[ISN] Anti-Virus's control fetish

From: InfoSec News (isnat_private)
Date: Fri Mar 01 2002 - 02:09:30 PST

  • Next message: InfoSec News: "[ISN] Court Decision Could Gag French Security Site Kitetoa"

    By George Smith
    Posted: 28/02/2002 at 22:55 GMT
    "Network Associates would never sponsor nor condone attempts to censor
    anyone anywhere."
    Uttered for Forbes by NAI el Jefe Gene Hodges and published 4 February
    in an article in which he denied the company had tried to churlishly
    prevent Vmyths founder Rob Rosenberger from going forward with a
    commentary embarrassing to the firm. It is my favorite quote this
    It's unparalleled, even ballsy, meretriciousness. What guts it must
    have taken to say it, knowing that someone could peremptorily
    clothesline you publicly over the issue of censorship, but betting
    that they would not!
    But luck was no lady, the dice came up snake-eyes, and three days
    later New York State Attorney General Eliot Spitzer filed a lawsuit
    against Network Associates over an odious clause -- a "restrictive
    covenant" in the parlance -- that the company had employed in its end
    user license agreement to hinder the public's ability to criticize its
    software products. "It is unconscionable that a reputable software
    developer such as Network Associates would seek to chill and censor
    public speech . . ." read Spitzer's boilerplate PR.
    And so everyone got another opportunity to acquaint themselves with
    how Network Associates wrenches true causes false ways. In this case,
    the messy job of damage control was left to a fixer from the legal
    department. "We only want to ensure that potential reviewers of our
    software have the most current version" is an approximation of the
    cant prepared for the job. It was an exquisite misapplication of
    language because it allows the company just enough wiggle room to
    discredit all potential future bad news about its product by claiming
    the review inaccurate due to lack of current version -- the current
    edition being always whatever the company says it is, always
    potentially one minor revision ahead of the disobedient consumer.
    You must admire the propagandistic skill that went into coming up with
    such a thing. To twist the interpretation of a demand that is inimical
    to consumers into something that almost sounds solicitous takes no
    small measure of ingenuity. And getting a reporter to print it without
    immediately following it with something supercilious is an even more
    awe-inspiring talent.
    However, this is just in the natural character of corporate
    Too Animalistic
    You see, way back in the mists of time -- like the late '90s -- the
    American anti-virus market was a great deal more competitive than it
    is now. It was accurate to call it a mutually antagonistic,
    animalistic industry where everybody woke up to the new day hoping
    everybody else had failed the night before.
    Inspecting the software of competitors for the purposes of planting
    bad news and nasty reviews was an industry game. Many played it
    clandestinely; the makers of the McAfee anti-virus, however, often
    wound up in the spotlight for such oafish practices.
    For instance, in 1997 McAfee's (now Network Associates) beta-test
    division uncovered a security gap in Symantec's Norton Utilities. The
    company promptly went to Windows Sources magazine with the
    information. The magazine subsequently published the code McAfee
    Associates had ferreted out. Outing someone's internal mess for the
    sake of business embarrassment is, of course, pro forma comsec
    practice. But I do not recall any McAfee employees checking with
    Symantec to see if they had the correct version of the software before
    publication of product hostile information.
    The same year, the company "reviewed" the software of a UK-based
    competitor in a strange press release that complained of a "cheat
    mode" present in the rival product.
    It read: "The cheat mode can cause Dr. Solomon's Anti-Virus Toolkit to
    show inflated virus detection results when the product is being
    reviewed by trade publications or independent third party testing
    At the time, Dr. Solomon's Anti-virus Toolkit was regularly detecting
    more viruses than the middlebrow McAfee anti-virus, so -- in a sense
    -- one could, indeed, sort of say that Solomon's virus detection rates
    were "inflated" with respect to the other.
    As a claim, though, it sounded so irrational it had no effect other
    than to provoke gales of laughter in anti-virus circles at the
    martinet-like behavior of the company.
    In 2002, however, there are far fewer competitors to wake up hating.  
    Real competition has long since fallen by the wayside; the anti-virus
    industry is a long-stagnant domain. But the corporate propensity for
    paranoid bile remains an institutionalized part of its character. It
    is never surprising, then, when it spills onto consumers or any
    outsider who might choose to say something unfavorable.
    Anyone who has worked in the anti-virus industry since the late '80s
    knows its fetish for controlling behavior is deeply rooted, and
    unlikely to be muted by just one lawsuit.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Mar 01 2002 - 05:46:32 PST