Editor's Note: Desperation, Scare Tactics, and Happy Memorial Day!

May 22, 2009, 23:02 (17 Talkback[s])
(Other stories by Carla Schroder)

by Carla Schroder
Managing Editor

I love to poke fun at tech vendors who continually boast of their innovation, when in fact they're scared to death of real innovation, if they could even recognize it. Today I poke fun at the anti-malware industry: Kaspersky, Trend Micro, Symantec, F-Secure, and the rest of the usual suspects. Their existence depends on Microsoft Windows and the entire leaky MS application stack never ever getting fixed. I would die of shock if any of them ever grew a spine, demonstrated some real innovation in honesty, and announced "To cure your malware problems, don't use MS Windows." OK I probably wouldn't die, but I'm sure I would have to sit down.

You're probably familiar with the buggy whip analogies-- when automobiles became popular, they put the buggy whip makers out of business. Microsoft makes horse-drawn carriages and the anti-malware companies are the buggy whip makers. Naturally they don't want to become extinct, so what do they do? Try to con Linux users into buying their wares. Which is like persuading automobile drivers that they still need buggy whips. This article is typical:

"Looming attacks will soon pop the security bubble enjoyed by Linux and Macintosh users, according to Russian security expert Eugene Kaspersky.

Note the emphasis on vague scare tactics and the lack of any actual data or information. This Softpedia article also spreads Kaspersky fluff, which makes me sad because I like Softpedia's Linux news and reviews a lot. It references this Kaspersky blog entry:

"At the moment we know of around 1000 cases of sites infected with Trojan-Downloader.JS.Iframe.auy. There are also several hundred servers infected with Trojan-Mailfinder.Perl.Hnc.a and Trojan-Dropper.Linux.Prl.a, which are actively spreading spam. The days of *nix systems not being targeted by malware writers are long gone."

Uh huh. Again heavy on scare, light on details. How do these *nix boxes become infected in the first place? What *nix boxes where? Unlike Windows, Linux and Unix do not auto-execute any random executable that happens to wander by. I did both Web searches and searches on Symantec, F-Secure, and other vendors to learn more about these big scary *nix threats, and they don't even include them in their threat lists. A Web search turns up the blog and some Russian sites. Searching Kaspersky's own threat list does not find anything mentioned in the blog, except variants on Trojan-Downloader.JS.Iframe.auy:

"Currently there is no description available for this program."

And some folks actually wonder why I am so grouchy and mistrustful. Though I prefer to think of it as skeptical and unwilling to be conned.

I think real innovation in computer security would be twofold:
1. Issue repeated, loud, clear warnings that Windows is unsafe at any speed
2. Invest all those resources and talent that are uselessly expended trying to sail the Windows sieve, and instead devote them to designing strong, user-friendly, user-controlled security tools that do not phone home and do not depend on Big Brother, but that really put control in the user's hands.

Then go after developers-- fix all the horribly-coded Web sites that suck up CPU cycles and repeat the same dumb security mistakes over and over. Strengthen notoriously porous PHP and Javascripts. Even better, let's go back to the good old days of not allowing remote code to execute on user's machines.

Invest in fundamentals like smart coding, so that applications don't need fixing. Something, anything other than clinging desperately to the status quo, and resisting efforts to fix it.

Don't laugh, I can dream.

Things to Remember on Memorial Day

The US holiday Memorial Day was originally intended as a day to honor women and men who gave their lives in military service. It has evolved into a day of remembering family and friends who have passed away as well. For those of you fine Linux Today readers who observe the holiday, I wish you all good wishes. For everyone who does not, you may have my good wishes too. Linux Today will carry on with fresh news and howtos through the weekend. See you all next Tuesday!