Blatant marketing lies thread

As an IT-specialist from the Jurassic park age, where you had write C-level code to setup everything basic what is now available in modern development platforms, I often read security related marketing stuff which has to be a blatant lie.

Because Wilders Security is populated with people from all sorts of backgrounds I think it should have a wiki-leaks part (thread) in which marketing claims are de-bunked and de-mystified, like the German website Schein-sicherheit (fake security) did in the past.

Let me provide one as an example

The 'true lie' in this marketing claims is that Yes it is based on Chromium, but NO it does not has all of Chrome (security) features. Comodo Dragon does not offer the PPAPI version of flash.

PPAPI plug-ins effectively run in a second sandbox, smartly crafted by Chrome developers it
a) Reduces attack surface because communication is handled through PPAPI-proxy
b) Code is sanitized and aligned (in NEXE dynamic linkers) to prevent exploits
c) Code is segmented (sandboxed) using capabilities at processor level (similar to ASLR)

So effectively I get a second sandbox within the Chrome sandbox when I use Chrome's PPAPI flashplayer. Obviously Comodo Dragon is missing this Flash plug-in (like any other Chromium based browser), so how in the world can you claim it has ALL the features and is SAFER as CHROME

I ask other members with more recent technological knowledge to add more examples and Admins to make it a sticky.

 

Isn't all 'marketing' creative writing by definition?

 

Emphasizing benefits is okay, providing false information crosses the line (at least in EU) and for lying you can get banned.

Should not the security enthousiast at this forum (watchmen) watch the security vendors (watchmen) for lying to the people they suppose to protect?

 

The topic will probably not last, since quite a number of companies post here. But any product out there claiming to deal with "advanced persistent threats" is just nonsense.

 

All these marketing BS is like my everyday dinner. What bothers me more is those brainless fanboys who will pick a fight with you when you revealed the truth. You'll find a lot of them in YouTube or any other borderless discussions. It's okay to be a fanboy, just be sure that you're a fanboy of quality products.

Lol, that cliché is just fun.

 

I suppose it all depends on how 'false information' is defined I suppose. There can be a lot of leeway, ambivalence, & ambiguity with any marketing.

Banned from the EU?

Definitely.

 

90% of the time when a company/ product talks about having "proactive" defense they're actually just talking about having a fast reactive defense, if even that.

Basically, most of the **** they say to you is either so dumbed down that it's completely inaccurate, or it's straight up buzz words and marketing lies.

There are so few products that aren't jokes you can basically just link to every single security vendor webpage in this topic.

 

I'd wager that Joe Bloggs & most of the people on the Clapham Omnibus wouldn't know the *difference between 'proactive' defence or 'fast reactive' defence & wouldn't actually either notice or care about any of the blurb written about a security product.

*I'm pretty sure I don't know the difference.

 

Pretty much, and a lot of other software too other than security. You can extend that beyond software and the internet and include some advertising that we see and hear everyday everywhere.

 

Yes, but that is out of scope, look AT Daveski sig, remember schein sicherheit, focus on the companies who pretend to protect us. They should not claim things whiich are simply a lie. Blowing up things like "just basically link it to every vendor" or "and a lot other" makes it so general it is allways true and as Plato stated: a wisdom which is true in any circumstance is a wisdom without value in any given circumstance. Let's keep it specific and factual.

 

Well, the problem is this is about marketing techniques. It's not happening only in computer security products, nor it happened the first time in computer security products. To answer the question "who watch over the watchmen?", it's the customers, the more conscious ones I might add. If they found the vendors/developers are spreading nonsense, they'll leave. The company then won't get enough profit. You can guess what's next.

Unless you count us, the trolls, who will "proactively" mock crappy products as the watchmen's watchmen.

 

They wouldn't, that's the issue.

@Windows_Security,

It certainly is vague. I just don't feel like calling out some specific company and getting into an argument, something like that typically requires a lot of work. I'll get around to it eventually, but something people should just *know* is that every product, just about, is ~ Snipped as per TOS ~ and most of them lie to you about their abilities.

 

I accept what you're saying & your example of the PPAPI version of flash in Comodo is probably a good example of this.

The plain fact of the matter is that most people will have no idea that Comodo Dragon's flash player is different to Chrome's.

From your original post we have Comodo's blurb:

The Secrets Of Comodo Dragon Browser

This is exactly why Comodo, the world's leading online security and trust assurance innovator, has stepped forward with Comodo Dragon. – A Chromium technology-based Browser that offers you all of Chrome's features PLUS the unparalleled level of security and privacy you only get from Comodo

You can just as easily claim that the wording to this is subtly ambiguous. Perhaps if they had stated: "A Chromium technology-based Browser that offers you virtually all of Chrome's features" instead it would have been more accurate. Although they then go on to claim in an additional clause that it has: "the unparalleled level of security and privacy you only get from Comodo".

