Is the boot on the other foot?


Gabrielle Dowling

Independent author, USA
Editor: Helen Martin


It adds insult to injury when the major media outlets misrepresent the facts.

Talk about irony. When I finally managed to log into my email at the conclusion of VB2005, I found folks on AVIEWS were hotly discussing some of the media reports coming out of the conference. In particular, I was struck by a report written for, entitled 'Security firms put the boot into the media'. It read: 'At this week's Virus Bulletin 2005 conference in Dublin, a panel session featuring representatives from IBM, McAfee and Symantec turned nasty for the assembled press with vendors airing grievances about what they consider to be "a layer of incompetence" in media companies.'

This seemed to allude to the panel I had chaired on the informational problems facing anti-virus administrators. Apparently, I'd hit a sore spot when I threw the following question to the panel (verbatim): 'Do news reports of virus outbreaks typically misrepresent the facts? If so, what are the repercussions of that misinformation?'

It was not an accusatory question, but a pragmatic one, and I was surprised by how it came to take over the panel and audience discourse. It was more surprising still to see how it came to be reported, since I don't think things ever approached the tenor of 'ugly', and in fact the vendors on the panel were generally supportive of media efforts, accurate or not. (Notably, the reporter omitted the voices of those of us on the systems administrators' side, which was equal in its representation on the panel.)

So, putting aside the reporting of the subject, I'd like to touch again on why accurate reporting is an issue for those of us on the administration side.

In the context of the informational problems that face anti-malware administrators, media misreporting is not the greatest challenge we face. And when incidents occur, we certainly don't rely on such reports as primary sources of information. But, in the fog of war, when we are deluged with information - very little of it good, some of it outright wrong, usually with the most critical details missing - and we are trying to process it all as fast as possible, it adds insult to injury when the major media outlets misrepresent the facts. Worse, it adds to the administrative load when we're distracted by queries from end users and the boardroom based on misinformation: it's the last thing we need in the midst of an event (and an 'event' does not necessarily mean that we have an actual or potential problem on our network, but rather that there is an outbreak of something significant against which we need to check the adequacy of our defences and incursion responses).

I think there's another reason this subject stings those in the trenches. As the security field seems increasingly known for folks filled with bravado who like to drop allusions to 'the coming superworm' and dilettantes with little experience writing books that simplistically liken worms to warheads, I am constantly struck by the lack of such swagger in the anti-virus community. They are smart people who have been in the trenches and know better.

Some of the banter that arose at VB was finger-pointing by the media, saying they were merely responding to press releases issued by the vendors. That seems wrong, on two fronts. First, fact-checking is part of Reporting 101, and reporters should be aware that press releases are a marketing tool. Second, and more importantly, most if not all vendors have dropped that habit - some actually advise administrators that they are issuing a particular alert simply because of media attention, not because it is being seen broadly in the wild. I love that trend!

Reporters certainly face the same informational challenges as those of us fighting malware, and that's one of the problems that AVIEN/AVIEWS help to address by providing a platform for an experience-rich, marketing-poor exchange of information. But I would say this, and it applies broadly: if your fundamental information is incomplete or not well understood, refrain from extrapolating from it or you'll wind up wildly off the mark.



Latest articles:

VB2018 paper: Internet balkanization: why are we raising borders online?

Nowadays, walls are not just being raised in the real world, but on the Internet as well. Countries want to isolate themselves and shut down the information they are not comfortable with, or the companies they don’t want to do business with. Freedom…

VB2018 paper: Where have all the good hires gone?

Much ink has been spilled on the subject of the information security skills gap, and how difficult it is to hire and retain people for these positions. And yet, we all know someone who has had a hard time finding a suitable position despite having…

VB2018 paper: Little Brother is watching – we know all your secrets!

In their research, Siegfried Rasthofer, Stephan Huber & Steven Arzt evaluated the security level of the most popular family-tracking apps on Android. They assessed the security of the respective apps and conducted assessments of the corresponding…

VB2018 paper: Inside Formbook infostealer

Formbook is an infostealer that has been advertised for sale in public hacking forums since February 2016 by a user with the handle ‘ng-Coder' but only came to public attention after it was extensively used in spam campaigns in late 2017. This paper…

VB2018 paper: From Hacking Team to hacked team to...?

In this paper (presented at VB2018), Filip Kafka looks at the resurfaced Hacking Team spyware, and at what has changed since the company behind it faced a number of prominent hacks.

Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.