Each week, various magazines on computers, information security and
business that I subscribe to arrive, and I take a look at how the
marketing departments of antivirus vendors are trying to entice people to
buy their products with print advertising. The results are disappointing,
to say the least.
I've seen so many images that have so little -- if anything -- to do with fighting
the malware threat that I wonder what is going on. I don't think that any
antivirus company is much worse or better than the others in this regard.
So many have indulged in images -- as diverse as zebras, a cat on top of a
person's head, tough-looking people dressed in yellow suits in various
unlikely places and a marsupial -- that it sends the wrong signals to the
marketplace.
So what do all these images have to do with mounting effective defenses
against malware? Your guess is as good as mine. They don't seem to be
communicating any significant information, but merely trying to get your
attention. I used to sell antivirus software for a living, and during that
time, I paid a lot of attention to what the brands I was promoting were
using in their marketing. I also paid attention to the competition. After a
while, it seemed that there was a real disconnect between what customers
needed to know and what was being said in these advertisements.
This disconnect has continued to this day. Advertisements for antivirus
products typically promise protection from all threats, which is a shame
since these products are really just adequate protection from one or two
types of threats.
If you was to sit down and document all the malware threats that exist
just from the Internet, the list would be much longer than the list of
those threats for which your system will be protected by the product that
comes with an umbrella or the guys in yellow suits, for example. I'm not
singling these products out, as all antivirus products fall short in one
way or another.
So, besides the fact that antivirus companies use eye candy to distract
you from the realities of the protection you are getting (like the ad with
the woman dressed provocatively and suggesting she could compromise your
security...), what is the relevance of all this to the user of antivirus
software?
One of the biggest problems facing computer users these days (and that
means you) is that the threat level is steadily increasing and the response
from vendors is still stuck in several old paradigms. Software vendors are
now fighting each other for market share -- the growth in the actual overall
marketplace is minimal, apart from organizations increasing their coverage
by adding e-mail protection to the existing desktop and firewall protection,
for example.
But the days of rapid growth due to only a reduced percentage of the
corporate user base having adequate antivirus software widely installed
are over. Most organizations these days have at least the minimum level of
protection installed, and the level of protection is rising. So, antivirus
companies need to steal market share from competitors, which distracts them
from working on the real problems. They spend valuable resources making
prettier interfaces and marketing themselves to people who already know
about the threat, hoping that they can snare away a few customers.
It would be far better for all antivirus companies to devote their
resources to developing better tools for managing antivirus solutions,
better appliances (don't even dream of trying to use the existing ones in a
large organization and broadening the scope of protection offered.)
Instead, they milk the existing technology and hope that customers will not
rise up in arms each time that a major virus or worm makes it past the
supposedly invincible defenses.
Confidence in the antivirus products in use is never overly high in large
organizations. For many, they count on a whole array of techniques,
including attachment blocking at the gateway or firewall, blacklisting of
known bad domains, etc. These approaches are an indictment of the
inadequacy of the protection offered by antivirus products.
Senior managers also need to understand that if the number of serious virus
incidents inside their walls has dropped over the past few years, it is due
to the efforts of the people in the front line, not just the products
purchased. This problem of management short-sightedness has sometimes
resulted in reductions of staff and resources dedicated to fighting the
malware threat. The fallout will be even more costly than the amounts
"saved" by cutbacks. Perhaps the CEO should also be booked into the
cheapest hotel in town when he travels, no matter what the security
implications of "that" part of town.
Change is always a threat to the status quo, but without change nothing
goes forward. It is time for antivirus developers to stop fighting with
each other (yes, buy out the competition if you have to) and focus on the
really important issues.
About the author
Robert Vibert has been assisting organizations in the fight against viruses
and other malware for so long he no longer remembers what is was like
before these critters were to be found. It is a base-less rumor that he
crushes lumps of coal into diamonds using his bare hands -- someone else
already uses that line.
