The edge of reason(ableness): AV Testing and the new creation scientists

First, let me start out by saying that I am in a bad mood. I probably shouldn’t write when I’m in this mood, because I’m in danger of just ranting, but I’m going to anyway. I’m in a bad mood because I am pretty fed up that some people are so deliberately trying to destroy something I’ve personally (along with many others) worked very hard to build in the last couple of years.

I’m in a bad mood because writing this is distracting me from the many other things that I need to do, and get paid to do.

I’m in a bad mood because I’m fed up with hearing that I, and others like me, have no right to comment on things that fall directly within my realm of expertise (and goodness knows, that’s a narrow enough realm) – and that if I do, it’s simply self-interested nonsense.

Secondly, let me also point out that although I’m now going to reveal that, yes, I’m talking about Anti-Malware Testing, and may mention AMTSO, I’m not speaking on behalf of AMTSO, nor my employer, nor anyone else, but me, myself and I (oh, that there were so many of us).

So, “What’s the rumpus?*” Well, in what has become an almost unbelievable farce, the last few weeks have seen mounting attacks on the AMTSO group and what it does.

For some background – those who are interested can read these articles.

http://kevtownsend.wordpress.com/2010/06/27/anti-malware-testing-standards-organization-a-dissenting-view/

http://krebsonsecurity.com/2010/06/anti-virus-is-a-poor-substitute-for-common-sense/

There are some very good points in the second (Krebs) article, although cantankerous is not something that I would say characterizes AMTSO all that well – as Lysa Myers has pointed out ‘AMTSO is made of people‘, and I think the generally negative tone employed is a shame. The first (Townsend) article is way more problematic; there’s just so much wrong with Mr Townsend’s thinking that I don’t really know where to start. Fortunately, Kurt Wismer has already done a great job of responding here, and David Harley an equally competent job here.

So why my response? Well, probably because I certainly am cantankerous.

I’m also, almost uniquely in this industry (David Harley is another), formerly one of those “users” that Mr Townsend is so adamant should be controlling the process of AMTSO’s output – indeed, the whole of AVIEN was set up in the year 2000 as an organisation of interested, non-vendor employed, users – albeit users who knew something about anti-malware issues. We were users responsible for protecting large enterprises, who wanted to be able to share breaking anti-virus information without the interference of Vendors or the noise of such cesspools as alt.comp.virus. We wanted good, reliable information.

I, like David Harley, later joined the industry as a Vendor, but I still understand what it is to be a user, and that was also a huge consideration in the setup of AMTSO – as so many have said before, and I want to reiterate here, bad testing of anti-virus products hurts everyone, the user most especially.

However, this debate is much more than just one on which we can ‘agree to differ’  – like whether Germany or Spain has the better football team might be – it’s much more fudamental than that.

Indeed, the only real analogy that comes close is that of the battle currently raging between the so called  faith based ‘science’ of creationists (let’s not prevaricate, Intelligent Design is just a euphemism for Creationism), and the research based science of evolutionary biologists and so on.

On the one hand, you have anti-malware researchers, professional testers and so on; people who study malware every day, who constantly deal with the realities of malware exploiting users, and who understand better than anyone the challenges that we face in tackling malware – if you like, the “Richard Dawkinses of anti-malware” (though I certainly would not claim to match his eloquence nor intelligence) –  and on the other hand, we have those outside the industry who say that we’re all wrong, that we’re just a “self-perpetuating cesspool populated by charlatans” (yet none the less, a cesspool at which the media feeds most voraciously), that nobody needs AV, and that everything the AV community does or says is bunk.

What I find so extraordinary (in both cases) is that those who are most in a position to provide trusted commentary on the subject are so ignored, in favour of those who have shrill, but ill-informed voices. Why is it that information from a tester; who may have just woken up one morning and decided to ‘test’ antivirus products; is taken on faith as being correct and true; and yet, when a group of professional people give up their time voluntarily, and work together to try to produce some documentation that sets out the ways in which anti-malware products can be tested effectively (and, no, that has nothing in particular to do with the WildList) and reliably, is it so violently decried as self-interested nonsense. It’s a terrible shame that science is so deliberately ignored in the face of popular opinion. Unfortunately, millions of people CAN be wrong, and often are.

