Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

They call it 'messiah complex' for a reason

Rob Rosenberger, Vmyths co-founder
Friday, 6 July 2001

As read by the author (MP3) FAITHFUL VMYTHS.COM READER John Gray[1] studied the recent critiques about Steve "raw sockets" Gibson. Gray wrote from his flat in Britain:

It seems that significant polarisation is taking place on this topic, with little love lost on either side. From the point of view of those ignorant on most security matters, certainly those at this depth, it seems rather disturbing that the (so-called?) experts do not seem to be able to agree on something quite so fundamental. Perhaps the end of the Internet really IS nigh?
Security expert Steve Gibson threw in the towel in his effort to save the Internet from an eternal lake of fire. He now awaits the literal end of computing as we know it.
And when cyber-Judgment Day arrives ... Gibson will blame it all on Microsoft.
Hey John, you know me: I get paid to say "the Internet will survive & thrive." For example, I knew Microsoft Word would carry on when doomsayers rode on the coattails of Melissa. I knew email users wouldn't notice when EIS and BubbleBoy changed the fundamental nature of email. I knew e-commerce would emerge unscathed when doomsayers rode on Mafiaboy's coattails. I uttered Mark Twain's famous quote when Tom Brokaw delivered the Internet's eulogy.

And I've proven right every single time. Or at least every single time so far, as my detractors will point out.

Like all the rest who came before him, Gibson believes cyber-Judgment Day is finally upon us. Sometimes the death of the Internet takes the form of an imaginary computer virus. This time, however, it takes the form of a "raw socket." If you don't understand this wildly complex issue, don't worry — security experts addressed it years ago.

Despite his Herculean efforts, Gibson failed to convince Redmond to remove raw sockets from their forthcoming "Windows XP" operating system. He even went so far as to participate in a conference call with seven security wonks. "Since only one person would have been required to tell me that Microsoft had changed its mind," he mused, "I presumed that their top guys had been assembled with the purpose of convincing me that I was wrong. As the meeting got underway it was soon clear that this was the case."

Still, Gibson tried valiantly to convince Redmond not to open a Pandora's Box. Sadly, "one of the Windows XP technical guys said that 'removing full raw sockets would only be a public relations win' " for Gibson. "With a bit of horror, I learned that Microsoft's developers have no understanding of security," he spat in a follow-up diatribe.

"To be confronted by seven very smart guys, who quite literally hold the future of the Internet in their hands..."

Of course, I asked the obvious question when I learned of the conference call. "Only seven to one?" Go on, admit it: you wanted Microsoft to cave in to a small-fry like Gibson. Everybody roots for the underdog in a David vs. Goliath fight. Microsoft didn't stand a chance.


THEN AGAIN, "DAVID" doesn't conjure up the correct Biblical reference here. Gibson exhibits many of the symptoms of ... well ... let me quote the Rev. T. Patrick Bradley and Ms. Mary Gardner:

This "messiah" complex is not limited to chaplains or social workers but may be felt by others in helping professions [e.g. computer security]. One would think that with maturity and expertise a chaplain or social worker [or computer security expert] would outgrow this need to fix everything. However, some seasoned professionals may look back on their successes and think they can still save the world.
"This 'messiah' complex is not limited to chaplains or social workers but may be felt by others in helping professions," e.g. computer security.
More messiah complex insight from Father Thomas D. Doesen:
(1) usually a very good person, valuable to society, and often ends up in the helping professions... (3) a good sufferer. These people make "good" Christians, martyrs, and so forth. The unspoken script ... is "I'm good because I suffer so much"... (5) selfless to the point of hurting himself or herself.
Still more insight from R. Joseph, Ph.D.:
Patients may come to believe that they have taken up the sins of the world (e.g. messiah complex) and that it is up to them to act at the behest of [the Internet]... They may therefore "preach" and write out their psychotic religious beliefs.
Microsoft held a conference call with Gibson The Messiah, not Gibson the expert. He failed to save the Internet from an eternal lake of fire ... so he now awaits the literal end of computing as we know it. I quote:

My protestations are falling on deaf ears at Microsoft. And thanks to many other loud and equally security-ignorant voices which are attempting to confuse the industry on this topic, Microsoft shows no intention of responding to this now very visible threat. So be it.
Yes, so be it. Translation: "if you disagree, you're a fool and you're contributing to the downfall of the Internet." Hmph. It wouldn't surprise me if he screamed "why hast thou forsaken me?" during the conference call. I suppose his PC will ascend bodily into heaven when cyber-Judgment Day arrives.