When you think about it this statement is a bit ontologically subjective. Are all unparalleled levels of security & privacy only 'got' from Comodo?

This is just marketing hyperbole. Virtually no one describes their security software in the subjunctive mood & claim that it 'might' be quite good at stopping malware. They usually & normally claim that it is unparalled, second to none or unbeatable etc.

I'm not excusing this behaviour; it's just the semantics of advertising.

 

I understand this. It is just that the nature of advertising & marketing isn't conducive to honesty in the first place. I've never seen a sign over a pub claiming that its ales are average, uninspiring, frequently flat & overpriced, or that the food they serve is expensive, stale & boring.

 

Here is another one

Compare disk I/O and CPU usage with three freebies AVAST, AVIRA, AD-AWARE, run a system benchmark, now de-install those free AV's and install Syswatch, do the same benchmark.

 

No system slowdown - SysWatch does not scan your system the way a traditional antimalware product does, since it has already set the rules for how all of your applications can act. So your system performance stays fast and laptop batteries are not drained, while your security remains high at all times.

OK, I admit that these are almost certainly blatant pork pies. How do you propose to prevent this kind of mendacity in the real world?

 

I'm not certain how enforceable any measure would be. If a product does not cause any actual harm with proper and documented usage instruction, and it isn't a blatant scam purposefully designed to deceive someone, there is little I believe that can be done. If one were to hold a company accountable for telling a few white lies or exaggerating claims, you would have to go after almost every business in existence. Few operate with an honesty is the best policy mindset unfortunately. Also, the usage of technical jargon is a tried and true method of convincing others of a professional and knowledgeable background and can make a real stinker of a product sound amazing.

 

You enforce it by calling them out on it and informing potential customers.

 

But that's hardly enforcing it. Well, unless you take it to the media or elsewhere more important than forums. That being said, word of mouth is a very powerful tool. If you criticize a company or their policy and you do it in a professional manner with easy to understand evidence, then yes this calling out can work. I have been reading your blog in the last few days, and I must say that your posts on security software and their attack surfaces have made me question my defenses.

 

If you criticize a product properly you can have a significant impact on the perception that people have on it. It's not enforcing, it's just punishing.

Glad you're enjoying the blog.

 

It's difficult enough for advertising standards to be monitored & enforced in a single country, let alone the Internet.

Much security rogueware fits into this description. It isn't actually illegal & once installed merely requests that although it has detected (usually) tracking cookies & the like, a small payment will be required to remove them. Otherwise you can simply uninstall the program. The rogueware is usually just second rate protection & probably does no actual harm to the computer it is installed on. The choice to pay or not is up to the individual who downloaded the software in the first place. So there is no actual 'crime'.

This has been my argument from the beginning.

Exactly, specious enigmatic technical jargon is used for all sorts of products & has been for a long time.

 

Isn't this very subjective though? How would you accomplish this exactly? In my personal subjective experience Symantec's Norton AV was virtually rogueware & Spybot – Search & Destroy more or less ineffective. Many claim the same statements for McAfee antivirus products, yet I never had any problems with the McAfee AV when I ran it for a short while.

Much of this all boils down to a personal & subjective opinion. And you know what they say about opinions right? ~snipped~

 

"There are a terrible lot of lies going about the world, and the worst of it is that half of them are true" Winston Churchill.

Marketing is meant to deal with the imagination not reality. It is there to get your attention. If a manufacturer or a service states the presence of certain capabilities then be aware that it does not relate to the performance of those capabilities. As an example, I read a marketing pitch from a very well known manufacturer of networking equipment that was in a proposal to a Government Agency and it stated that their product met all the mandatory specs, however when tested most of them did not function. They were actually still under development. In today's world they would be considered beta. Yes, they lied ... sort of!!! They won the Tender.

I think this thread could be useful.

 

Where does it say that? I found only: "The Dragon encompasses all of the best features of Chrome. It includes an important feature every user needs to use the Internet in total safety today. – Strong security and privacy." It does not say all, the devil hides behind details. Obviously PPAPI is not considered to be one of the best parts.

Actually some do like Yandex: http://news.techworld.com/applicati...omium-based-web-browser-with-security-extras/

 

"“If you tell a lie big enough and keep repeating it, people will eventually come to believe it." ~ Joseph Goebbels

I think that the perceived difference between outright mendacity,creative exaggeration, deceit &/or deception by omission is central to the problem here.

This is the distinction though isn't it? They lied 'sort of'. There is a difference in an outright falsehood & the creative imagination of marketing. It can be a very grey area.