Friday, November 18, 2005

what's that so-called real story again?

bruce schneier spins a yarn quite well in his recent article on the sony DRM scandal so i'm not goint to bother making any kind of 'story' here...

read it... see if you can see what i see...

no, no, not the terminology misuse (that his own readers picked up on - in the industry it's that pesky cloaking business that makes something a rootkit, regardless of how bizarre that sounds)... no, he blames anti-virus companies for not detecting the rootkit sooner...

hello?!?! where was bruce almighty during that period, hmm?? where was his company counterpane and their managed security solution? didn't they detect anything??? we're talking managed security here, with actual people at the helm rather than the automatons that anti-virus software represents... i don't recall bruce raising the initial alarm, do you?

anti-virus software detects what it knows... how does it get to know something? by the people who make it being given samples or at least pointed in the right general direction as f-secure was...

how exactly were they going to get that information sooner than they did? ('chance' is the only way i can see that happening) and without that how were they supposed to detect it? are anti-virus companies supposed to sift through and analyze every line of code on the planet, and if so are we to believe audio CDs should have been high on their priority list?

and then, to go on and make the disingenious statement that that kind of protection is exactly what we pay anti-virus companies for when he knows damn well (writes about it, talks about it, made a business model out of it) that real security isn't as simple as installing software and expecting it to protect you, that it's a process, that it requires real people making intelligent and informed security decisions - i'm sure that made for good copy but it's still hipocrisy... people protect computers, the software is just a tool to help them do the job... and of course no security, no matter how good, is perfect...

anti-virus software cannot protect you from everything all the time... many of them have no anti-rootkit technology yet, and detection of phoning home is generally relegated to the software firewalls...

bruce appears to be too far removed from the anti-virus community (note, i'm not specifying the industry) to get it... i've been part of the community for well over a decade and the only person i know who even mentions his name is me... i suspect the security guru simply considers viruses to be a small niche in the overall security landscape, and that may be true but the devil's in the details and those are something he isn't displaying a firm grasp of here...

i'm no anti-virus apologist here, though... he did get one thing right, any av company that wasn't all over this when the new broke deserves a swift boot in the ass... f-secure shouldn't have been the only av company denouncing sony's move from the get-go...