Tuesday, September 01, 2009


ah, camping... there's nothing quite like getting away from it all to put things in perspective. not that i sat around the campsite the whole time thinking about malware (gosh that would have been a lame camping trip if i did), but there were times when there was nothing but me, my thoughts, and the patter of rain pouring on my tent so those thoughts of mine wandered around a bit and i realized that some people (especially the people i interact with on blogs or on twitter) may not always get where i'm coming from with this blog.

i've said on more than one occasion that i am not an expert - fair enough. it also happens that i am not a security professional. i'm not the guy who protects you from yourself and everything else while you're at work (thank goodness i don't have to put up with some of the crazy shit other people pull). i'm not a security market analyst (again, thank goodness, i can't stand marketing - it's mostly just a pack of lies). i'm not a malware analyst either (who knows, i might have been good at it if it were a skill i ever bothered to foster, but i didn't).

i don't spend my time looking for bad stuff on-line and marveling over how easy it is for the average person to stumble across it. quite the opposite in fact, i'm far more interested in how easy (and in my experience it is fairly easy) to avoid bad stuff online. i play games, watch videos, read my rss feeds, etc. rather than tracking bad guys or pulling apart attacks. i do what normal users do because, more than anything else, i am a user.

and that is perhaps the main reason i believe in users more than many security folks seem to - because i'm one of them. i'm what other users could be with the proper motivation. the proper motivation isn't even an unreasonable expectation - it's merely the desire to protect oneself (a fairly natural thing) tempered with the understanding that the problem will always be there. it has nothing to do with some perverse interest in the dark arts, or some intense curiosity about how various threats work (otherwise i probably would have tried my hand at malware analysis). my primary interest is in protecting myself and long ago (not long after i started learning how to do that) i realized that other people would be better off if they more or less did things the way i did them. after all, i've never, in all my years, been the unwitting victim of malware.

now you could say that's because i'm a programmer (though that certainly doesn't seem to have helped other programmers and there really isn't any programming involved in avoiding threats) or because i'm a computer scientist (ditto for the comp.sci.'s). maybe it's because i have specialized knowledge (i didn't always have it) or maybe i've just been exceptionally lucky for the past 20 years or so (if you think that then you obviously don't know me very well). as the experts will tell you the malware landscape has evolved over the years - and the fact of the matter is, so have i, and so can others.

i'm not a fanboy or a zealot, i'm a security user - i use security, it's concepts, it's techniques, it's tools, etc. to protect myself. i use what works in the process of using the computer to do things like work or play. i operate in a different way than the average user but my use of security does not detract from my ability to get a job done or enjoy online entertainment.

and so to all those people who say av is dead because it doesn't live up to the promise of marketing's lies, or those who say security needs to compromise because users don't want to change the way they operate, or anyone else who thinks we need to tear down progress we've already made (as opposed to building on it) because it's not good enough - i say get over it you maladaptive dinosaurs.