Google’s Open Source Programs Manager, Chris DiBona recently pointed out how IT security industry charlatans keep making false claims to push the sales of their software products and consulting services.
“If you read an analyst report about ‘viruses’ infecting ios, android or rim,” says Chris, “you now know that analyst firm is not honest and is staffed with charlatans. There is probably an exception, but extraordinary claims need extraordinary evidence.”
Sadly, the computer press tends to accept these extraordinary claims at face value and allows the charlatans to repeat their snake oil pitches without subjecting them to critical analysis.
Fortunately for those who care about the security of their home and business IT systems, there are ways to spot the charlatans and their dodgy wares.
The Big Target theory
When you read a claim that the Windows malware epidemic of the early 2000s was due to Microsoft being a big target as opposed to the tiny market shares of Apple and Linux, you can be sure they are the words of someone who is at best clueless selling a dubious product.
This theory is nonsense, as I’ve explained previously, and anyone who genuinely believes this has no experience in dealing with the poorly secured operating systems that were Window98, Me and the early versions of XP.
If you are confronted by somebody making this claim ask them why, now smartphones are outselling desktop computers, where is the widespread malware promised for mobile systems? It doesn’t exist for exactly the reasons Chris gives in his Google+ post.
Real Soon Now
The other key indicator is the “real soon now” claims – that a virus is about to burst onto the scene that will rub the smile off the face of smug Mac and Linux users.
Invariably the hysterical headlines are backed up with claims, almost always taken from a vendor’s press release, that a security company’s researchers have identified a threat that is about exploit wilfully clueless users.
Daring Fireball’s John Gruber has done an excellent job of dismantling this rubbish in his classic post “Wolf”.
His post was provoked by the ‘news’ that a wave of Apple malware was on its way. That was six months ago and we’re waiting. John tracked similar stories back to 2004, none of which came to fruition.
The modern snake oil men have an advantage in that tech journalists are desperate for page views and in many media organisations they no longer have the resources to critically analyse PR claims.
Sadly there are real security issues that home and business users need to be aware of. Of course, much of the solution for this doesn’t sell dubious antivirus or expensive consulting services.
In some respects, the proliferation of these stories is a reflection of the decline of the mainstream media business model.
As more ‘news’ stories become lightly rewritten PR spin, the less readers take those outlets seriously and once trusted journals of record become little better than online gossip rags.
Important issues, like information security, deserve more than repeating the lies of those who profit from fear, uncertainty and doubt.
Not still waiting after six months – see flashback virus and rather high infection rates on Mac. Otherwise agree
Well it was six months at the time of writing.
One of the interesting things with the Flashback worm/Trojan is that none of the Mac Apocalypse crowd predicted the first widespread Mac malware would come from third party software like Java. Which illustrates just how flaky many of these “security experts” are.