I Must Admit

Week of August 10, 2001

I must admit that I really don't have a lot to do today and that might be the reason I am writing this essay, this rant, a rant or essay about - well I am not sure yet where this will lead, so let's kick back and see.

I must admit I wish I was a better writer. With so many languages under my belt it's difficult to master any one, and sometimes the words are there but do not quite make it to the surface and somehow I know I got said what I wanted to say but not quite in the words I'd wanted to use to say it.

But this essay, this rant, is not about writing skills, but about computers and computer viruses and AV companies and virus hype and stuff like that. It's about a few personal reflections I just had on the matter. It's an honest attempt to put myself in the perspective of what is and has been going on for quite a long time.

I must admit that the first time I saw something about computer viruses on TV I was rather excited. It was just nice to see TV and the media do anything about computers. They talked about the Michelangelo virus and how it would devastate millions upon millions of boxes.

I must admit that when the local news broke with the story that a native son of ours had found the author of ILOVEYOU I was very proud. I immediately contacted Lynn Burke at Wired and Lynn got on the lead, tuning into short wave radio and trying to read all the dailies which might cover the event. I later worked with these people in explaining exactly how both the worm and the trojan worked, and I must admit I found it all rather exciting.

I must admit I know better today. And I must admit that this is in no small part due to Rob Rosenberger.

If ever you are wondering just how bad the latest worm/virus is going to be, check with Rob first. Check what's really happened with all the other worm/viruses that were supposed to wreak havoc on the planet.

I must admit I've had it. It's so bleeding obvious today what is going on. Yes, there are worms and viruses out there, but no, there is no great threat the way the AV companies put it, and yes, they're only into it for the money they can get out of you. Rob is currently putting an AV-free network online in an attempt to prove that AV is not really all that necessary - something many of us have suspected for a long time.

And it was Rob and his links which clued me into the backgrounds on individuals such as John McAfee, and provided documents as proof. It turns out that McAfee is a bit of a carpetbagger, surfacing in San Francisco in the late 1980's to - believe it - sell 'I AM HIV-FREE' badges to gays for $22 a pop ($7 semi-annual renewal rate) and put them in a special database he held where they could look for clean people to have sex with. This was 1986. Less than two years later McAfee was suddenly calling himself a computer virus expert with no prior background in the business at all. So there you have it.

When McAfee found out about Michelangelo his organisation was prepared. Set up a completely different way from the other AV vultures, it was able to respond to the panic McAfee generated to make millions in sales while the competition got clogged phone lines instead. When McAfee went on the Today show all hell broke loose - and McAfee personally cleaned up.

McAfee is like an Edgar Bergen. He has his Charlie McCarthy puppets ready to spout out whatever hype he tells them to. One of McAfee's all-time favourite wooden dolls is Steve Gibson. Back in 1992 McAfee wanted to scare the world with MtE, the Dark Avenger Virus Mutation Engine. He laid the groundwork for the scare, and good old buddy Steve 'Steverino' Gibson at Tech Talk picked it up. Gibson wrote that the world would never be secure again, that AV software was obsolete, blah blah blah. People panicked and McAfee again made a mint.

What people don't realise is that shills are everywhere online. Although it may be hard to prove, it is quite obvious that certain 'authorities' are spouting things in a bit too pushy a way. Although we may never have proof, for example, that Gibson is still working for McAfee in pushing the latter's ZoneAlarm, we can note that the former is really pushing it - and even to the exclusion of the competition, such as NetworkICE and Tiny. Tiny hardly gets a mention, NetworkICE gets called every name in the book, but ZoneAlarm - which Steverino insists he has nothing to do with ('I'm not selling anything!' he protested on David Lawrence's radio show) - gets plug after plug after plug. 'You gotta use this program', 'I was just by the Zone Labs offices again today and these are great guys', etc. Blah blah blah. Put it this way: if Gibson is not getting paid by McAfee to shill ZoneAlarm, then he's a fool, and a poor fool too, for precisely as he himself claims, he is selling absolutely nothing - neither online or off.

I thought it was cool that the media took up computers way back in the days of Michelangelo. But I do not think much of the media any more, for they have demonstrated time and again that they just don't get it. Rob has the key: the media always says 'if it bleeds it leads', and the juicier the headline the better. If McAfee says that Michelangelo will infect 'from 50,000 to 5,000,000 computers' then he knows the media will pick the 5,000,000 figure, because that's the way the media works, and McAfee says what he does because that is the way McAfee works.

When a recent version of ZoneAlarm was ready for release, someone in the Zone Labs beta test group sent me a copy. It didn't even take me ten minutes to poke holes all over the ZoneAlarm user interface. Zone Labs had gone through a lot of trouble to make their app look sexy, with newly created 'controls' to do all sorts of fancy things. Yet these controls worked neither consistently nor correctly, and it was childs play to make the program look ugly.

What really got me was that this supposed gem had been through such supposedly rigorous beta testing and none of these guys found it. I learned right then and there that the beta testers were not beta testers at all, but duped shills. They were expected to get the word out about ZoneAlarm, and they did. Zone Labs never filtered their beta tester list, they never asked about qualifications or anything, they just signed up anyone who was interested. It was product promotion and not product improvement that Zone Labs were after.

I wrote to Zone Labs and showed them how they themselves could poke holes in their GUI blindfolded and I got some kind of dumb reply as I remember, for within minutes of my passing the reply back to a beta tester the whole thing went ballistic and Zone Labs was getting attacked left and right and the beta testers went out for blood.

How did McAfee handle it? Cleverly as always.

The very next day we got a purchase order for our XPT from Zone Labs. That did it. Despite newsletters going out all the time, I could not bash a customer of ours, even if said customer deserved it, and McAfee knew it. By 'pushing buttons', as Rob terms it, McAfee had again succeeded in silencing the critics and cynics.

As we watch the Code Red II hysteria hit, as we see people panicking everywhere, I remind myself that Rob Rosenberger has never been wrong - so far - and I seriously doubt he ever will be.

Rick