Friday, December 24, 2010

getting the wrong message across

it's that time of year again, jack frost nipping at your nose and chestnuts roasting on an open fire. and while we have that fire handy, lets hold some feet to it, shall we?

see there was a post about our favourite type of malware (the virus) published on the panda security support blog by javier guerrero díaz that seems to have a number of issues that need addressing. let's jump right in.

to start with there's the issue of terminology misuse:
In fact, we still use today the term “virus” to refer to any type of malware in general, when reality shows that, except for the occasional surge, the number of viruses in circulation is much lower than that of Trojans, for example.
the public has already started to pick up the use of the term malware as an umbrella term, replacing it's previous misuse of the term virus. while javier did hint at the inaccuracy of calling all malware viruses, it would have been better to not suggest that "we" (meaning the folks at panda, including himself) still misuse terminology that way. it makes it seem ok to be sloppy with the terms (something which ultimately leads to confusion amongst those who don't know better). i would hope that technically oriented folks were more precise in their word choice.

next was some over-generalization about worms:
Computer viruses differ from other malware specimens like Trojans or worms in that the latter do not need a host to spread.
not all worms are free from the requirement of a host. win32/ska (also known as the happy99 worm) for example must infect the wsock32.dll in order to send itself over email.

there was also some over-generalization about the complexity of viruses:
Also, this characteristic makes them more complex to develop as a computer virus must know the internal structure of the file it tries to infect in order to be able to install on it.
not all viruses need to know the internal structure of the file they're infecting. overwriting infectors (which destroy the original file rather than trying to preserve it) and companion viruses (which don't actually alter the original file at all) have no such need, nor i think do macro viruses.

on top of complexity, there was also some over generalization about the scope of virus infection:
Finally, given that viruses affect all executable files on the system...
not all viruses affect all executable files on the system. some (perhaps many) are much more selective. lehigh, for example, only infected quite a few affect files that most people would not consider executable (macro viruses for example go after documents instead of executables).

i understand that the post was intended for those less familiar with the subject of viruses and malware, but the problem with over simplification is that there's no agreed upon degree to which things should be simplified. the consequence of this is that everyone presents different 'facts' and that confuses the people you're trying to explain things to. i genuinely believe it's possible to explain things to people in such a way that they can understand you without sacrificing technical accuracy. it takes effort, and i'm certainly not going to suggest that i succeed in reaching this goal in all circumstances, but at least i don't give up trying. if we accept the sacrifice then we have to accept that people will never really understand what we're talking about because we don't give them the power to do so.

finally there is the market-speak that makes me cringe every time i see it:
Any Panda Security solution will keep your computer free from viruses and other malware.
panda's *tools* (if it's really a solution, what problem does it solve?) will not keep users' systems virus free. they may keep them mostly virus/malware free, but there will always be exceptions capable of slipping through.

i've long despised the use of the term "solution" to describe things that are better presented as tools. it's a trick used by marketing to make people believe they're getting the impossible dream - perfect protection. to see these words written by someone in R&D makes me think somebody's been drinking the marketing koolaid.

worse than that, however, is the reference to keeping systems virus/malware free, without qualification or caveat. this is one of the hallmarks of snake-oil in the anti-malware industry; and guess what, when i went searching through my archives looking for examples of this i found one - involving panda! is there something in the water? is it a language thing? do i have to go looking through my archives for the intersection of panda and snake-oil to see if there's a pattern emerging?