[Credit where due: I swiped the ascension joke from the almighty Cecil Adams.]

Gibson targeted The Register's Thomas C. Greene by example, yet other "loud and equally security-ignorant voices" include myself, Ian Whalley (WildList), Carole Fennelly (Wizard's Keys), and NetSurfer Digest. Oh, and let's not forget all the fools at Microsoft, from the chief information security officer right down to the newest security intern.

Gibson wailed "I regret my silence when scripting was being added to eMail." Hey, not to worry! I wrote about it in a 1998 column.
Memo to Gibson: real messiahs don't sit on their hands...
If thou darest question the Anointed One, then thou suck.


GIBSON CONVINCED HIS followers to abandon an Internet specification for the good of the Internet. Raw sockets serve no legit purpose, you'll only give up an inch, it's an inch you'll never travel anyway, blah blah blah.

Yet how could he convince the heathens at large to give up an inch?

Answer: Gibson didn't need to convince them. He only needed to force Microsoft to obey his divine will. Where Bill Gates goes, the heathens will follow. Gibson probably figured he'd turn up the heat on other operating system vendors (e.g. Sun Microsystems, Red Hat) once Microsoft caved in to his demands...

...Except Bill Gates' lackeys refused to cave in! "I am at a loss to fathom Microsoft's continuing refusal to appreciate the obvious consequences of this mistake," Gibson moaned in yet another tirade. "They must accept responsibility and correct the problem before it is too late."

As for me, I am at a loss to fathom Gibson's continuing tirade. The almighty Internet Engineering Task Force covered raw sockets in 1998 and revisited the problem in 2000. IETF's recommendation covers all operating systems, not just Microsoft's. Gibson concurs with IETF's recommendation. On the other hand, Microsoft's grandiose ".NET framework" raises all sorts of thorny issues. The antivirus industry alone believes they've got years of job security ahead of them.

Yet Gibson seems overwhelmed by a subject the almighty IETF tackled years ago. This leads me to ask an important question: "what gibsgives?" A messiah can beat so many different horses in the computer security world; why choose a dead one?

Gibson's refusal to acknowledge other viewpoints reminds me of a "Celebrity Deathmatch" episode where Metallica frontman James Hetfield battled Limp Bizkit singer Fred Durst. (Hear me out...) Hetfield asked probing questions like "where's the extended guitar solos?" Durst, however, didn't want to debate the merits of rock & roll. He just wanted to kill Hetfield. Durst, Gibson, get it?

Hmmm. Remind me to give up "Celebrity Deathmatch" reruns.

Now, before you start screaming about my messiah complex, I want to make something perfectly clear. Yes, I've got a messiah complex! And it's bigger than Gibson's. (Quote me.) Get this: I formed a company solely to wipe out computer security hysteria, and the angels sing every time I post a column.

Gibson could beat so many different horses in the computer security world. Why choose a dead one?
I may not win the battle against hysteria — but I didn't come here to lose. Critics like me make excellent messiahs. Now you know why they call me "god with a little g" in the alt.comp.virus newsgroup. And why I call John Gray a "faithful" reader.


A POPULAR MESSIAH can wield incredible power & influence. He can deliver a mortal blow in some cases. You'll compound your injuries if you try to defend yourself from a messiah's attacks — and you'll create a martyr if you try to assassinate him. The antivirus industry fears me for good reason. And Microsoft fears Gibson for the same reason.

Take a look at the messiah's most recent accomplishments. (Gibson I mean, not me.) He wrote a tirade about raw sockets (ouch) which forced the goliath to defend their decision (ouch2). Then seven bigwigs set up a conference call with him (ouch3). But the powwow didn't go Gibson's way, so he wrote another tirade (ouch4a).

