Truth About Computer Security Hysteria
The plural of 'anecdote' is not 'data'Rob Rosenberger, Vmyths co-founder
Monday, 27 December 1999
MIKE QUEAR WORKS as a technocrat in the U.S. House of Representatives. He addressed CSSPAB members the same day I did. My ears perked up at one point when Quear noted "the plural of 'anecdote' is not 'data.' "
How utterly true.
Reuters, MSNBC, USA Today, and other major news outlets predict a Biblical flood of Y2K viruses. Yet a Washington Post story admits "the risk of computer intrusion is based more on speculation than on the sort of hard evidence gathered by virus makers." In related news, FBI NIPC director Michael Vatis finally admitted he lacks evidence to support his own rampant fearmongering. (Somebody should remind him what the "I" stands for in FBI.)
Sadly, the Washington Post goes on to say the risk is "definitely growing." Growing based on what? The computer security industry collects anecdotes, not hard evidence. Ask them about Chernobyl and they'll tell you a half-million PCs died throughout Asia. Ask for receipts to prove it and they'll claim they can't divulge the names of devastated clients. "Besides, we didn't have time to catalog evidence. We battled ExploreZip right after Chernobyl wiped out Asia..."
Here: you try to squeeze evidence from this virus expert. I'll try to squeeze blood from this turnip. Let's see who wins. Go!
The computer security industry relies on fear to sell its products & services. Even the FBI sells a service in this case. "Experts" prefer anecdotes because they help increase the bottom line. Scarier anecdotes translate into higher revenues. John McAfee started the trend more than a decade ago and it continues to this day.
It goes on unchecked because reporters assume experts base their statements on hard evidence. Why do reporters keep making such a bad assumption? I believe they have a fetish for juicy virus stories. (I sound like a broken record on this subject.) The media as a whole rarely suffers for what it passes off as computer security news.
Me, take a fearmonger at face value? Bah. "The plural of 'anecdote' is not 'data.' " I and other skeptics demand proof. You should demand it, too.
Wait, you're squeezing the expert all wrong. You gotta grab him by the neck, see?