Hoaxes, myths,
urban legends





About us


Truth about computer security hysteria
Truth About Computer Security Hysteria

Rob Rosenberger

McAfee's media-assault tactics

Rob Rosenberger, Vmyths co-founder
Tuesday, 22 April 1997 DID YOU KNOW McAfee Associates pays employees to find flaws in competitors' products? This fact came to light when McAfee launched a new volley of media assaults against Symantec and Dr. Solomon's Software, two major rivals in the antivirus market. In the first case, McAfee's beta-test division discovered an obscure flaw in Symantec's Norton Utilities. Instead of notifying Symantec, McAfee chose to notify only the media. They even wrote a blatant demonstration program so Windows Sources magazine could include it as part of a fear-inducing online story.
"We were taken aback that [McAfee] would go to the press, create some­thing akin to a virus and then basi­cally show the world how to do that."
Symantec believes McAfee should have notified them instead of helping the media write scary stories about a trivial flaw. Product manager Tom Andrus told Associated Press: "we were taken aback that they would go to the press, create something akin to a virus and then basically show the world how to do that." Symantec also berated Windows Sources for providing McAfee's code to any malicious hacker who wanted it. Editors pulled McAfee's blatant demo from the Windows Sources website the next day. Symantec quickly released a software patch to calm the nerves of frightened customers — and paid PRNewswire to distribute an extremely polite press release announcing the patch.
IN THE SECOND case, McAfee's beta-test division discovered a supposed "cheat mode" in Dr. Solomon's Anti-Virus Toolkit. McAfee went on the war path, paying PRNewswire to distribute a press release accusing Solomon's of committing heinous crimes against humanity:
"The cheat mode can cause Dr. Solomon's Anti-Virus Toolkit to show inflated virus detection results when the product is being reviewed by trade publications or independent third party testing organizations. McAfee has forwarded its evidence to the National Computer Security Association..."
Solomon's struck back with a hilarious press release: "McAfee Pleads with Dr Solomon's to Reduce Dr Solomon's Virus Detection Rate." They proudly admit their "heuristic" function works exactly as described. "The product given to reviewers is exactly the same product delivered to customers... The technology is available to every user." McAfee responded with another inflammatory press release claiming Solomon's had engaged in a "disinformation campaign." In an incredible twist, McAfee quoted Patricia Hoffman, "a well-respected independent virus research[er] based in Santa Clara, Calif." Hmmm, McAfee coincidentally bases its operations in Santa Clara, too. You can discover a lot of interesting coincidences surrounding Hoffman & McAfee, but let's not digress. The National Computer Security Association stepped in at this point with its own press release "reaffirm[ing] that Dr. Solomon's Anti-Virus Toolkit meets stringent NCSA anti-virus product certification standards." The heuristic function "did not and does not affect the NCSA labs present or past certification testing." McAfee Associates apparently gave up the fight at this point.
McAFEE'S MEDIA ASSAULTS stretch back to the 1980s when the press built a sacrificial altar to founder John McAfee. Josh Quittner's definitive exposé in New York Newsday showed just how effectively McAfee corrupted an all-too-willing media. Pamela Kane (then a competitor to McAfee) also wrote an exposé in her book, "V.I.R.U.S. Protection."
McAfee's 1996 media cam­paign against Syman­tec de­manded a world­wide recall of Nor­ton AntiVirus
"Big John's" teachings continue to inspire employees long after his departure from the company. A 1996 media campaign against Symantec demanded no less than a worldwide recall of Norton AntiVirus, to which Symantec issued a rather wimpy response. Symantec's well-oiled propaganda machine doesn't smell like a rose either, as Crypt Newsletter's exposé points out. They shamelessly exploit the media to gain free publicity; McAfee shamelessly exploits the media as a weapon. In another example from 1996, McAfee issued a press release "extend[ing a] safety net to displaced Cheyenne customers" after Computer Associates acquired the firm. "Displaced"? McAfee makes it sound like Cheyenne got run over by a truck. Rather, Computer Associates gave them access to a lucrative customer base and plenty of cash for research & development. McAfee's tactic against Cheyenne seems even more odd when you realize a competitor can use the same trick against them — McAfee buys companies on a regular basis. Indeed, they tried to purchase Cheyenne first (right after acquiring a firm called Vycor). They've since purchased a company called FSA and put in a bid for a Japanese antivirus vendor. A rival could use the same tactic against McAfee to increase bottom-line revenues. Just ignore that pesky "ethics" issue standing behind the curtain....
GRAHAM CLULEY, A virus researcher at Solomon's, called from his office in Britain after the latest media attack subsided. "McAfee [is] worried because we have heuristics for finding new file viruses and they don't," he emphasized. "It's odd that a company which claims to have such a large market share in the States should devote so much of its time attacking competitors." Odd? Not really. McAfee controls a huge share of the market, buys out companies, takes over product lines, hires rivals' employees, doubles its revenues on average every year — yet they continue to slowly lose total market share. McAfee slows the decline by generating negative publicity for its rivals. McAfee's percentage of the total customer base dwindles for (at least) two important reasons. First, they evolved beyond a simple "antivirus firm," venturing into the overall concept of computer security. McAfee now sells antivirus software, Internet-based storage solutions, data encryption packages, network audit tools ... you can even buy advertising space on their website. Diversification is a big sword, but it's a two-edged sword. Small, focused companies can easily upstage the behemoth. Consider EliaShim: they released an intriguing antivirus software development kit last year. Niche firms like Stiller Research (they focus on data integrity) have long offered solutions foreign to McAfee's product line. Second, McAfee's market share slowly dwindles because every major antivirus firm now offers its products as shareware. The "try before you buy" approach gave McAfee unparalleled product exposure in the 1980s; it no longer makes them stand out today.
You know the old saying: "if you can't beat 'em, beat 'em up."

