Beware, the snake-oil salesman cometh

Sam Varghese
Thursday, 23 June 2011 13:18

Business IT - Security

COMMENT With big-name websites being broken into over the last few months, and the mainstream tech media having a field day over "hacking", the time is ripe for the snake oil salesmen to appear. It is a good time for anti-virus vendors to plug their wares.

The stories they try to sell are unfailingly the same: the big bust-ins are not the story. No, it is the small amounts being stolen from the ordinary punter, things one never hears about, that are the real tale.

The amount of money being stolen from online bank accounts has gone up as more and more people move to doing their banking on the web. My nephew lost a thousand pounds a few months back but the bank covered his loss. Most banks have a budget for this.

But still, that isn't the main story. If any anti-virus vendor were to tell their audience the real reason why there are millions of viruses/worms that can steal money from their bank accounts, I would have no problem with them making use of what is an excellent marketing opportunity.

But which A-V vendor will talk about the insecurity of operating systems - particularly Windows - and the stubborn refusal of the vendors of these systems to fix those vulnerabilities until they become a PR problem? No anti-virus vendor would tell you that - the makers of said operating systems would be down on them like a ton of bricks.

Hold on: does an anti-virus vendor want operating systems to be secure? They would be out of business if that was the case. Or their earnings would be severely hit. So the anti-virus vendor does what suits their business - drum up the fear factor.

Another myth that is being sold is that the growing use of an operating system or a particular piece of software means that the number of viruses/worms written for it would increase. None of those who spout this claim have ever been able to explain the paradox of Apache - it runs something like two-thirds of the world's websites (on a variety of platforms), yet is much less broken into than other web server software.

It would be helpful to end-users if anti-virus vendors were to provide a list of threats and the percentage of those threats that can attack various operating systems. Then you wouldn't scare the pants off a Mac user unless there is a real threat to him/her.

No system is 100 per cent secure. All systems are created by flawed human beings and reflect the character of their creators. Those systems which are created with marketing as the foremost objective will invariably be less secure.