Re: Smoodge: Micorosft & eEye

[Drsolly <drsollyp () drsolly com>]

On Sat, 26 Aug 2006, Nick FitzGerald wrote:

> Drsolly wrote:
>
> > > I like a good friend's description of marketing and PR as "misleading
> > > with the truth"...
> >
> > The essence of the lie is the *intent* to deceive.
>
> Indeed.
>
> While I was the editor of Virus Bulletin a product exec from a major AV 
> company was chatting on the phone about something to do with an 
> imminent product test.  We had been joking around a bit when he said 
> something like "But seriously, what do you think of <fancy new 
> marketing-hyped feature> in the latest version of <his product>?".  I 
> made some vaguely dismissive comment to the effect that it was an 
> interesting enough feature and would help some folk, but was no deal-
> breaker despite the hype...
>
> Him:  So you wouldn't use it? ["So you'd not recommend folk use it?" or
>       somesuch...]
>
> Me:   I'd not use it. [I answered truthfully.]
>
> Him:  So Nick, what AV _do_ you use?
>
> Me    None.  [Again, and _still_, truthfully.]
>
> Him:  No, seriously, what AV do you use?
>
> Me:   Seriously, none.  If I need an AV, then I shouldn't be doing this
>       job." [I explained that viruses are a code integrity threat and
>       thus that "beating" them simply requires you to have good control
>       over what code runs on your machine, etc, etc.  And note that at
>       that time "editor" of VB was really the top technical position
>       and only secondarily a job description -- the assistant editor
>       did much of the "publication building" work.]

Hmm. Maybe you've just found a good explanation for why I don't use an 
antivirus. Although viruses aren't now just a code integrity threat, and 
stopped being that when the first Word macro virus appeared. How can you 
have control over "what code runs on your machine" when, as we all know, 
there is *no difference* between code and data on any of the computers in 
use today.
 
> Him:  So I could run an ad saying "<his product> meets all the AV
>       requirements of the Virus Bulletin editor."  I like it.
>
> His last response came without him missing a beat.
>
> And would be a perfectly good example of "misleading with the truth" 
> (everything, thus _anything_, matches the empty set).
>
> [And, no this was not the same person who provided the "definition" -- 
> in fact, they work for major opponents in the AV industry.]

The big big dishonesty about Virus Bulletin, was the failure to disclose 
the relationship with Sophos. In my opinion, that should have been fully 
disclosed on every issue. In practice, if you didn't know about it, you'd 
never get told.

That's a good example of "lie by omission".

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.