funsec mailing list archives
Re: Smoodge: Micorosft & eEye
From: Drsolly <drsollyp () drsolly com>
Date: Sat, 26 Aug 2006 10:56:31 +0100 (BST)
On Sat, 26 Aug 2006, Nick FitzGerald wrote:
Drsolly wrote:I like a good friend's description of marketing and PR as "misleading with the truth"...The essence of the lie is the *intent* to deceive.Indeed. While I was the editor of Virus Bulletin a product exec from a major AV company was chatting on the phone about something to do with an imminent product test. We had been joking around a bit when he said something like "But seriously, what do you think of <fancy new marketing-hyped feature> in the latest version of <his product>?". I made some vaguely dismissive comment to the effect that it was an interesting enough feature and would help some folk, but was no deal- breaker despite the hype... Him: So you wouldn't use it? ["So you'd not recommend folk use it?" or somesuch...] Me: I'd not use it. [I answered truthfully.] Him: So Nick, what AV _do_ you use? Me None. [Again, and _still_, truthfully.] Him: No, seriously, what AV do you use? Me: Seriously, none. If I need an AV, then I shouldn't be doing this job." [I explained that viruses are a code integrity threat and thus that "beating" them simply requires you to have good control over what code runs on your machine, etc, etc. And note that at that time "editor" of VB was really the top technical position and only secondarily a job description -- the assistant editor did much of the "publication building" work.]
Hmm. Maybe you've just found a good explanation for why I don't use an antivirus. Although viruses aren't now just a code integrity threat, and stopped being that when the first Word macro virus appeared. How can you have control over "what code runs on your machine" when, as we all know, there is *no difference* between code and data on any of the computers in use today.
Him: So I could run an ad saying "<his product> meets all the AV requirements of the Virus Bulletin editor." I like it. His last response came without him missing a beat. And would be a perfectly good example of "misleading with the truth" (everything, thus _anything_, matches the empty set). [And, no this was not the same person who provided the "definition" -- in fact, they work for major opponents in the AV industry.]
The big big dishonesty about Virus Bulletin, was the failure to disclose the relationship with Sophos. In my opinion, that should have been fully disclosed on every issue. In practice, if you didn't know about it, you'd never get told. That's a good example of "lie by omission". _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Smoodge: Micorosft & eEye Fergie (Aug 24)
- <Possible follow-ups>
- Re: Smoodge: Micorosft & eEye Fergie (Aug 24)
- Re: Smoodge: Micorosft & eEye Blue Boar (Aug 25)
- Re: Smoodge: Micorosft & eEye Fergie (Aug 25)
- Re: Smoodge: Micorosft & eEye Nick FitzGerald (Aug 25)
- Re: Smoodge: Micorosft & eEye Drsolly (Aug 25)
- Re: Smoodge: Micorosft & eEye Nick FitzGerald (Aug 25)
- Re: Smoodge: Micorosft & eEye Drsolly (Aug 26)
- Re: Smoodge: Micorosft & eEye Dude VanWinkle (Aug 26)
- Re: Smoodge: Micorosft & eEye Nick FitzGerald (Aug 25)