Hitting the easy targets and letting the big guys get away with it again and again….

May 29th, 2008 Drazen Drazic Posted in Bad Stuff, Dumb Security, WTF, cyber crime |

I started to talk about this in a response to the last post here.

I am seeing this trend of organisations with false and mis-leading promises being targeted with our industry’s ire, and as I said, rightly so but is the focus blinkered? I think so…..the easy targets are being hit while others continue to get away with it over and over again.

ScanAlert seems to be one of, if not the most hated products/services by people in our industry. Just look at most security bloggers pages and you’ll see pretty much a consensus of people’s opinions of it. See latest post here for example.

There’s plenty of individuals in our industry who put their thoughts out there and get attacked (when deserved) for it. I know I do. Individuals are easy to target!

From the last post:

“@Dec, what worries me is a trend I am seeing lately where individuals who can be easily identified as the front for a product or service that is “questionable” are now being outed so to speak. And so they should be.

But the larger players who can “hide” so to speak behind a corporate guise and a million and one products in their inventory get rarely a mention!

How different is this guy (or ScanAlert, pre-McAfee) being caught out with a questionable product to a Symantec for example who openly tells all: “…proactive protection against unknown and zero-day threats”?? WTF??

When there is one face to something, they’re an easy target for our industry, the press and the law. Yet, when it is a large corporation, they’re almost untouchable no matter what marketing BS they flog into the world!

Something is wrong here. If you are company that has an individual as a face, you are open game. If you are a large listed corporate, you can do and say as you like - no matter how questionable it is!”

Go and have a look at some of the “big” security product vendor sites and seriously tell me if what they are promoting is any less questionable than a Lifelock or what ScanAlert promoted?

What’s the thinking in HQ? Something like: just get it out there, make the big claims, make squillions and then fix/patch as needed and in the meantime, invent the next silver bullet solution. (Company thinking: we’ve done it for years, the strategy works, lets keep it going!)

And we as consumers just sit back and take it because we always have! Time to change things guys? I think so. Keen on your thoughts.

12 Responses to “Hitting the easy targets and letting the big guys get away with it again and again….”

  1. D2 Says:
    May 29th, 2008 at 7:22 pm

    False advertising. Psychology is interesting. What is the relationship between risk aversion and knowledge? It comes back to ORM! or how much you are willing to pay to believe the *whole* security issue goes away? D2

    http://taosecurity.blogspot.com/2008/05/excellent-schneier-article-on-selling.html

    “I would be interested in knowing what the risk literature says about people who don’t put their own assets at risk, but who put other’s assets at risk — like financial sector traders.”

    Face = perceived accountability = target <= angry mob :)

    http://www.schneier.com/blog/archives/2008/05/how_to_sell_sec.html

    “How does Prospect Theory explain the difficulty of selling the prevention of a security breach? It’s a choice between a small sure loss — the cost of the security product — and a large risky loss: for example, the results of an attack on one’s network. Of course there’s a lot more to the sale. The buyer has to be convinced that the product works, and he has to understand the threats against him and the risk that something bad will happen. But all things being equal, buyers would rather take the chance that the attack won’t happen than suffer the sure loss that comes from purchasing the security product.”

  2. Drazen Drazic Says:
    May 29th, 2008 at 7:52 pm

    http://www.fairtrading.nsw.gov.au/Consumers/Advertising_and_pricing.html

    Okay, I have linked to one page on this site (click through yourself to others that pertain to this topic). This is Australia specific but I am sure most countries have similar regulations and laws. To me, looking at the laws/requirements of advertising, I think I could report most big security software vendors right now!

    Yet no one seems to do that!

    Why are these guys working to different legal requirements to other industries/sectors?

  3. Declan Ingram Says:
    May 29th, 2008 at 8:41 pm

    Maybe we have been worn down by constant marketing and cynically low expectations..

  4. Shifter Says:
    May 29th, 2008 at 9:00 pm

    Written so true and amazingly so not obvious to us all when it has stared us in the face! This is a big wake up call to all of us in the industry. I mean that. I have been one myself that has been so critical of the people you mention as the “faces” of smaller businesses but I have always taken with a grain of salt the “big” guys and never really compared them.

    I support the move to out the BULLSHIT and ask everyone here to send a link to this post on to everyone they know to respond and show their support, and from there, follow this post and responses and lets all start a movement against the false advertising that dominates our industry!

    SFB

  5. Silky Says:
    May 29th, 2008 at 9:07 pm

    Totally with you here mate. You make a good point. It’s an interesting problem to consider …

  6. Goran Says:
    May 29th, 2008 at 9:48 pm

    I support direct to you DD. Good work Shifter. Time for change everyone and be loud!

  7. Billy D Says:
    May 29th, 2008 at 10:32 pm

    Big 4 dude and I know what I can expect from you all but I am on your side. We are not all bad. Add me to the list!

  8. Drazen Drazic Says:
    May 30th, 2008 at 10:08 am

    This is an interesting article from David Rice, the author of Geekonomics:
    http://www.csoonline.com/article/372664/Broken_Windows_Revisited_Why_Insecure_Software_and_Security_Products_Hurt_the_Global_Economy

  9. ESFANBOI Says:
    May 30th, 2008 at 10:59 pm

    I know you dudes can do some 0days….save them for a next big marketing day. The Symantec guarantee is gold! This is one that will come back to haunt them and your site will become legend!

  10. Declan Ingram Says:
    June 3rd, 2008 at 2:44 pm

    @ESFANBOI

    Sounds like Oracle ;-)

  11. SGIRL Says:
    June 4th, 2008 at 1:50 pm

    At Least their Honest.

    This “Pitch” for ScanAlerts Hacker Logo is probably the most honesty I have seen to date.
    http://www.scanalert.com/content/affiliate/pitch.jsp?a=63&c=55&k=VrFppjPpQN

    When you display the HACKER SAFE certification mark, you not only increase sales by increasing shopper confidence, you build your brand with the security seal seen on more top sites than any other.

    Finally… You Too Can Use The Exact Same
    SECRET WEAPON Used By Over 80,000 Websites Worldwide Including Half of the Internet Top 500- Can They All Be Wrong?

    In Over 500+ A/B Split-Tests, This SECRET Showed an Average Increase of 14% Without Changing Anything Else On The Page!!!

    You Can Save Up To 25% Off Their Current Price
    You Can’t Get This Offer Even On Their Own Site!!!

    Information about the security behind the hacker safe logo. Scroll down a really long way.

  12. Beast Or Buddha » Blog Archive » Trend Micro attacks the bad guys on their own turf…. Says:
    June 22nd, 2008 at 11:42 am

    [...] post. Leave a [...]

Leave a Reply