Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Hollywood vs. the antivirus industry

Rob Rosenberger, Vmyths co-founder
Tuesday, 30 July 2002

As read by the author (MP3) LET'S FLASH BACK to November 2001. U.S. patriotism ran high after 9/11 ... and the U.S. antivirus industry faced a sticky philosophical question.

A new bill would make it legal for Hollywood to cyber-attack anyone who may have violated U.S. copyright law. Will the antivirus industry modify their software so Hollywood can inflict damage on antivirus users?
Would they put the FBI's best interests ahead of their paying customers? Would U.S. antivirus firms let the FBI's Magic Lantern trojan pass undetected? Would truth-in-advertising laws force them to disclose "our product will not protect you from state-sponsored viruses"?

Symantec mouthpiece Eric Chien said his firm would work with FBI agents to infect their paying customers. He clarified Symantec's patriotism in a story published in The Register. "If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it — we wouldn't detect it," Chien explained.

Symantec didn't stand alone in its patriotism back then. Associated Press reporter Ted Bridis claimed an unnamed McAfee expert "contacted the FBI on [21 Nov 01] to ensure its software wouldn't inadvertently detect the bureau's snooping software."

Unfortunately, this rush of patriotism caused a serious publicity snafu for the U.S. antivirus industry. Customers threatened to switch to non-patriotic products to achieve the protection they desired. Symantec quickly backed away from Chien's patriotic statements. McAfee went so far as to contest the accuracy of the AP story to assuage their client base. "Network Associates/McAfee.com Corporation has not contacted the FBI, nor has the FBI contacted NAI/McAfee.com Corp., regarding Magic Lantern."

(Longtime Vmyths readers will recall AP reporter Ted Bridis exposed "The China Syndrome" while working for the Wall Street Journal. I don't take his reporting lightly — and I independently narrowed the identity of the McAfee expert to two individuals. One regularly advises the White House on national cyber-security doctrine; the other departed on an apparently no-notice business trip to Europe when the brouhaha surfaced.)

Ah! But McAfee admitted to an intriguing exemption for the FBI's Magic Lantern trojan. The firm "does and will continue to comply with any and all U.S. laws and legislation." Think about this for a moment.

If Hollywood wants to attack antivirus customers, they'll need to go through the antivirus industry to do it.
McAfee's experts enjoy some extraordinarily close ties with U.S. federal agencies (even after The China Syndrome came to light). It honestly wouldn't surprise me if the FBI tried to obtain a sealed court injunction against McAfee and/or Symantec to make them secretly exclude the Magic Lantern trojan from their virus definition files.


OKAY, NOW LET'S flash forward to the present. Congressman Howard Berman (D-CA) introduced a bill to legalize malicious hacking so long as Hollywood does it enforce U.S. copyright laws.

To paraphrase Wired reporter Michelle Delio: an antivirus program will either look out for your best interests or those of Hollywood's. It can't do both. Will antivirus vendors work with Hollywood to achieve its goals? Will they make an exception for legal attacks against paying antivirus customers?

Probably not, I'd bet. Antivirus firms learned a valuable lesson at the FBI's expense last year.

Now, we can't really ask antivirus firms to speculate on proposed U.S. legislation. The digestive process of Washington lawmaking resembles your typical "grade Z" horror flick. Frankly, I doubt Berman's bill will survive to the end of the film. Mark my words: some other congressman out there will drive a stake through it at the end of the first reel.

Asking antivirus firms to consider the specifics of Berman's bill would be like asking the Business Software Alliance to conduct a survey on cyber-terrorism. But we can ask antivirus firms to speculate on hypothetical situations. So I asked them to suppose Hollywood could legally launch cyber-attacks on antivirus users.

MessageLabs bigwig Alex Shipp answered with a snicker, "we have no heuristics for distinguising legal attacks from illegal attacks." His boss, CTO Mark Sunner, added with a grin he doesn't want the headaches of trying to distinguish legal viruses from illegal viruses.

Symantec PR wonk Chris Paden answered my question rather seriously. "Our main concern is for our customers," he said. "We don't care who has been attacking our customers. We are going to deploy all of our defenses to meet it... We're not going to know who [launched the attack at the moment it occurred and] we're not going to delineate it."

If Hollywood writes computer viruses, we'll just name them after bad movies like Ishtar, Jaws IV, North, Highlander II, Caligula...
In other words, if Hollywood wants to attack antivirus users, they'll need to go through the antivirus industry to do it. Yet another reason to buy antivirus software if you ask me.


I CAN'T WAIT for legal computer security skirmishes to break out. Go ahead, congress! Let Hollywood attack U.S. citizens with deadly computer viruses.

We'll fight back by naming those viruses after bad movies like Ishtar, Iron Eagle, North, Highlander II, Iron Eagle II, Caligula, Highlander III, Iron Eagle III, Karate Kid III, Steele Justice, Jaws IV, Batman IV, Highlander IV, Iron Eagle IV, Karate Kid IV, Nuns On The Run, Star Trek V, She's Out Of Control, Virus (of course!), Delta Force, the next Highlander sequel, the next Iron Eagle sequel, the next Karate Kid sequel...

Oh, and any movie with Jar Jar Binks.

Ewww, look at all the bad movies out there. Hollywood has been attacking U.S. citizens for decades!