Feeds

Cyberwar is Hell

AV profiteers delight

  • alert
  • submit to reddit

Reducing security risks from open source software

Cyberwar is Hell, but never too hellish for feverish salesmanship. Take, for example, McAfee's recent botched attempt to sell the public on the merits of the fiendish "JPEG virus" said to be hanging over beloved digital stockpiles of family photos and Swedish pornography like the sword of Damocles.

The corporate deployment of fear and loathing started strong but quickly fizzled. While the Associated Press fell for the McAfee news ruse, publishing a corporate mouthpiece's blank claim that "[potentially] no file type could be safe" -- few others were quite so impressed.

The citizens of Slashdot, always edgy bellwethers of computer-geek tech and opinion, scoffed and revolted. A brief lynching-in-absentia party in honor of the anti-virus firm was held. A few loose cannons even went Oliver Stone, going so far as to toss around the old and much beloved conspiracy theory that the A-V industry is either hiring virus-writers or spreading their wares in order to massage sales.

But even though the JPEG virus stunt fell flat, when cyberwar is threatening, no amount of potential ill will or discouraging word can stay the dedicated computer security shill from his work.

So last week the Business Software Alliance emitted a "survey" which claimed many of its participants were convinced a major cyber-attack would be launched at the American government in the next twelve months.

It was critical, wrote flacks for the BSA, that the Bush administration move swiftly and not shirk in its "financial and philosophical commitments" -- i.e., the accelerated purchasing of more security software and consulting services -- in order to secure the infrastructure of the nation against the approaching cyber-attack. Vendors camouflaged within the BSA press release emerged to beat their breasts and assert that they stood ready to do their duty to help protect against the foul strike they knew was coming. Hurry with those financial and philosophical commitments, though.

"This survey accentuates the importance of network security and availability of solutions in the fortification of our homeland defense," said the president of Network Associates. It was insincere, stilted theatre but slightly superior, by virtue of vagueness, than the easily laughed off claims about the JPEG virus. (But will it be enough to make people forget about that unfortunate SEC investigation?)

Pros were hired and separate public relations firms with names like Ipsos and Edelman were enlisted to take the word of cyber-strike to the press for their BSA clients.

One foolish but very enthusiastic adjutant even wrote me to attest that security reps were alertly standing by to provide me with "color commentary" on the cyber-attack. He assured me that they would be able to tell readers and, by extension, government buyers what they should be thinking while preparing for the assault. They would know the right stuff, he indicated, because the clients had contracts with the Department of Defense, the FBI, the National Security Agency, and such. Since color comment is my specialty, there was no need to take him up on the offer.

Then it occurred to me that the cyberwar on terror, just like the real war on terror, really was a new kind of conflict. It was obvious that the job of rallying the country against the virtual danger of viruses could not be left to amateurs. Only heavy-handed PR and other stealthy special operations were to be trusted with this task. The cyberwar on terror would only be won if we were treated like fragile mushrooms, carefully kept in the dark and fed a rich mix of manure on the nature of roving computer danger.

Appeals to open the wallet in the name of patriotism and duty are common ingredients.

The National Cyber Security Alliance is another obscurely named group of vendors that has tasked itself with this job. One of its websites, Stay Safe Online, purports to offer on-line "tech talk" on net self-defense. While the substantive talk is thin, the message is thick.

"Protect Your Computer, Protect Your Country's Cyber-Infrastructure!" was the title of one safety chat, hosted by a Norton anti-virus salesman. "Your computer can be used to launch a cyber attack against the Web sites of other people and businesses, so make sure your computer has the proper Internet security software installed and help protect your country!" its introduction thundered.

Infected chips sink ships! Beware of careless installs!

Remember, Uncle Sam wants you ... to buy anti-virus software.

© 2002 SecurityFocus.com, all rights reserved.

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Microsoft: You NEED bad passwords and should re-use them a lot
Dirty QWERTY a perfect P@ssword1 for garbage websites
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.