Kurt Wismer posted a much-to-the-point blog a few days ago about the way that purveyors of scareware (fake/rogue anti-virus/security products) mimic the marketing practices of legitimate security providers. You may remember that a while ago, I commented here about a post by Rob Rosenberger that made some related points.
If you’re a regular reader of my blogs here or elsewhere, it won’t surprise you that I have a lot of sympathy with these viewpoints, and I hope Kurt will agree that we don’t do the “buy our software so that you never have to take responsibility for your own security” message here. And some elements of the AV industry of which I have, in recent years, become a part, have not always done the industry or its customers any favours by hypeing media malware, TOAST marketing (The Only Antivirus Software That you’ll ever need… [hat tip to Padgett Peterson]), and other dubious marketing practices that have enthusiastically been picked up by those who rate a Good Story as being something quite different to an Accurate Story.
Well, I’ve been hearing rumours of marketing that sounds far too close to scareware for comfort. I’m not going to name names on this occasion. It’s bad karma for AV researcher to throw stones at another vendor’s glass house without hard evidence of unethical practice. So here are some entirely general thoughts.
It would, of course, be a very bad idea for a vendor to try to persuade its own customers to spend money on one of its other products by hypeing a non-existent threat. If a vendor was rash enough to indulge in such scareware tactics, its customers might want to consider whether:
Of course, this is all totally hypothetical. Surely no reputable AV company would make these mistakes, for both ethical and practical reasons (i.e. for fear of damage to its reputation and existing customerbase? I live in hope that these rumours will turn out to be based on some misunderstanding or misconception.
David Harley CITP FBCS CISSP
Senior Research Fellow