Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

As read by the author

U.S. gov't blindly trusts the antivirus industry, part 2

As read by the author Rob Rosenberger, Vmyths co-founder
Monday, 17 March 2003

[continued from part 1]

AMAZING, EH? THE U.S. government would deny a security clearance to some of these antivirus experts, yet the entire U.S. government blindly trusts them to protect every government PC in every office around the world — from a lieutenant's unclassified workstation to Condoleezza Rice's top secret laptop.

Look down. Some­­body's got you by the short & curlies. He's from the anti­virus industry and he's here to help...
Indeed, the global antivirus cartel wants every government computer user in every government around the world to feel perfectly comfortable using antivirus software written by people those governments wouldn't trust.

Schmidt wants to open your eyes to this fact. So do I.

Okay. You've opened your own eyes to the security industry's non-existent security theology. How can you, an individual, overcome the government's blind trust in antivirus firms? Simple — you just need to include your government PC in your security theology.

"But Rob, I don't really worry about my GSA safe or my STU-III." Exactly my point! If you include your government PC in your security theology, then someday you'll seldom worry about its safety.

The process begins simply enough. You start bugging your Information Assurance officer with a philosophical question. "Why do you blindly trust antivirus software written by people who admit they supply virus technology to the Chinese national police?" Your IA officer will probably cough up a clueless answer. "I suppose DoD CERT knows something we don't."

"Do they?" you respond. "Or, are they blindly addicted to antivirus software written by people who admit they serve the People's Republic of China?" Your IA officer may come back with a defensive retort. "We can't just stop using antivirus software, you know! It's not practical."

To which you respond, "I'm not saying we should give up antivirus software. I just want to know why you rely 100% on antivirus software written by people who admit they give cyber-smallpox technology to an oppressive communist regime."

Then you deliver the whopper. "Look, I know you're under orders to violate my PC's security, but the fact remains — your actions compromise the security of my PC." Your IA officer will say something like "then why don't you write an antivirus product for us, huh?"

To which you shrug your shoulders and say "I'm not the Information Assurance officer..."


"COME ON, ROB! You said it would begin simply." Okay, okay. Print out a copy of this column and leave it on your Information Assurance officer's desk. If you don't know your IA officer, then just leave it on your workgroup manager's desk. If you see a pile of copies on his/her desk, smile inwardly and put your copy on top.

Anti­virus firms will per­suade you with all sorts of patri­otic reasons why you should re­main blindly addicted to soft­ware writ­ten by people who admit they arm an oppres­sive commu­nist regime for a pos­sible cyber-war against the United States.
Do it anonymously if you wish, but do it.

Want to do just a little bit more? Print out a second copy of this column and put it in your office read file. Let it open your coworkers' eyes. If you serve in the U.S. Air Force, print out a third copy, stuff it in a holey joe, and send it to HQ USAF/SCMI. Let it open their eyes, too. If you really want to make an impact, print this file and hang it in your office.

"That's it?" Yep. That's it. Change occurs in a natural fashion when enough people open their eyes to a problem. An individual like yourself can help change the habits of a blind U.S. bureaucracy.

Okay. You've opened your own eyes to the security industry's non-existent security theology. At this point a philosophical question rises to your lips. "Does the need to secure a PC equal the need to secure a GSA safe or a STU-III?"

No. Of course not. It doesn't even come close. You could end up in prison if you give an enemy full access to a GSA safe or a STU-III. On the other hand, you might end up without a job if you don't give an enemy full access to your newly declared weapon system. Ironic but true.

This irony may change someday — but not without a fight. Let me explain.

The U.S. government made some important security inroads with Microsoft. Bill Gates will soon let beltway officials analyze his source code. This is a genuine milestone in the world of COTS software ... but the computer security industrial complex will fight tooth & nail to stop the same thing from happening to them.

Antivirus firms in particular will do everything they can to convince everyone to blindly trust their software. "Everyone" includes you. "Everyone" includes me, too.


SOMETIMES, THOUGH, A person like me will try to rock the boat. Guess what? This column may upset the status quo for a multi-billion-dollar industry. They'll fight tooth & nail to maintain the status quo.

If you ask an antivirus expert for comments on this column (and I hope you do ask!), he might say "well, you know, Mr. Rosenberger has a strong way with words. I have the utmost respect for him, but..."

Anti­virus firms will con­tinue to give cyber-small­pox tech­nology to our enemies "as needed." Why? Be­cause their com­peti­tors do it, too. They've got to keep up with the Joneses.
It always begins with a "but."

The expert will assure you "Mr. Rosenberger isn't privvy to everything our company does for Washington. He isn't privvy to some of the things our industry does for U.S. national security." Ironically, I'm privvy to some of the things his industry does against U.S. national security. The expert will go on to say "we're not the traitors Mr. Rosenberger makes us out to be, and, believe it or not, DoD CERT really does know what it's doing."

Then the expert will persuade you with all sorts of patriotic reasons why you should remain blindly addicted to antivirus software written by people who admit they supply virus technology to the Chinese national police.

You'll only get one shot at a question, so you need to make it count. "Do you and each of the programmers on your team hold a U.S. security clearance? One word: yes or no."

Granted, his firm's antivirus software may protect every classified PC in the U.S. government — but anything less than a "yes" means the most important people in his company can't touch your GSA safe or your STU-III. Anything less than a "yes" means he isn't privvy to all of the wonderful things his firm (supposedly) does for Washington. Anything less than a "yes" means he isn't privvy to some of the wonderful things his industry (supposedly) does for U.S. national security.

The expert may pout and say "that's not really a fair question." Not fair to him, he means. Anything less than a "yes" means you called his bluff.

The expert may "concede" the facts but claim "Mr. Rosenberger is overhyping a threat that doesn't exist. Our firm is in the business to save PCs from viruses." Actually, his firm is in the business to make money and expand their markets. China will only let antivirus firms expand into their territory if they regularly turn over virus technology to the national police.

The expert will tell you anyone can download viruses from the web. He'll remind you of the fact government PCs get infected and send out viruses. He may say Vmyths desperately needs media attention to stay afloat. He may claim I just want to get on Schmidt's good side so I can sit on a beltway advisory panel. He may speculate I hold a grudge against one of his competitors and I naïvely take it out on the industry. He may hint that I want to write antivirus software for the feds.

The expert will say whatever it takes to keep you blindly addicted to, and perfectly comfortable with, antivirus software written by people who admit they gave virus technology to Beijing for years while they deprived Washington of it.

Print out a copy of this column and leave it on your Infor­ma­tion Assur­ance offi­cer's desk.
Do it anony­mously if you wish, but do it.
The expert will claim the U.S. government can't write its own antivirus software. He'll champion a global antivirus cartel as the lesser of two evils. He'll insist...


I'LL SAY IT again, folks. The antivirus industry wants everyone to feel perfectly comfortable when they do anything they wish for any reason they choose, especially if it threatens the very people who buy antivirus software. I don't make this claim lightly.

If you raised your right hand to defend the country, then you must treat your government PC like a GSA safe or a STU-III. You need to include it in your security theology. You must open your eyes to the security industry's non-existent security theology.

Remember to hit the print button. One copy for your Information Assurance officer, plus a copy for HQ USAF/SCMI. Do it anonymously if you wish, but do it. Print this file and hang it in your office if you want to make a bigger impact.

Look down. Somebody's got you by the short & curlies. He's from the antivirus industry and he's here to help...