Wednesday, October 26, 2011

marketing bullshit isn't just from marketing departments

so apparently there's a conference going on right now called hacker halted. i heard mention of it a few days ago but paid little attention because frankly there are just too many security conferences to keep track of. what piqued my interest yesterday, however, was a retelling of something george kurtz is supposed to have said in one of the keynotes at the conference - specifically, he's quoted as saying the following (from @InfosecurityMag's tweet)
industry has to move beyond signatures and customers need to demand this from the vendors. We need to change and adapt
now i have to admit i had no idea who george kurtz was. fact of the matter is i have no idea who most people in the security field are (so if you're wondering why i don't follow you back on twitter or add you to a circle on google+, that's a strong contender for the reason why). i thought he was just some crank talking about things he didn't really know much about (more common than you might think, unfortunately) because the AV industry hasn't been relying exclusively on signatures for quite a long time.

imagine my surprise to discover george kurtz is actually the chief technology officer at mcafee, of all places. would such a highly titled representative of an AV company really say such a bizarre thing? well, if symantec's CEO can claim the virus problem is solved, then i guess so, but it still begs the question "what was he thinking?"

thankfully rik ferguson managed to tease a little something extra out of george on twitter
George Kurtz woke up in 2008 today "industry has to move beyond signatures". Helloooo? McFly?
@rik_ferguson maybe you missed the part about the hardware assisted security. Opps.. forgot you don't really have that at Trend.
and there we have it; the quote that people are fawning over (or scratching their heads over) was actually marketing bullshit. oh sure, on the the surface it looks like an AV big wig eating crow and admitting that his company isn't doing a good enough job and needs to improve; just the kind of frank confession we're all waiting for the AV industry to make. but with this added wrinkle we see that's not it at all. george's company supposedly already has improved and it's everybody else who still has the problem. mcafee has this licked, mcafee is the solution, buy mcafee.

no, he didn't actually say 'mcafee is the solution, buy mcafee' (to the best of my knowledge), but that is the reality distortion he's setting up - and distorting reality that way is the hallmark of marketing. all that remains is to publicly declare that deepsafe (their hardware assist technology that they announced over a month ago) is how you "move beyond signatures" and the marketing message will be complete with reality suitably distorted to mcafee's benefit and everyone else's detriment.

now you might be thinking to yourself that this can't be true, that such a highly placed and well respected security expert would never stoop to such base gamesmanship. the fact is that not only do most public faces of the industry practice marketing regularly in the process of representing their respective companies, but most high profile speakers rise above the rest not strictly by merit but by effectively selling themselves and building their personal brands - and if they have to stretch the truth or fuzz the facts or distort reality to make their message more palatable to the masses and give themselves more cache and influence, then so be it.

and the unfortunate consequence of this is that, due to the fact that the rest of us rely on such speakers to inform us, much of what the majority of us know about the the subject matter in question is actually somewhat wrong in subtle (or not so subtle) ways. reality distortion interferes with the formation of accurate mental models and that in turn interferes with people's ability to deal with the parts of the real world those models are supposed to represent. one of the things i've tried to impress on people in the past is that they need to stop listening to marketing, but i realize now that i don't have an easy method for them to recognize it in the first place. at least not without developing much more thorough knowledge than they currently have, and to do so without relying on apparent authorities on the subject in question is no easy task.

no, marketing bullshit isn't restricted to the glossy pages of a magazine or the cover of a box or an ad on tv. it's not just the product of marketing departments. it's woven into the very fabric of what we think we know, and it's hurting us.


MarkBiwwa said...

If McAfee ever truly solved the virus problem, McAfee stock would be worthless the day after, as would their employees, directors and the good gentleman who gave the talk.

kurt wismer said...


to my knowledge no one at mcafee has ever made the claim that the virus problem was solved. the CEO of symantec (the norton anti-virus folks) is the one who made that claim. it was obviously bogus, however.

i'm not so sure that the companies would be in such bad shape if the virus problem were solved, however. people keep buying new versions of microsoft office so i suspect there's a way to get them to keep buying new versions of anti-virus products too.

Sean said...

Marketing doesn't equal bullshit. Bullshit equals bullshit.

Your post reads better if “marketing bullshit” is replaced with just “bullshit”.

There are many examples of good marketing, politicking, evangelism, promotion, et cetera. Less good/bad examples of the same often make use of bullshit.

I don't think Kurtz's statement is “marketing” but it might be… something else.

kurt wismer said...


i'm afraid i don't agree with your view of marketing.

marketing, the act of promoting an product or person or idea, cannot own up to the failings of what is being promoted (unless those failings are valued, and then are they really failings?) because that works against the goals of promotion. as such, marketing must necessarily present a distorted view of reality, with all the negative associated consequences.

now it wouldn't be fair to say that people who do marketing don't occasionally own up to failings, but doing so isn't part of marketing.

Sean said...

Obviously you don't. :-)

“cannot own up to the failings of what is being promoted”???

So… if I market Sting concert tickets to Sting fans by saying “it's Sting, you like him, come see the show” -- what is the failing that needs to be owned up to? That non-Sting fans won't enjoy the show? I'm not marketing to non-Sting fans… there is no failing. Some marketing simply involves promoting the existence of a product or service that people already want without needing to be convinced.

If I market Sting concert tickets as something that *everybody* will enjoy… the best experience of all time… then that would be bullshit.

You're confusing the marketing of a "negative-sell" with all forms of marketing.

kurt wismer said...


one failing is that i don't actually like him, another (potential) one is that even if i did like him there may be something even better going on at the same time that you've omitted (maybe even through no fault of your own).

promotion without persuasion? something seems not quite right with that idea.

promotion advances one thing (or one set of things) above others without admitting that one or more of those others may actually be better. this is a form of persuasion that is inherent in all promotion.

Jerry said...


I'm curious how George would respond to your blog about him.

Why don't you invite him over?

kurt wismer said...


if someone wants to tell george about this blog then by all means go for it. i'm not particularly concerned with doing so myself, however. this is a rant, after all - much of the value to me is in simply getting something off my chest.

this blog post isn't specifically about george, by the way. i simply used him and the thoughts he's expressed as an example of a broader phenomenon that i've been observing for some time.

vendors and customers interests are not aligned - this is one of the ways in which they diverge.

Jerry said...

I just think it would be more interesting for this guy from McAfee to discuss his point of view from your blog.

kurt wismer said...


well jerry, i don't have any special avenue through which to reach out to him. all i know is available in this post. you are just as capable of contacting him as i am and i certainly can't stop you from pointing him this way.

Jerry said...


He's waiting.

kurt wismer said...

"He's waiting."

as are you, it seems, but i'm not sure why.

i know his twitter handle, i linked to one of his tweets. i also know readers like you know his twitter handle for exactly the same reason.

you know what i know, and you want something, so what's stopping you from going out and getting it?

Jerry said...

If you were McAfee's Chief Technology Officer, how would you personally handle any changes and upgrades to the product?

kurt wismer said...


why would changes and upgrades to the product need to be handled? what kind of handling are you talking about? could you rephrase the question, perhaps?