Feeds

Cyberwar is Hell

AV profiteers delight

  • alert
  • submit to reddit

SANS - Survey on application security programs

Cyberwar is Hell, but never too hellish for feverish salesmanship. Take, for example, McAfee's recent botched attempt to sell the public on the merits of the fiendish "JPEG virus" said to be hanging over beloved digital stockpiles of family photos and Swedish pornography like the sword of Damocles.

The corporate deployment of fear and loathing started strong but quickly fizzled. While the Associated Press fell for the McAfee news ruse, publishing a corporate mouthpiece's blank claim that "[potentially] no file type could be safe" -- few others were quite so impressed.

The citizens of Slashdot, always edgy bellwethers of computer-geek tech and opinion, scoffed and revolted. A brief lynching-in-absentia party in honor of the anti-virus firm was held. A few loose cannons even went Oliver Stone, going so far as to toss around the old and much beloved conspiracy theory that the A-V industry is either hiring virus-writers or spreading their wares in order to massage sales.

But even though the JPEG virus stunt fell flat, when cyberwar is threatening, no amount of potential ill will or discouraging word can stay the dedicated computer security shill from his work.

So last week the Business Software Alliance emitted a "survey" which claimed many of its participants were convinced a major cyber-attack would be launched at the American government in the next twelve months.

It was critical, wrote flacks for the BSA, that the Bush administration move swiftly and not shirk in its "financial and philosophical commitments" -- i.e., the accelerated purchasing of more security software and consulting services -- in order to secure the infrastructure of the nation against the approaching cyber-attack. Vendors camouflaged within the BSA press release emerged to beat their breasts and assert that they stood ready to do their duty to help protect against the foul strike they knew was coming. Hurry with those financial and philosophical commitments, though.

"This survey accentuates the importance of network security and availability of solutions in the fortification of our homeland defense," said the president of Network Associates. It was insincere, stilted theatre but slightly superior, by virtue of vagueness, than the easily laughed off claims about the JPEG virus. (But will it be enough to make people forget about that unfortunate SEC investigation?)

Pros were hired and separate public relations firms with names like Ipsos and Edelman were enlisted to take the word of cyber-strike to the press for their BSA clients.

One foolish but very enthusiastic adjutant even wrote me to attest that security reps were alertly standing by to provide me with "color commentary" on the cyber-attack. He assured me that they would be able to tell readers and, by extension, government buyers what they should be thinking while preparing for the assault. They would know the right stuff, he indicated, because the clients had contracts with the Department of Defense, the FBI, the National Security Agency, and such. Since color comment is my specialty, there was no need to take him up on the offer.

Then it occurred to me that the cyberwar on terror, just like the real war on terror, really was a new kind of conflict. It was obvious that the job of rallying the country against the virtual danger of viruses could not be left to amateurs. Only heavy-handed PR and other stealthy special operations were to be trusted with this task. The cyberwar on terror would only be won if we were treated like fragile mushrooms, carefully kept in the dark and fed a rich mix of manure on the nature of roving computer danger.

Appeals to open the wallet in the name of patriotism and duty are common ingredients.

The National Cyber Security Alliance is another obscurely named group of vendors that has tasked itself with this job. One of its websites, Stay Safe Online, purports to offer on-line "tech talk" on net self-defense. While the substantive talk is thin, the message is thick.

"Protect Your Computer, Protect Your Country's Cyber-Infrastructure!" was the title of one safety chat, hosted by a Norton anti-virus salesman. "Your computer can be used to launch a cyber attack against the Web sites of other people and businesses, so make sure your computer has the proper Internet security software installed and help protect your country!" its introduction thundered.

Infected chips sink ships! Beware of careless installs!

Remember, Uncle Sam wants you ... to buy anti-virus software.

© 2002 SecurityFocus.com, all rights reserved.

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.