Information Security Reviews - Can They Be Trusted?

A few months ago, ZDNet posted an article blogs.zdnet.com/security [zdnet.com] stating the anti-spyware market never really existed. Here is my edited response:

Wow, what a load of bull. I have spent the last 20 years in IT Security and for the editors to allow this garbage is an insult to anyone with active grey matter.

For almost one third of my IT career I worked for one of the two largest security companies. I spent countless days, evenings, and weekends helping customers remove spyware (and adware, and viruses, etc) from systems that products such as the ones listed in the article didn't and couldn't prevent. Are you trying to tell me that the code I was cleaning up wasn't really there and that I was imagining it all? Do you think the security personnel at some of the largest organizations in the world are completely daft?

Those who refuse to learn from the past or discount the experiences and opportunities to learn are destined to repeat it. So you can say what you want about spyware being non-existent but don't come running when you find a key logger. Oh yeah...key loggers aren't viruses, they are technically considered and defined as spyware. Break the word down into the two parts; spy - meaning to watch secretly and ware being short for software and you get spyware. Software used for covertly monitoring a user's activity on a computer.

There are numerous examples of spyware. Go ahead and open a new browser window to Google or any other search engine and do a search for "spyware examples". Now tell me the anti-spyware market never existed.

It is articles like this which keep the truly informed employed. Thank you for adding to my job security.

My original response was challenged so I needed to reply. Here is what I wrote:

Ryan wrote:

"This is the ultimate confirmation, in my mind, that the fake anti-spyware market (that never really existed) is now dead. I never quite understood the difference between a spyware threat and a virus threat. For the most part, this was a definitions game played to perfection by both sides -- the noxious adware vendors who wanted to be viewed as legitimate; and the slick anti-malware vendors who were only too happy to play along to sell a brand new product."

Let's look at this paragraph in greater detail along with your comments.

You say "He's not saying the threat doesn't exist...the category of spyware was a made up category...services should have been included in antivirus." That sure does sound like he says the threat doesn't or didn't exist.

Ryan admits "I never quite understood the difference between a spyware threat and a virus threat." This is fundamentally where I have a problem with ZDNet saying "Ryan Naraine is a freelance writer specializing in Internet and computer security issues." Specializing? Do you really expect me to believe that Mr. Naraine is a security specialist? The differences between malware variants and the threats posed by each are key to understanding security threats. I apologize if I offend those who already know and understand the differences but I hope Ryan and the ZDNet editors are paying attention.

1. What is a virus? A virus by definition is self replicating code which generally requires action by a user. Viruses may or may not carry a payload.

2. Worms are self replicating programs which need no user involvement. Worms generally use known loopholes or vulnerabilities.

3. Adware was and is still intended for marketing purposes. Adware gets installed with other software and functions as a separate program. Adware typically generates unwanted or irrelevant advertising via email or pop-ups.

4. Spyware is an unwanted program that secretly attaches to a wanted program which gets installed simultaneously. The unwanted program collects user information which can be used for identity theft, fraud, or other malicious and/or criminal activity.

5. Rookits are typically a collection of malicious software (Trojan, virus, spyware, etc) which often allow the installation of hidden files, processes, user accounts, etc. which get activated each time a system boots up. Rootkits are able to intercept data from terminals, network connections, keyboards, flash drives, etc. and run as a silent operation without the user's knowledge.

Can all the above be lumped into one category...YES. It's called Malware. Here is Microsoft's definition of Malware; "Malware is short for malicious software and is typically used as a catch-all term to refer to any software designed to cause damage to a single computer, server, or computer network, whether it's a virus, spyware, et al." Even Microsoft acknowledges the differences between the above.

With all of this said as well as the other replies which have been posted I'm wary of Mr. Naraine's so called "test" which he conducted earlier this year for PC World. Should I contact PC World next?

The closing sentence truly shows the author's ignorance of not just the malware industry but the software industry as a whole. They (malware programs) are not all the same and the reason people pay extra for the other functions is the same reason we pay extra for complimenting programs such as Word, Excel, PowerPoint, etc. Yes, they are usually all part of a suit of products but each one was written, designed, and programmed by people who should get paid for their work. Antispyware is different than antivirus, such as host IPS is different from a firewall.

The above can be found on my Stumble Upon blog http://ipsecevangelist.stumbleupon.com/ which was created solely for the reason that I was fed up with all the so called "experts" filling people's minds with garbage. I'm not professing to be an expert, perhaps just more knowledgeable about some things than others, but I do have common sense and like most everyone else, I don't like to be fooled, cheated, or lied to.