Anti-Virus's control fetish

NAI lawsuit exposes industry foibles

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

"Network Associates would never sponsor nor condone attempts to censor anyone anywhere."

Uttered for Forbes by NAI el Jefe Gene Hodges and published 4 February in an article in which he denied the company had tried to churlishly prevent Vmyths founder Rob Rosenberger from going forward with a commentary embarrassing to the firm. It is my favorite quote this month.


It's unparalleled, even ballsy, meretriciousness. What guts it must have taken to say it, knowing that someone could peremptorily clothesline you publicly over the issue of censorship, but betting that they would not!

But luck was no lady, the dice came up snake-eyes, and three days later New York State Attorney General Eliot Spitzer filed a lawsuit against Network Associates over an odious clause -- a "restrictive covenant" in the parlance -- that the company had employed in its end user license agreement to hinder the public's ability to criticize its software products. "It is unconscionable that a reputable software developer such as Network Associates would seek to chill and censor public speech . . ." read Spitzer's boilerplate PR.

And so everyone got another opportunity to acquaint themselves with how Network Associates wrenches true causes false ways. In this case, the messy job of damage control was left to a fixer from the legal department. "We only want to ensure that potential reviewers of our software have the most current version" is an approximation of the cant prepared for the job. It was an exquisite misapplication of language because it allows the company just enough wiggle room to discredit all potential future bad news about its product by claiming the review inaccurate due to lack of current version -- the current edition being always whatever the company says it is, always potentially one minor revision ahead of the disobedient consumer.

You must admire the propagandistic skill that went into coming up with such a thing. To twist the interpretation of a demand that is inimical to consumers into something that almost sounds solicitous takes no small measure of ingenuity. And getting a reporter to print it without immediately following it with something supercilious is an even more awe-inspiring talent.

However, this is just in the natural character of corporate anti-virus.

Too Animalistic

You see, way back in the mists of time -- like the late '90s -- the American anti-virus market was a great deal more competitive than it is now. It was accurate to call it a mutually antagonistic, animalistic industry where everybody woke up to the new day hoping everybody else had failed the night before.

Inspecting the software of competitors for the purposes of planting bad news and nasty reviews was an industry game. Many played it clandestinely; the makers of the McAfee anti-virus, however, often wound up in the spotlight for such oafish practices.

For instance, in 1997 McAfee's (now Network Associates) beta-test division uncovered a security gap in Symantec's Norton Utilities. The company promptly went to Windows Sources magazine with the information. The magazine subsequently published the code McAfee Associates had ferreted out. Outing someone's internal mess for the sake of business embarrassment is, of course, pro forma comsec practice. But I do not recall any McAfee employees checking with Symantec to see if they had the correct version of the software before publication of product hostile information.

The same year, the company "reviewed" the software of a UK-based competitor in a strange press release that complained of a "cheat mode" present in the rival product.

It read: "The cheat mode can cause Dr. Solomon's Anti-Virus Toolkit to show inflated virus detection results when the product is being reviewed by trade publications or independent third party testing organizations..."

At the time, Dr. Solomon's Anti-virus Toolkit was regularly detecting more viruses than the middlebrow McAfee anti-virus, so -- in a sense -- one could, indeed, sort of say that Solomon's virus detection rates were "inflated" with respect to the other.

As a claim, though, it sounded so irrational it had no effect other than to provoke gales of laughter in anti-virus circles at the martinet-like behavior of the company.

In 2002, however, there are far fewer competitors to wake up hating. Real competition has long since fallen by the wayside; the anti-virus industry is a long-stagnant domain. But the corporate propensity for paranoid bile remains an institutionalized part of its character. It is never surprising, then, when it spills onto consumers or any outsider who might choose to say something unfavorable.

Anyone who has worked in the anti-virus industry since the late '80s knows its fetish for controlling behavior is deeply rooted, and unlikely to be muted by just one lawsuit.

© 2001 SecurityFocus.com, all rights reserved.

Related Story

NY sues NAI so you can say McAfee sucks

Designing a Defense for Mobile Applications

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story


Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.