Tuesday, October 10, 2006

complete / total / full protection is snake oil

it's been a while since i last held a vendor's feet to the fire over advertising meant to instill a false sense of security - otherwise known as snake oil... well, i'm about to make up for that...

now, i want to make it clear that i generally don't go looking for anti-virus ad copy or marketing material, i grew out of that complete and utter bullshit a long time ago and as a result rarely ever see actual anti-virus advertisements (actually, i do my best to avoid advertisements in general because really it's all bullshit, but anyways)... i knew that misleading claims occasionally slipped into a vendors marketing material from time to time but clay (of claymania fame) brought to my attention the disturbing fact that snake-oil in the anti-virus industry is actually much more common than i had been aware or wanted to believe... on further investigation it seems to be fairly ubiquitous...

but before i really lay into them, let's start with the title of this post... we've know for a long time that 100% protection was snake oil, it was an impossible claim that obvious snake oil peddlars pushed on an unsuspecting public years ago until the community woke up and said we weren't going to accept that anymore... so then ask yourself does complete, total, or full protection represent a significantly different meaning than 100% protection? not as far as i can tell - they're the same thing just with different words in order to avoid the old snake oil alarm bells... it's not like we're talking about almost full, nearly complete, or just about total protection; these folks aren't saying that if you use their product you'll be 99 and 44 100ths percent protected, no it's complete/total/full/100 percent protection all the way...

so when mcafee creates a product whose very name is mcafee total protection they're lying to the public and their brochure that states "It offers comprehensive security that’s always on and always up to date—and the confidence that you are completely protected." is promoting a false sense of security - you are never completely or totally protected...

when sophos claims that "Sophos Anti-Virus Small Business Edition detects and disinfects viruses, spyware, Trojans and worms at every potential point of infection, ensuring networks and remote users are fully protected." they're telling you 'porkies' - you're never fully protected either...

when computer associates tells you they are "Providing Complete PC Protection from Internet Threats" they are full of hot air (or maybe something else - once again, you can't have complete protection...

when eset informs you "That means you’re purchasing more than antispyware software, you’re purchasing total-protection software. And peace of mind." they're totally full of it - because they certainly aren't giving you total protection...

when grisoft pronounces that they provide "Complete security protection against all of the most serious Internet threats, including viruses, worms, trojans, spyware, adware, hackers and spam." it is complete bunk - once again, there can be no complete protection...

when f-secure states that "F-Secure® Internet Security 2007TM provides a complete and easy-to-use protection against all Internet threats, whether they are known or previously unidentified." they're going completely overboard - complete protection against known and unidentified/unknown threats is nothing short of fantasy...

when panda software asserts that "The new Panda Internet Security 2007 offers the most complete protection so you can use the Internet with absolute peace of mind." they're actually setting you up with a double-whammy - complete protection is impossible so absolute peace of mind is entirely unwarranted... that brings up another type of misleading claim - the worry free protection... panda software really likes 'worry free' ("Browse the Internet, download any file you want, play online for hours... without any worries")...

they aren't the only ones, as trend micro clearly shows with "Trend Micro Antivirus can effectively remove viruses, email worms and Trojans that can destroy your data and files. You can use the Internet worry-free, knowing you’re protected from viruses in email messages, Internet downloads, instant messages, and removable disks."...

and norman gets into the act too with "This product combines the award winning Norman Virus Control and Norman Personal Firewall in one package to offer customers complete peace of mind while using the Internet." - no security program catches everything therefore no security program should be giving you complete peace of mind...

worry free protection that gives you peace of mind just another form of the install and forget snake oil that we've seen before and that bitdefender is proudly displaying here when they say "Ease of use and automatic updating make BitDefender Client Standard an "install and forget" antivirus product." - isn't it great how they even knew to highlight the offending phrase with quotation marks?

this isn't even all of them... i'm sure if i looked harder/longer i'd find even more vendors doing these (and similar) things... it's bad enough that the words protect and protection all by themselves suggest they're complete - you normally have to qualify their use in order to suggest anything less that complete protection - but to so blatantly do the opposite, making false claims and giving the public a false sense of security, and on such a large scale . . . . . words fail me... it makes me ashamed to admit to knowing anyone in the industry, and very glad i'm not one of them...

[edit - thanks for pointing out that the last paragraph was borked, clay... hopefully it no longer looks like the product of someone who was up way too late...]

0 comments: