First, let me start out by saying that I am in a bad mood. I probably shouldn’t write when I’m in this mood, because I’m in danger of just ranting, but I’m going to anyway. I’m in a bad mood because I am pretty fed up that some people are so deliberately trying to destroy something I’ve personally (along with many others) worked very hard to build in the last couple of years.
I’m in a bad mood because writing this is distracting me from the many other things that I need to do, and get paid to do.
I’m in a bad mood because I’m fed up with hearing that I, and others like me, have no right to comment on things that fall directly within my realm of expertise (and goodness knows, that’s a narrow enough realm) – and that if I do, it’s simply self-interested nonsense.
Secondly, let me also point out that although I’m now going to reveal that, yes, I’m talking about Anti-Malware Testing, and may mention AMTSO, I’m not speaking on behalf of AMTSO, nor my employer, nor anyone else, but me, myself and I (oh, that there were so many of us).
So, “What’s the rumpus?*” Well, in what has become an almost unbelievable farce, the last few weeks have seen mounting attacks on the AMTSO group and what it does.
For some background – those who are interested can read these articles.
There are some very good points in the second (Krebs) article, although cantankerous is not something that I would say characterizes AMTSO all that well – as Lysa Myers has pointed out ‘AMTSO is made of people‘, and I think the generally negative tone employed is a shame. The first (Townsend) article is way more problematic; there’s just so much wrong with Mr Townsend’s thinking that I don’t really know where to start. Fortunately, Kurt Wismer has already done a great job of responding here, and David Harley an equally competent job here.
So why my response? Well, probably because I certainly am cantankerous.
I’m also, almost uniquely in this industry (David Harley is another), formerly one of those “users” that Mr Townsend is so adamant should be controlling the process of AMTSO’s output – indeed, the whole of AVIEN was set up in the year 2000 as an organisation of interested, non-vendor employed, users – albeit users who knew something about anti-malware issues. We were users responsible for protecting large enterprises, who wanted to be able to share breaking anti-virus information without the interference of Vendors or the noise of such cesspools as alt.comp.virus. We wanted good, reliable information.
I, like David Harley, later joined the industry as a Vendor, but I still understand what it is to be a user, and that was also a huge consideration in the setup of AMTSO – as so many have said before, and I want to reiterate here, bad testing of anti-virus products hurts everyone, the user most especially.
However, this debate is much more than just one on which we can ‘agree to differ’ – like whether Germany or Spain has the better football team might be – it’s much more fudamental than that.
Indeed, the only real analogy that comes close is that of the battle currently raging between the so called faith based ‘science’ of creationists (let’s not prevaricate, Intelligent Design is just a euphemism for Creationism), and the research based science of evolutionary biologists and so on.
On the one hand, you have anti-malware researchers, professional testers and so on; people who study malware every day, who constantly deal with the realities of malware exploiting users, and who understand better than anyone the challenges that we face in tackling malware – if you like, the “Richard Dawkinses of anti-malware” (though I certainly would not claim to match his eloquence nor intelligence) – and on the other hand, we have those outside the industry who say that we’re all wrong, that we’re just a “self-perpetuating cesspool populated by charlatans” (yet none the less, a cesspool at which the media feeds most voraciously), that nobody needs AV, and that everything the AV community does or says is bunk.
What I find so extraordinary (in both cases) is that those who are most in a position to provide trusted commentary on the subject are so ignored, in favour of those who have shrill, but ill-informed voices. Why is it that information from a tester; who may have just woken up one morning and decided to ‘test’ antivirus products; is taken on faith as being correct and true; and yet, when a group of professional people give up their time voluntarily, and work together to try to produce some documentation that sets out the ways in which anti-malware products can be tested effectively (and, no, that has nothing in particular to do with the WildList) and reliably, is it so violently decried as self-interested nonsense. It’s a terrible shame that science is so deliberately ignored in the face of popular opinion. Unfortunately, millions of people CAN be wrong, and often are.
AMTSO is not about dictating truth, but rather pointing out ways in which truth can be reliably found (and importantly, where it cannot).
I refuse to lie down and take it when someone tries to tell me that I’ve no right to point out the truth – and I’m not talking about truth based on some millenia old scripture, but real, hard, repeatable, scientifically verifiable, researched fact. If that makes me as unpopular as Richard Dawkins is to a creationist, then so be it.
If you’re interested in understanding why anti-virus testing is so important (and why so many professional testers participate in AMTSO) then, please, do have a read of the AMTSO scriptures er… documents, here.
Andrew Lee – AVIEN CEO, Cantankerous AV researcher.
* If you’ve not seen the excellent movie “Miller’s Crossing” you won’t know where that quote comes from.
(Thanks to Graham Cluley for pointing out that the first link didn’t go to the correct page.)