Wednesday, October 26, 2011

marketing bullshit isn't just from marketing departments

so apparently there's a conference going on right now called hacker halted. i heard mention of it a few days ago but paid little attention because frankly there are just too many security conferences to keep track of. what piqued my interest yesterday, however, was a retelling of something george kurtz is supposed to have said in one of the keynotes at the conference - specifically, he's quoted as saying the following (from @InfosecurityMag's tweet)
industry has to move beyond signatures and customers need to demand this from the vendors. We need to change and adapt
now i have to admit i had no idea who george kurtz was. fact of the matter is i have no idea who most people in the security field are (so if you're wondering why i don't follow you back on twitter or add you to a circle on google+, that's a strong contender for the reason why). i thought he was just some crank talking about things he didn't really know much about (more common than you might think, unfortunately) because the AV industry hasn't been relying exclusively on signatures for quite a long time.

imagine my surprise to discover george kurtz is actually the chief technology officer at mcafee, of all places. would such a highly titled representative of an AV company really say such a bizarre thing? well, if symantec's CEO can claim the virus problem is solved, then i guess so, but it still begs the question "what was he thinking?"

thankfully rik ferguson managed to tease a little something extra out of george on twitter
George Kurtz woke up in 2008 today "industry has to move beyond signatures". Helloooo? McFly?
@rik_ferguson maybe you missed the part about the hardware assisted security. Opps.. forgot you don't really have that at Trend.
and there we have it; the quote that people are fawning over (or scratching their heads over) was actually marketing bullshit. oh sure, on the the surface it looks like an AV big wig eating crow and admitting that his company isn't doing a good enough job and needs to improve; just the kind of frank confession we're all waiting for the AV industry to make. but with this added wrinkle we see that's not it at all. george's company supposedly already has improved and it's everybody else who still has the problem. mcafee has this licked, mcafee is the solution, buy mcafee.

no, he didn't actually say 'mcafee is the solution, buy mcafee' (to the best of my knowledge), but that is the reality distortion he's setting up - and distorting reality that way is the hallmark of marketing. all that remains is to publicly declare that deepsafe (their hardware assist technology that they announced over a month ago) is how you "move beyond signatures" and the marketing message will be complete with reality suitably distorted to mcafee's benefit and everyone else's detriment.

now you might be thinking to yourself that this can't be true, that such a highly placed and well respected security expert would never stoop to such base gamesmanship. the fact is that not only do most public faces of the industry practice marketing regularly in the process of representing their respective companies, but most high profile speakers rise above the rest not strictly by merit but by effectively selling themselves and building their personal brands - and if they have to stretch the truth or fuzz the facts or distort reality to make their message more palatable to the masses and give themselves more cache and influence, then so be it.

and the unfortunate consequence of this is that, due to the fact that the rest of us rely on such speakers to inform us, much of what the majority of us know about the the subject matter in question is actually somewhat wrong in subtle (or not so subtle) ways. reality distortion interferes with the formation of accurate mental models and that in turn interferes with people's ability to deal with the parts of the real world those models are supposed to represent. one of the things i've tried to impress on people in the past is that they need to stop listening to marketing, but i realize now that i don't have an easy method for them to recognize it in the first place. at least not without developing much more thorough knowledge than they currently have, and to do so without relying on apparent authorities on the subject in question is no easy task.

no, marketing bullshit isn't restricted to the glossy pages of a magazine or the cover of a box or an ad on tv. it's not just the product of marketing departments. it's woven into the very fabric of what we think we know, and it's hurting us.