Truth About Computer Security Hysteria
They call it 'messiah complex' for a reasonRob Rosenberger, Vmyths co-founder
Friday, 6 July 2001 FAITHFUL VMYTHS.COM READER John Gray studied the recent critiques about Steve "raw sockets" Gibson. Gray wrote from his flat in Britain:
It seems that significant polarisation is taking place on this topic, with little love lost on either side. From the point of view of those ignorant on most security matters, certainly those at this depth, it seems rather disturbing that the (so-called?) experts do not seem to be able to agree on something quite so fundamental. Perhaps the end of the Internet really IS nigh?
THEN AGAIN, "DAVID" doesn't conjure up the correct Biblical reference here. Gibson exhibits many of the symptoms of ... well ... let me quote the Rev. T. Patrick Bradley and Ms. Mary Gardner:
This "messiah" complex is not limited to chaplains or social workers but may be felt by others in helping professions [e.g. computer security]. One would think that with maturity and expertise a chaplain or social worker [or computer security expert] would outgrow this need to fix everything. However, some seasoned professionals may look back on their successes and think they can still save the world.
(1) usually a very good person, valuable to society, and often ends up in the helping professions... (3) a good sufferer. These people make "good" Christians, martyrs, and so forth. The unspoken script ... is "I'm good because I suffer so much"... (5) selfless to the point of hurting himself or herself.Still more insight from R. Joseph, Ph.D.:
Patients may come to believe that they have taken up the sins of the world (e.g. messiah complex) and that it is up to them to act at the behest of [the Internet]... They may therefore "preach" and write out their psychotic religious beliefs.Microsoft held a conference call with Gibson The Messiah, not Gibson the expert. He failed to save the Internet from an eternal lake of fire ... so he now awaits the literal end of computing as we know it. I quote:
My protestations are falling on deaf ears at Microsoft. And thanks to many other loud and equally security-ignorant voices which are attempting to confuse the industry on this topic, Microsoft shows no intention of responding to this now very visible threat. So be it.Yes, so be it. Translation: "if you disagree, you're a fool and you're contributing to the downfall of the Internet." Hmph. It wouldn't surprise me if he screamed "why hast thou forsaken me?" during the conference call. I suppose his PC will ascend bodily into heaven when cyber-Judgment Day arrives. [Credit where due: I swiped the ascension joke from the almighty Cecil Adams.] Gibson targeted The Register's Thomas C. Greene by example, yet other "loud and equally security-ignorant voices" include myself, Ian Whalley (WildList), Carole Fennelly (Wizard's Keys), and NetSurfer Digest. Oh, and let's not forget all the fools at Microsoft, from the chief information security officer right down to the newest security intern.
GIBSON CONVINCED HIS followers to abandon an Internet specification for the good of the Internet. Raw sockets serve no legit purpose, you'll only give up an inch, it's an inch you'll never travel anyway, blah blah blah. Yet how could he convince the heathens at large to give up an inch? Answer: Gibson didn't need to convince them. He only needed to force Microsoft to obey his divine will. Where Bill Gates goes, the heathens will follow. Gibson probably figured he'd turn up the heat on other operating system vendors (e.g. Sun Microsystems, Red Hat) once Microsoft caved in to his demands... ...Except Bill Gates' lackeys refused to cave in! "I am at a loss to fathom Microsoft's continuing refusal to appreciate the obvious consequences of this mistake," Gibson moaned in yet another tirade. "They must accept responsibility and correct the problem before it is too late." As for me, I am at a loss to fathom Gibson's continuing tirade. The almighty Internet Engineering Task Force covered raw sockets in 1998 and revisited the problem in 2000. IETF's recommendation covers all operating systems, not just Microsoft's. Gibson concurs with IETF's recommendation. On the other hand, Microsoft's grandiose ".NET framework" raises all sorts of thorny issues. The antivirus industry alone believes they've got years of job security ahead of them. Yet Gibson seems overwhelmed by a subject the almighty IETF tackled years ago. This leads me to ask an important question: "what
A POPULAR MESSIAH can wield incredible power & influence. He can deliver a mortal blow in some cases. You'll compound your injuries if you try to defend yourself from a messiah's attacks — and you'll create a martyr if you try to assassinate him. The antivirus industry fears me for good reason. And Microsoft fears Gibson for the same reason. Take a look at the messiah's most recent accomplishments. (Gibson I mean, not me.) He wrote a tirade about raw sockets (ouch) which forced the goliath to defend their decision (ouch2). Then seven bigwigs set up a conference call with him (ouch3). But the powwow didn't go Gibson's way, so he wrote another tirade (ouch4a). Yet if it had gone his way, Gibson would've taken full credit for single-handedly saving the Internet (ouch4b) — and Microsoft would have admitted they nearly destroyed the Internet (ouch5). Then Gibson The Savior might launch his tirade against Sun Microsystems, Red Hat, and perhaps even the almighty Linus Torvalds himself! Ouch ouch ouch. Not many people can brag "I forced Microsoft into a Kobayashi Maru scenario." Such is the power of a popular messiah. Memo to Bill Gates: did you forget all those lessons you learned years ago from Jerry Pournelle? Heh heh. As a messiah, I know Gates will read my memo. By the way, Bill, you can reach me these days at (319) 646-2800. So where was I? Ah, yes... I first encountered Gibson's messiah complex at the height of the Aureate DLLs hysteria. He helped fan the flames, and in so doing he made himself a target for my own righteous crusade. However, Gibson didn't contribute enough to the hysteria. To put it in fishing terms: he wasn't a keeper, and I had bigger fish to fry.
WILL THE "REVELATION" of Gibson's messiah complex impact his righteous crusade? In the short term — yes. This controversy will now join its brothers in the land of obscurity. In the long term — no. I doubt the revelation means anything. Sure, the "security-ignorant voices" at Microsoft will read my column, and they'll all laugh at Gibson's expense. So what? My column may spawn another episode of the Usenet knee-jerk show. Again, so what? Experts go berserk all the time in the computer security world. Why would we remember Gibson over anyone else? Sure, reporters will see Gibson in a new light. So what? The controversy ended for them when Gibson said "so be it." Now it's all but for the waiting part. Reporters don't get paid to wait! They'll look around for other, fresher controversies while the messiah frets. Sure, some of Gibson's followers will see him in a new light. So what? They'll still believe in him even if his prediction tanks. They subconsciously know experts go berserk all the time in the computer security world. Trust & forgiveness go a long way in the world of messiahs. (Trust me on this.) Now let's ask a corollary question. Will the revelation of my messiah complex impact my righteous crusade? Frankly, I doubt it. Sure, the antivirus industry's "equally security-ignorant voices" will read my column, and they'll all laugh at my expense. Good for them! I said it before and I'll say it again: "I treat everything & everyone as fair game, including even myself." The message is more important than the messenger.
SO! EVERYBODY ROOTS for the underdog in a Messiah vs. Goliath fight. Who do you root for when it's Messiah vs. Messiah? What odds will the bookies place on it? Who gets top billing on the boxing card? Microsoft "quite literally holds the future of the Internet in their hands" according to Gibson. He now awaits cyber-Judgment Day. I say "don't hold your breath." So be it! Time to place your bets on us, folks. Just remember: I've proven right every single time. At least so far...