YOU KNOW THE old saying: "if you can't beat 'em, beat 'em up." McAfee long ago learned they could level the playing field faster if they used a gun. A willing media supplies the bullets in order to satisfy its fetish for virus-related news. Who ultimately wins? PRNewswire. McAfee pays them to distribute inflammatory press releases, competitors pay them to distribute responses, and reporters pay them to get on the distribution list. Addendum: Did Symantec read McAfee's media-assault handbook?
It came as no shock when Symantec recently sued McAfee — those two vendors fight all the time. But in this case, the normally placid Symantec switched to an anything-goes fighting style and pulled a lot of dirty tricks... An investigative report by webmaster Rob Rosenberger. Déjà vu: did Trend Micro read McAfee's media-assault handbook?
On 14 May 97, Trend Micro paid PRNewswire to distribute a press release saying they filed a lawsuit against McAfee and Symantec "for infringement of its recently issued U.S. patent on computer virus detection techniques used for data carried over the Internet, electronic mail and groupware." Trend's general counsel claims "we are investigating whether additional defendants and infringing products should be added to the lawsuit." Trend's press release triggers a trivial-patent alert with this telltale paragraph:
"A number of the 22 claims in the patent generally focus on server-based anti-virus technology that intercepts data enroute from one destination to another, such as from an Internet site to a computer inside a local network. Certain claims are specifically directed to such technology used in connection with electronic mail. The patented protection system also isolates high-risk data types for virus scanning, and performs preset actions - such as blocking a transfer - if a virus is discovered."
It sounds like Trend convinced the U.S. Patent Office to give them a complete lock on the firewall virus protection market. (Translation: Trend can suppress new firewall protection techniques for the next 34 years if it doesn't satisfy their bottom line.) No responses yet from McAfee or Symantec — but rest assured, they'll pay PRNewswire to distribute it. Stay tuned. McAfee vs. Solomon's: the rematch
McAfee Associates launched another media assault against Solomon's. A recent advertising campaign asks "If Dr. Solomon has the #1 antivirus software, as he claimed, then why did he sell his practice?" Founder Alan Solomon recently sold his company and stepped down as chairman, but the purchasers claim he still maintains an "active role." Solomon's paid M2 Communications to carry a press release about McAfee's latest media campaign. Ironically, McAfee Associates could easily fall prey to this assault tactic, too. Investors forced controversial founder John McAfee to step down as chairman, giving him the ceremonial position of "chief technical officer" before he finally left the company. "Big John's" name didn't appear in the 1995 annual stockholder report — not even as a disclosed major stockholder. Solomon's didn't bother to point this out in their press release.