Tuesday, July 17, 2007

microsoft's anti-malware ethical conflict

regular readers can probably recall me saying that anti-virus companies don't hire virus writers on occasion... i've called the notion that anti-virus companies are paying for the creation of viruses an urban myth because it would just be too hard to keep that sort of thing secret from their competitors and if their competitors found out about it they'd use it to hurt the company and free up some of it's market share for themselves... each company acts as a watchdog for the others, waiting to blow the whistle on ethical misconduct and in this way they actually help to keep each other honest...

now you'd think this same principle would work for other forms of malware besides viruses, but as i've shown in the past (here and here) that's not always the case... still, it should probably come as a surprise that microsoft, after sinking untold amounts of resources into entering the anti-malware market, has filed for patents on adware/spyware technology... no, not anti-adware/anti-spyware technology, literally technology to serve you ads (adware) based on the contents of your hard drive (spyware)...

so not only does microsoft have conflict where their anti-malware software may prove a disincentive to fixing vulnerabilities in their other software (not to mention that they're charging you money to protect against threats exploiting flaws in their other software) but now they have an ethical conflict where they're considering producing malware and anti-malware at the same time... apparently some of the PHBs at microsoft haven't gotten the memo yet about the new ethical constraints of the company now that it produces anti-malware software... let me put it as bluntly as possible: if you're going to be an anti-malware company you have to be anti-malware... that means no malware creation or malware-based revenue for you...

i, for one, would neither feel comfortable using nor endorsing the use of anti-malware software produced by an entity that ever seriously considered producing malware, never mind one that did so while producing the anti-malware in question at the same time...

2 comments:

cdman83 said...

IMHO it is too early to cry wolf just yet. As others have pointed out, they just patented the idea, and probably won't use it in the next couple of years. Also, malware != adware, and adware can be a legitimate business where the user agrees to see advertisement in exchange for other benefits (a subsidized version of Windows for example). The things that gave a bad name to a technique which is widely deployed and accepted in the non-digital world (TV, press, etc) are confusing EULA's and hidden installs (or to simply put, greed).

kurt wismer said...

"As others have pointed out, they just patented the idea, and probably won't use it in the next couple of years."

the next couple of years? are they going to stop making anti-malware products in the next couple of years? if they ever use it it will be bad... the fact that they're even considering it, that they're investigating this line of behaviour is bad enough...

"Also, malware != adware, and adware can be a legitimate business where the user agrees to see advertisement in exchange for other benefits (a subsidized version of Windows for example)."

i know that... i acknowledged that in a comment on the computer defense blog where i said:
"i’m aware that not all adware is necessarily malware (i believe i may have even mentioned that in my adware explanation), in face i was a 3web and netzero user… the patent doesn’t just describe showing ads, it describes showing targeted ads where the targeting is based on potentially all the data on your hard drive… adware is ‘ok’ so long as it’s up front about what it’s doing and and so long as you have the choice not to use it - the only people who wouldn’t be disturbed by the privacy invasion required for targeting the ads in this case (virtually all data is fair game for targeting purposes) are those with literally nothing to hide and that population is incredibly small so how can such an adware platform be successful and still transparent enough to be ‘ok’? i can’t see a way, but i can see people feeling like they don’t have a real choice except to us microsoft’s products regardless of the ads or anything else hidden in the eula…"