Critics Say Antivirus Firms Pumping Up Fear!

Discussion in 'other security issues & news' started by Technodrome, Jun 24, 2002.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Feb 13, 2002
    New York
    "Did you catch the JPEG virus last week? No, you didn't. The new computer contagion, according to antivirus softwaremaker McAfee, takes advantage of one of the Internet's most popular uses - e-mailing photos - to get dangerous code onto computers.

    But no one caught it because, despite a news release from McAfee that warned "potentially, no file type could be safe," the virus was just someone's project, e-mailed directly to McAfee by its creator. It never became an infection, much less an epidemic.

    Critics say the fact that McAfee - a division of Network Associates (NYSE: NET) of Santa Clara, Calif. - sent out a news release about such a nonmenace to the public is the latest example of virus hype aimed to pump up sales of the $30 to $50 antivirus software packages that McAfee and rivals such as Symantec (Nasdaq: SYMC) of Cupertino, Calif., sell.

    Questionable Motives

    That hype is having a "cry wolf" effect that could make things worse when the next serious virus threat hits, critics add.

    "I think their motives were that they saw the possibility of getting coverage from the major media," said David Perry, global director of education for Trend Micro (Nasdaq: TMIC) , a smaller company that also sells antivirus software.

    Customers and computer enthusiasts posted hundreds of messages about McAfee's recent news release on, a technology community site, echoing Perry's view. But most of them used much stronger language.

    Antivirus programs sell like umbrellas in a rainstorm when word of a big computer infection hits the newspapers and TV. When the Code Red and Nimda viruses made headlines worldwide last fall, Silicon Valley firms Symantec and Network Associates both reported jumps in consumer software sales .

    Pure Intentions

    McAfee says its intentions with the JPEG virus release were much more pure. The company said it had a duty to inform its 50 million customers it had learned about a new kind of virus, and that the news media is the most effective way of reaching out to them.

    "If we didn't do anything last week, I have the feeling that somebody would have picked up the story somewhere down the line, and our customers would be asking us why we didn't tell them," said Vincent Gullotto, senior director of McAfee Avert Labs in Beaverton, Ore.

    Actually, McAfee's news release made it clear that the new virus, while a potential future threat, posed no immediate risk.

    "There may have been more concern if they had seen it on our Web site, without having us explain what it was," Gullotto said.

    Antivirus companies say they prevent undue panic by clearly labeling virus press releases as high, medium or low risk.

    Educating the Public

    "Even looking around at the other antivirus companies, in general you find that people are pretty good about highlighting the high-risk ones," said Vincent Weafer, director of the antivirus research center for Internet security firm Symantec.

    The only reason antivirus companies sometimes alert the media about low-risk viruses, Weafer said, is to educate the public about a new kind of virus that could be a harbinger of things to come.

    The recent JPEG virus alert fell under that category, McAfee's Gullotto said.

    But industry critic Rob Rosenberger said the JPEG virus wasn't newsworthy even as a new potential kind of virus.

    "It's just another virus. Conceptually it's nothing new," said Rosenberger, who runs, a Web site critical of the antivirus industry. But because this virus used JPEGs, a popular format for e-mailing photos, McAfee knew reporters would jump on it, he said.

    Media as Accomplice

    The media has all too often been a willing accomplice in exaggerating the danger of new viruses, said George Smith, another editor at He recalled the great news attention given to 1992's "Michelangelo" virus, which was programmed to activate on the Renaissance artist's birthday, March 6.

    News reports at the time warned that Michelangelo was set to destroy data on millions of personal computers, but by March 7 the virus had actually claimed relatively few victims.

    Michelangelo was never that serious of a threat at all, Smith said. On the other hand, it's unclear whether the extensive media coverage helped prevent a catastrophe by encouraging computer users to protect themselves.

    The same scenario repeated itself seven years later, this time with news stories predicting Y2K viruses that never materialized.

    "The antivirus industry started the hubbub about it, but the news media glommed onto it and decided it was a good story," Smith said.

    Reverse Effect

    There's nothing wrong with the goal of all these warnings - getting consumers to install antivirus software, which even experts unaffiliated with the industry recommend. The problem is that the warnings are starting to have the opposite effect, said Christ Wraight, a technology consultant with the British antivirus firm Sophos.

    "Every week people hear about this killer virus out there, and it never materializes," Wraight said. "I think people start to become a little bit inured to it, the classic `Boy Who Cried Wolf' kind of thing."

    That attitude may explain why a low-level virus called Klez has been popping up in people's e-mail boxes over and over in recent months. Antivirus software can zap Klez, but only if users have updated their subscriptions. Wraight thinks people aren't installing or updating antivirus software that could stop Klez because they've become jaded about the virus threat.

    Sophos and Tokyo's Trend Miro pride themselves on avoiding the temptation to hype up viruses, and they don't hesitate to criticize their larger rivals' marketing tactics.

    But Smith disputes Sophos and Trend Micro's self-description as hype-free antivirus companies. "


  2. wizard

    wizard Registered Member

    Feb 9, 2002
    Europe - Germany - Duesseldorf
    Even more worse after the news release some online news services published the name of the virus author and offered links to download the virus from his homepage.

  3. Prince_Serendip

    Prince_Serendip Registered Member

    Apr 8, 2002
    Are there not very stringent laws against false advertising and publishing false statements in California? McAfee likes to walk on thin ice, eh? Instead of boosting their sales, I suspect that this gaff will (evident already) punch a big hole in their credibility. The AV Company cried, "Wolf!" But, no wolf! :rolleyes:
  4. Jooske

    Jooske Registered Member

    Feb 12, 2002
    Netherlands, EU near the sea
    ....till there is Wolf in sheep coat......
    Was some time ago the discussion because of this if all that updating of databases was necessary at all, if it would not be developers creating or hiring trojan/virus creators themselves to mount up their sales, etc.......
    So we can't use this kind of miss-info at all, effecting the whole market and thus our security if others won't update/protect their systems and might spread their infections around.
  5. zappa

    zappa Registered Member

    Feb 9, 2002
    Los Angeles, Ca.
    It worked on me. I went and updated all my AV, AT and SMBD.

    UNICRON Technical Expert

    Feb 14, 2002
    Nanaimo BC Canada
    I am skeptical of the AV companies purity of intent. There is too much incentive for abuse.


    Since AV companies sell AV programs for profit,

    and sell more copies when viruses are circulating the net,

    and could sell no copies if there were never any viruses,

    and claim they wish viruses writers would stop writing viruses but clearly profit from them,

    and most companies attempt to maximize their profits (fundamental principal of economics),

    and AV developers have more expertise regarding viruses than most people,

    and are likely to be pleased with a virus that their AV could detect but others would miss since this would help increase sales and profits,

    therefore, It stands to reason that AV companies face an almost irresistable urge to increase profits by aiding the development of viruses.


    Ethically it is wrong, and those with strong convictions may resist the urge but it is hard to imagine that it does not ever happen. Is it a coincedence that as the number of AV companies grow, so does the number of viruses? Is it the viruses that create the need for more AV companies, or the companies profits create a need for more viruses?

    Something to think about.

    Disclaimer: I am not suggesting any AV company in particular writes and releases viruses, just that the opportunity is there.
Thread Status:
Not open for further replies.