? You’re trusting multiple parties for this transaction to happen. It works well–but it’s built on trust.

Last week, researchers from Core Security Technologies revealed what they claim is a BIOS-level vulnerability caused by security software from Absolute Software. The software is meant as a security product, yet may actually have a vulnerability that causes a fairly nasty bit of insecurity for the affected machine.

It’s no secret that Absolute Software is a competitor to MyLaptopGPS. And it’s only fair to mention that Absolute has responded to the researchers’ claims, claiming to refute them. My purpose here isn’t to comment directly on the content but, rather, the principle. I’ll let you decide the rest.

The principle of the matter is that you should be careful about who you trust and to what level you trust that party. I am certainly not advocating the cynical “don’t trust anybody” philosophy (see above!). But don’t check your brain at the door, either. Be careful, think things through, and keep a watchful eye open. Not doing that is what gets many businesses in trouble.