AMTSO is not about dictating truth, but rather pointing out ways in which truth can be reliably found (and importantly, where it cannot).

I refuse to lie down and take it when someone tries to tell me that I’ve no right to point out the truth – and I’m not talking about truth based on some millenia old scripture, but real, hard, repeatable, scientifically verifiable, researched fact. If that makes me as unpopular as Richard Dawkins is to a creationist, then so be it.

If you’re interested in understanding why anti-virus testing is so important (and why so many professional testers participate in AMTSO) then, please, do have a read of the AMTSO scriptures er… documents, here.

Andrew Lee – AVIEN CEO, Cantankerous AV researcher.

* If you’ve not seen the excellent movie “Miller’s Crossing” you won’t know where that quote comes from.

(Thanks to Graham Cluley for pointing out that the first link didn’t go to the correct page.)

Advertisements

11 thoughts on “The edge of reason(ableness): AV Testing and the new creation scientists

  1. Pingback: Some positive commentary « amtso

  2. Dantevios

    We are out there!

    I hear you my friend. I hear you whole heartedly. It makes me angry when people take any topic on faith alone as well and do not study topics methodically. I’m just dropping a line in your blog to say that I’m one of the guys out there fighting for reason and you’re not alone.

    Reply
  3. Pingback: SecuriTeam Blogs » Conspiracy Theory

  4. Alan

    You had me until you mentioned Dawkins.

    Your analogy breaks down for the same reason that many evolution proponents (myself included) fail: They treat the issue like it’s merely technical, ignoring the social and “soft” elements of the issue. Or they overburden the issue by insisting that it’s, for example, necessary to be an atheist (count me OUT) if you’re in support of evolution. That just complicates the issue and makes others feel that there’s a whole “agenda” involved.

    Let’s stick to the issues, please.

    Reply
  5. ALee Post author

    Actually, that was pretty much my point Alan – I (and I’ll presume you, though I may be wrong) am not in a position to go and do the science and research that Dawkins has done. Just as, many people are not in the position to do the research that I do in my field. So, they only basis we might have for understanding the subject is to see what an expert is saying – and not dismiss it because we might not like the answer. And, it pretty much is technical (evolution as well as AV-Testing), there’s no ‘soft’ position on this stuff – it’s either right or wrong, and the evidence backs the theory, so we can largely say it’s ‘right’ – that goes for AV testing too – there are a few ways to do it right, and many more to do it wrong. In that sense, of course there is an ‘agenda’ involved – I’m interested in seeing Anti-malware product testing improved. As far as anything else goes, this isn’t a religious blog, and I don’t care as such what anyone else believes. I believe the analogy is a good one – it’s a case of expertise against popular opinion. Dawkins is a controversial figure, so I expected to get some sort of rise from people – a lot of people seem to, unfortunately, confuse his stance on atheism with his position on evolution, sadly, that’s just an example of sloppy thinking.

    Reply
  6. Pingback: Joint Blog « amtso

  7. Pingback: AMTSO « Authentium Virus Blog

  8. Alan

    ALee, I see and agree with your point — but perhaps Dawkins isn’t the best example because he joins his advocacy of evolution (which is “qualified” to advocate) with atheism (which is not “qualified” to advocate).

    Assuming you chose Dawkins deliberately, there are plenty of people with high-level scientific expertise who agree with Dawkins about evolution but not atheism. Many are even zealous “believers.” Why should I believe Dawkins on an issue for which he has no qualificiations? (e.g. Collins, Polkinghorne, Dyson, McGrath, Ayala, Barrow, Townes, to name but a few). Dawkins is a bad example while he has extensive experience with microbiology, he has absolutely none in the social sciences or theology. Dawkins would be a better advocate for evolution if he would focus on his areas of competency. (FWIW, I find Hitchens far more compelling but still not persuasive.)

    And that was precisely my point — we need a holistic few, not a niche advocacy that can’t see the forest for the threes.

    Reply
  9. Alan

    he he <- to be inserted as necessary in my first paragraph in the previous post

    . <- to be inserted in the second paragraph, above, after "example" and before "while"

    Reply
  10. ALee Post author

    🙂 Maybe the fight between the supporters of Homeopathy and Medical Science would be a more apt analogy then. My personal preference is Daniel Dennett, but we can debate philosophy on some other blog 🙂

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.