Truth About Computer Security Hysteria
MessageLabs CTO: 'our company is doomed!'Rob Rosenberger, Vmyths co-founder
Sunday, 30 September 2001
MESSAGELABS SOMETIMES ISSUES an unbelievable press release. The British-based firm did it again last week to predict the Internet will die of a wasting disease by 2008. Viruses in email attachments are the cancer of the computing world, they announced.
"Believe the hype," MessageLabs screamed. "The"-- oops, I linked to the wrong unbelievable URL. Let's start over.
"Believe the hype," MessageLabs screamed. "The Internet could become unusable as a means of communication if the rate of email virus outbreaks continues to escalate. The volume of infected mail circulating could become so great that people without sufficient protection will simply stop using email."
Hey, think about it — no more spam in 2008! No more users getting duped by hoax virus alerts! I don't know about you, but I can't wait for the e-Rapture. Bring it on so everyone can look back and say 'those were halcyon days.'
[Credit where due: I stole the 'halcyon' line from a Mary Chapin Carpenter song.]
MessageLabs CTO Mark Sunner used a solar calculator (pun intended) to guesstimate "one in ten emails transmitted via the Internet would contain a virus by 2007/8, and as many as one in two by 2013. And these are just average figures — when 'peak' rates are taken into account, with a new virus released, the ratio will become much worse."
Hmph. "Average figures." Where did I put my "mathematical atrocity" URL? Ah yes, here it is.
What 'peak' could be much worse than "one in two"? Why, "one in one," of course! Every email will someday contain an über-virus — every corporate negotiation, every military communication, and every weekly newsletter. Oh, and every email alert from every antivirus vendor will carry a virus, too.
I should note MessageLabs protects its clients from viruses in emails, complete with a money-back guarantee, even though their CTO predicts the death of email. Translation: the company is doomed by its own admission. If you ever thought about investing in Her Majesty's email guardians, then I suggest you rethink your portfolio strategy.
Sunner clearly anticipated Vmyths and The Register would ridicule his kindergarten kalculator skills, as you can see here:
The recent Nimda outbreak has prompted some industry commentators to say that the virus threat is overhyped. Don't believe a word of it... While the Internet will not collapse, it will certainly cease to be usable as a safe and credible means of communication for business and home users... Computer networks could grind to a halt because of the overwhelming volume of infected material circulating.
We at Vmyths do indeed think the virus threat is overhyped; so does The Register. Sunner's chutzpah merely proves our point. His hysterical prediction overshadows his firm's ability to protect clients.
Take the Nimda virus, for example. MessageLabs flunky Alex Shipp emailed me on 19 September — the day after Network Associates urged a precautionary shutdown of the entire Internet — to brag how effortlessly his firm detected the virus:
Nimda attempts to spread itself in so many different ways, that I would have been very, very unhappy if Skeptic [their flagship heuristic scanner] had not detected this... Skeptic detected three components of Nimda which caused it to immediately stop the virus. Two of these components were detected by the exploit detector. These were both exploits that had been published for a long time, and that had been used in previous malware. The third component was detected by the code analyser — Skeptic detected that the executable showed virus-like activity.
Why couldn't Sunner use this simple PR tactic? Why did he go so far as to predict the death of his own company?
Now, normally, I'd quote Shipp's email in an effort to highlight profile-based virus detection methodologies. Indeed, this column began its life as a thumbs-up to Skeptic's heuristic capabilities. My writing took a left turn only when Sunner wailed about the coming e-Rapture. (Shipp made roughly the same claim in August, but at least he didn't go on the offensive against his detractors.)
And I'd normally gloss over the fact Skeptic only detected Nimda three ways better than today's popular antivirus software. The savvy insider knows MessageLabs focuses on mass-mailing techniques used in viruses like Melissa and ILoveYou. I infer their heuristics didn't detect other obvious aspects of Nimda, and it leads me to believe Skeptic needs an upgrade. But like I said, I'd normally gloss over this minor shortcoming — because Skeptic didn't require an update to detect Nimda. If your antivirus product needed a patch, then you need a better antivirus product.
But let's give Sunner credit where due. He turned my pro-MessageLabs column into an anti-MessageLabs slam. It takes an e-diot to snatch defeat from the jaws of victory...