Anti-Virus's control fetish

NAI lawsuit exposes industry foibles

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

"Network Associates would never sponsor nor condone attempts to censor anyone anywhere."

Uttered for Forbes by NAI el Jefe Gene Hodges and published 4 February in an article in which he denied the company had tried to churlishly prevent Vmyths founder Rob Rosenberger from going forward with a commentary embarrassing to the firm. It is my favorite quote this month.


It's unparalleled, even ballsy, meretriciousness. What guts it must have taken to say it, knowing that someone could peremptorily clothesline you publicly over the issue of censorship, but betting that they would not!

But luck was no lady, the dice came up snake-eyes, and three days later New York State Attorney General Eliot Spitzer filed a lawsuit against Network Associates over an odious clause -- a "restrictive covenant" in the parlance -- that the company had employed in its end user license agreement to hinder the public's ability to criticize its software products. "It is unconscionable that a reputable software developer such as Network Associates would seek to chill and censor public speech . . ." read Spitzer's boilerplate PR.

And so everyone got another opportunity to acquaint themselves with how Network Associates wrenches true causes false ways. In this case, the messy job of damage control was left to a fixer from the legal department. "We only want to ensure that potential reviewers of our software have the most current version" is an approximation of the cant prepared for the job. It was an exquisite misapplication of language because it allows the company just enough wiggle room to discredit all potential future bad news about its product by claiming the review inaccurate due to lack of current version -- the current edition being always whatever the company says it is, always potentially one minor revision ahead of the disobedient consumer.

You must admire the propagandistic skill that went into coming up with such a thing. To twist the interpretation of a demand that is inimical to consumers into something that almost sounds solicitous takes no small measure of ingenuity. And getting a reporter to print it without immediately following it with something supercilious is an even more awe-inspiring talent.

However, this is just in the natural character of corporate anti-virus.

Too Animalistic

You see, way back in the mists of time -- like the late '90s -- the American anti-virus market was a great deal more competitive than it is now. It was accurate to call it a mutually antagonistic, animalistic industry where everybody woke up to the new day hoping everybody else had failed the night before.

Inspecting the software of competitors for the purposes of planting bad news and nasty reviews was an industry game. Many played it clandestinely; the makers of the McAfee anti-virus, however, often wound up in the spotlight for such oafish practices.

For instance, in 1997 McAfee's (now Network Associates) beta-test division uncovered a security gap in Symantec's Norton Utilities. The company promptly went to Windows Sources magazine with the information. The magazine subsequently published the code McAfee Associates had ferreted out. Outing someone's internal mess for the sake of business embarrassment is, of course, pro forma comsec practice. But I do not recall any McAfee employees checking with Symantec to see if they had the correct version of the software before publication of product hostile information.

The same year, the company "reviewed" the software of a UK-based competitor in a strange press release that complained of a "cheat mode" present in the rival product.

It read: "The cheat mode can cause Dr. Solomon's Anti-Virus Toolkit to show inflated virus detection results when the product is being reviewed by trade publications or independent third party testing organizations..."

At the time, Dr. Solomon's Anti-virus Toolkit was regularly detecting more viruses than the middlebrow McAfee anti-virus, so -- in a sense -- one could, indeed, sort of say that Solomon's virus detection rates were "inflated" with respect to the other.

As a claim, though, it sounded so irrational it had no effect other than to provoke gales of laughter in anti-virus circles at the martinet-like behavior of the company.

In 2002, however, there are far fewer competitors to wake up hating. Real competition has long since fallen by the wayside; the anti-virus industry is a long-stagnant domain. But the corporate propensity for paranoid bile remains an institutionalized part of its character. It is never surprising, then, when it spills onto consumers or any outsider who might choose to say something unfavorable.

Anyone who has worked in the anti-virus industry since the late '80s knows its fetish for controlling behavior is deeply rooted, and unlikely to be muted by just one lawsuit.

© 2001 SecurityFocus.com, all rights reserved.

Related Story

NY sues NAI so you can say McAfee sucks

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.