Yet if it had gone his way, Gibson would've taken full credit for single-handedly saving the Internet (ouch4b) — and Microsoft would have admitted they nearly destroyed the Internet (ouch5). Then Gibson The Savior might launch his tirade against Sun Microsystems, Red Hat, and perhaps even the almighty Linus Torvalds himself! Ouch ouch ouch.

Not many people can brag "I forced Microsoft into a Kobayashi Maru scenario." Such is the power of a popular messiah. Memo to Bill Gates: did you forget all those lessons you learned years ago from Jerry Pournelle?

Heh heh. As a messiah, I know Gates will read my memo. By the way, Bill, you can reach me these days at (319) 646-2800. So where was I? Ah, yes...

I first encountered Gibson's messiah complex at the height of the Aureate DLLs hysteria. He helped fan the flames, and in so doing he made himself a target for my own righteous crusade. However, Gibson didn't contribute enough to the hysteria. To put it in fishing terms: he wasn't a keeper, and I had bigger fish to fry.

Not many people can brag "I forced Microsoft into a Kobayashi Maru scenario." Such is the power of a popular messiah.
But Gibson made himself a much larger target with his "raw sockets" fearmongering.

Mind you, I regret my silence about him during the Aureate DLLs hysteria. Gibson's OptOut utility was the most blatant copyright violation tool I had ever seen in the mainstream, but I didn't care since I pay for the shareware I use. So I didn't work to make the world take notice of him. Now his disciples are born daily to travel the Internet at light speed. And it could have — should have — been prevented.

(I mocked the previous paragraph from Gibson's website. Compare his tirade with my spoof page if you need a laugh.)


WILL THE "REVELATION" of Gibson's messiah complex impact his righteous crusade?

In the short term — yes. This controversy will now join its brothers in the land of obscurity. In the long term — no. I doubt the revelation means anything.

Sure, the "security-ignorant voices" at Microsoft will read my column, and they'll all laugh at Gibson's expense. So what? My column may spawn another episode of the Usenet knee-jerk show. Again, so what? Experts go berserk all the time in the computer security world. Why would we remember Gibson over anyone else?

Sure, reporters will see Gibson in a new light. So what? The controversy ended for them when Gibson said "so be it." Now it's all but for the waiting part. Reporters don't get paid to wait! They'll look around for other, fresher controversies while the messiah frets.

Sure, some of Gibson's followers will see him in a new light. So what? They'll still believe in him even if his prediction tanks. They subconsciously know experts go berserk all the time in the computer security world. Trust & forgiveness go a long way in the world of messiahs. (Trust me on this.)

Now let's ask a corollary question. Will the revelation of my messiah complex impact my righteous crusade? Frankly, I doubt it.

Sure, the antivirus industry's "equally security-ignorant voices" will read my column, and they'll all laugh at my expense. Good for them! I said it before and I'll say it again: "I treat everything & everyone as fair game, including even myself." The message is more important than the messenger.

Young Caine: How do I find myself and the light?
Master Po: By taking the path that leads to the truth.
Young Caine: Will you help me walk the path?
Master Po: I can only point the way, Grasshopper. You must walk the path yourself...
I regularly expose my failures, foibles, and fuscrew-ups. I want my disciples to think of me as an instructor messiah. I model myself after Master Po from the old "Kung Fu" series, teaching each Grasshopper to seek the truth in computer security. Master Po, Rosenberger, get it?

Hmmm. Remind me to give up "Kung Fu" reruns.

I do want my disciples to enjoy peace of mind, though. Let me repeat — it doesn't matter if your operating system supports raw sockets. You just need to keep malicious code at bay. Focus your mind, Grasshopper. Focus on the problem, not its symptoms. If you let malicious code take over your PC, then raw sockets are the least of your concerns.


SO! EVERYBODY ROOTS for the underdog in a Messiah vs. Goliath fight. Who do you root for when it's Messiah vs. Messiah? What odds will the bookies place on it? Who gets top billing on the boxing card?

Microsoft "quite literally holds the future of the Internet in their hands" according to Gibson. He now awaits cyber-Judgment Day. I say "don't hold your breath." So be it! Time to place your bets on us, folks. Just remember: I've proven right every single time.

At least so far...