Anti-Virus's control fetish

NAI lawsuit exposes industry foibles

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

"Network Associates would never sponsor nor condone attempts to censor anyone anywhere."

Uttered for Forbes by NAI el Jefe Gene Hodges and published 4 February in an article in which he denied the company had tried to churlishly prevent Vmyths founder Rob Rosenberger from going forward with a commentary embarrassing to the firm. It is my favorite quote this month.


It's unparalleled, even ballsy, meretriciousness. What guts it must have taken to say it, knowing that someone could peremptorily clothesline you publicly over the issue of censorship, but betting that they would not!

But luck was no lady, the dice came up snake-eyes, and three days later New York State Attorney General Eliot Spitzer filed a lawsuit against Network Associates over an odious clause -- a "restrictive covenant" in the parlance -- that the company had employed in its end user license agreement to hinder the public's ability to criticize its software products. "It is unconscionable that a reputable software developer such as Network Associates would seek to chill and censor public speech . . ." read Spitzer's boilerplate PR.

And so everyone got another opportunity to acquaint themselves with how Network Associates wrenches true causes false ways. In this case, the messy job of damage control was left to a fixer from the legal department. "We only want to ensure that potential reviewers of our software have the most current version" is an approximation of the cant prepared for the job. It was an exquisite misapplication of language because it allows the company just enough wiggle room to discredit all potential future bad news about its product by claiming the review inaccurate due to lack of current version -- the current edition being always whatever the company says it is, always potentially one minor revision ahead of the disobedient consumer.

You must admire the propagandistic skill that went into coming up with such a thing. To twist the interpretation of a demand that is inimical to consumers into something that almost sounds solicitous takes no small measure of ingenuity. And getting a reporter to print it without immediately following it with something supercilious is an even more awe-inspiring talent.

However, this is just in the natural character of corporate anti-virus.

Too Animalistic

You see, way back in the mists of time -- like the late '90s -- the American anti-virus market was a great deal more competitive than it is now. It was accurate to call it a mutually antagonistic, animalistic industry where everybody woke up to the new day hoping everybody else had failed the night before.

Inspecting the software of competitors for the purposes of planting bad news and nasty reviews was an industry game. Many played it clandestinely; the makers of the McAfee anti-virus, however, often wound up in the spotlight for such oafish practices.

For instance, in 1997 McAfee's (now Network Associates) beta-test division uncovered a security gap in Symantec's Norton Utilities. The company promptly went to Windows Sources magazine with the information. The magazine subsequently published the code McAfee Associates had ferreted out. Outing someone's internal mess for the sake of business embarrassment is, of course, pro forma comsec practice. But I do not recall any McAfee employees checking with Symantec to see if they had the correct version of the software before publication of product hostile information.

The same year, the company "reviewed" the software of a UK-based competitor in a strange press release that complained of a "cheat mode" present in the rival product.

It read: "The cheat mode can cause Dr. Solomon's Anti-Virus Toolkit to show inflated virus detection results when the product is being reviewed by trade publications or independent third party testing organizations..."

At the time, Dr. Solomon's Anti-virus Toolkit was regularly detecting more viruses than the middlebrow McAfee anti-virus, so -- in a sense -- one could, indeed, sort of say that Solomon's virus detection rates were "inflated" with respect to the other.

As a claim, though, it sounded so irrational it had no effect other than to provoke gales of laughter in anti-virus circles at the martinet-like behavior of the company.

In 2002, however, there are far fewer competitors to wake up hating. Real competition has long since fallen by the wayside; the anti-virus industry is a long-stagnant domain. But the corporate propensity for paranoid bile remains an institutionalized part of its character. It is never surprising, then, when it spills onto consumers or any outsider who might choose to say something unfavorable.

Anyone who has worked in the anti-virus industry since the late '80s knows its fetish for controlling behavior is deeply rooted, and unlikely to be muted by just one lawsuit.

© 2001 SecurityFocus.com, all rights reserved.

Related Story

NY sues NAI so you can say McAfee sucks

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
prev story


Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.