Anti-Virus's control fetish
NAI lawsuit exposes industry foibles
"Network Associates would never sponsor nor condone attempts to censor anyone anywhere."
Uttered for Forbes by NAI el Jefe Gene Hodges and published 4 February in an article in which he denied the company had tried to churlishly prevent Vmyths founder Rob Rosenberger from going forward with a commentary embarrassing to the firm. It is my favorite quote this month.
It's unparalleled, even ballsy, meretriciousness. What guts it must have taken to say it, knowing that someone could peremptorily clothesline you publicly over the issue of censorship, but betting that they would not!
But luck was no lady, the dice came up snake-eyes, and three days later New York State Attorney General Eliot Spitzer filed a lawsuit against Network Associates over an odious clause -- a "restrictive covenant" in the parlance -- that the company had employed in its end user license agreement to hinder the public's ability to criticize its software products. "It is unconscionable that a reputable software developer such as Network Associates would seek to chill and censor public speech . . ." read Spitzer's boilerplate PR.
And so everyone got another opportunity to acquaint themselves with how Network Associates wrenches true causes false ways. In this case, the messy job of damage control was left to a fixer from the legal department. "We only want to ensure that potential reviewers of our software have the most current version" is an approximation of the cant prepared for the job. It was an exquisite misapplication of language because it allows the company just enough wiggle room to discredit all potential future bad news about its product by claiming the review inaccurate due to lack of current version -- the current edition being always whatever the company says it is, always potentially one minor revision ahead of the disobedient consumer.
You must admire the propagandistic skill that went into coming up with such a thing. To twist the interpretation of a demand that is inimical to consumers into something that almost sounds solicitous takes no small measure of ingenuity. And getting a reporter to print it without immediately following it with something supercilious is an even more awe-inspiring talent.
However, this is just in the natural character of corporate anti-virus.
You see, way back in the mists of time -- like the late '90s -- the American anti-virus market was a great deal more competitive than it is now. It was accurate to call it a mutually antagonistic, animalistic industry where everybody woke up to the new day hoping everybody else had failed the night before.
Inspecting the software of competitors for the purposes of planting bad news and nasty reviews was an industry game. Many played it clandestinely; the makers of the McAfee anti-virus, however, often wound up in the spotlight for such oafish practices.
For instance, in 1997 McAfee's (now Network Associates) beta-test division uncovered a security gap in Symantec's Norton Utilities. The company promptly went to Windows Sources magazine with the information. The magazine subsequently published the code McAfee Associates had ferreted out. Outing someone's internal mess for the sake of business embarrassment is, of course, pro forma comsec practice. But I do not recall any McAfee employees checking with Symantec to see if they had the correct version of the software before publication of product hostile information.
The same year, the company "reviewed" the software of a UK-based competitor in a strange press release that complained of a "cheat mode" present in the rival product.
It read: "The cheat mode can cause Dr. Solomon's Anti-Virus Toolkit to show inflated virus detection results when the product is being reviewed by trade publications or independent third party testing organizations..."
At the time, Dr. Solomon's Anti-virus Toolkit was regularly detecting more viruses than the middlebrow McAfee anti-virus, so -- in a sense -- one could, indeed, sort of say that Solomon's virus detection rates were "inflated" with respect to the other.
As a claim, though, it sounded so irrational it had no effect other than to provoke gales of laughter in anti-virus circles at the martinet-like behavior of the company.
In 2002, however, there are far fewer competitors to wake up hating. Real competition has long since fallen by the wayside; the anti-virus industry is a long-stagnant domain. But the corporate propensity for paranoid bile remains an institutionalized part of its character. It is never surprising, then, when it spills onto consumers or any outsider who might choose to say something unfavorable.
Anyone who has worked in the anti-virus industry since the late '80s knows its fetish for controlling behavior is deeply rooted, and unlikely to be muted by just one lawsuit.
© 2001 SecurityFocus.com, all rights reserved.
Sponsored: Becoming a Pragmatic Security Leader