Truth About Computer Security Hysteria
Dissing DISRob Rosenberger, Vmyths co-founder
Sunday, 19 December 1999
SYMANTEC WILL ROLL out a new antivirus solution in 2000 — better even than what they currently offer. They originally planned to announce this technology in 1999, but it got sidetracked for marketing reasons. Their own customers made do with (shall we say) inferior solutions for a half-year now and they'll continue to make do for another few months.
Why the delay? Symantec envies the publicity surrounding Y2K. No more, no less. (I discussed this envy at the beginning of 1999.) The marketing department decided better "initial sales" figures would result if they withheld this technology until the Y2K folderol subsides. Incoming CEO John Thompson agreed, and so the world waits.
ZDNN revealed the marketing delay last summer in a story about the "Digital Immune System for Cyberspace." This budding technology came with the dowry when Symantec married IBM's antivirus research group 1.5yrs ago.
Hmmm, did I say "budding" technology? We can trace it to a 1994 thesis penned by Jeffrey Kephart (IBM). Let's see, subtract from 1999, um, carry the one ... and you come up with five years of vaporware.
Would we finally see the debut of DIS in 1999? Nope. "What we don't want to do is make a lot of noise about shipping a product at a time when the customer is least likely to buy it," Thompson admitted. Marketing gurus (correctly) convinced him Y2K efforts would absorb most clients' discretionary IT money — and much of the free media publicity.
I feel somewhat torn by this vaporware. On the one hand, people should use antivirus software in the first place before we worry about which solutions they use. Symantec also has the right to make important marketing decisions like any other commercial venture.
On the other hand, IBM & Symantec will tout their forthcoming product as clearly superior even though a marketing crew stalled it until after 2000. Why would they strand their own customers with inferior technology? They'd rather go with a "v1.1 debut" (which sounds like an oxymoron).
DIS remains vaporware despite all the valuable free publicity given to it over the years. Scientific American published an IBM-written story on it in 1997, for example. Years of gratis media exposure for a product you still can't buy.
Symantec will fully expect reporters to lavish more free ink on it in 2000, you know.
Let's talk first about distributed virus analysis. Competitors designed their own automated analyzers for the same reason IBM conceived DIS: it takes too much time & effort for humans to do the computer's job. Therefore, they now let the computer do the computer's job.
Competitors can't match DIS' distributed analysis — yet it doesn't matter. If one, ten, or a million servers come up with the "correct" analysis, it "only" remains to alert every workstation on the planet. (Alert them after the fact, I regret to say.)
Distributed analysis gives corporate experts a reason to buy another server which would do Symantec's job for Symantec. They'll rationalize it as a way to buy a few more minutes' time if/when another Melissa comes along. This rationalization begins with a simple premise: "I or my firm may see a virus before Symantec does."
Now let's talk about the update process. Given the vaporware of DIS, the Internet itself evolved as a worldwide distribution mechanism for antivirus updates. Many companies augment their update procedures with network-centric packages like Microsoft SMS, McAfee SecureCast, and even — yes — Symantec's own LiveUpdate.
I'd consider DIS important if we couldn't already auto-update after a virus comes to light. (Like in 1994 or even 1997.) However, we satisfied our needs with an Internet/Intranet digital immune system. DIS will give us too little, too late.
Now, if Symantec or IBM could help us detect viruses before they exist...