Posted by: David Harley | January 6, 2013

Startling New Threat!!!!

In Beware! The “Metavirus”! Rob Slade makes a trenchant point about security alerts and PR.

I guess as soon as someone manages to develop a meme detector, we’ll get lots of PR like this, pointing out that anti-virus is absolutely defenceless against the threat and therefore not worth paying for. And just wait till someone invents an APT meme.

The sad thing is, this ‘alert’ is fundamentally accurate. Back when I was responsible (in a Spaf’s First Law sort of way) for AV for an organization with around 1.4 million employees, metaviruses and memes in the form of chain emails gave me at least as much grief grief as real malware, and that was in the era of the fast-burning massmailer.

Spaf’s First Law? From memory, something to the effect of “If you have responsibility for security but can’t set rules or punish violators, your own role in the organization is to take the blame when something goes wrong.”

David Harley
Small Blue-Green World/Mac Virus
ESET Senior Research Fellow

Advertisements

Responses

  1. If you have responsibility for security, but have no authority to
    set rules or punish violators, your own role in the organization
    is to take the blame when something big goes wrong.
    – Spaf’s First Principle of Security Administration

  2. The meme detector – well, that would be me. I smash chain letters and can generally tell when someone is trying to get me roped into replicating a viral.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: