All's Fair in Love and Marketing?

I don't regard myself as being particularly naive: I know as well as you do that having an excellent product is not enough on its own. You usually have to market it properly as well: otherwise, it sinks because no-one is buying it, so no-one is making a living.

I know, too, that this industry is not entirely populated by plaster saints, though I don't happen to believe that we're moneygrubbing capitalist running dogs, either. Well, not all of us.

In fact, the antimalware industry is founded on cooperation as well as competition. We all have to earn a living, but mainstream vendors don't generally sacrifice the safety of the community in general for their own commercial advantage, for instance by keeping malware samples to ourselves.

(Don't start asking me for samples, though: we share with people we trust not to misuse them, including testers and other vendors: we don't give them to anyone who asks for them!)

From time to time, this leads to major community initiatives like the WildList Organization and the Anti-Malware Testing Standards Organization, which are intended to benefit the community at large and not just the security industry. Then there are shorter term initiatives intended to counter shorter term threats like specific malware, which often pull in a wide range of organizations. For example, a new initiative spearheaded by Microsoft and intended to counter the ongoing Conficker threat includes organizations like ICANN and Shadowserver ] as well as anti-malware vendors.

Unfortunately, we also come across instances where the security of the customer is compromised in order to achieve a perceived marketing advantage. It's always tricky, as a researcher working for a vendor, talking about other vendors, especially when the vendor concerned, or at any rate someone in its distributor network, is talking very negatively about us. The last thing I want to do is get into a marketing war, so I'm not going to name and shame here and now. However, there's a significant security issue involved here, and I'll be addressing that issue in the abstract later today.