CA’s Right on the Money

Posted by in Analysis on Jul 25, 2006

Computer Associates slapped F-Secure the other day for hyping up phone-borne malware when no real threat exists. Check it out; CA’s Simon Perry had this to say:

“While F-Secure’s bankers and owners may be pleased with the cash flowing into their coffers from the deal, every security professional should be appalled by the perception this creates of our market. Industry and vendors are now more consultative and honest about risks, not just beating something up to sell it. F-Secure has done the industry a disservice.

And he’s right. Despite what McAfee told us about 2006 being the “year of mobile malware”, we still have yet to see any significant traction from phone-borne malware. F-Secure’s retort acknowledged this:

It’s not a global epidemic, but there are real people who have got it. There have been several tens of different viruses

Search
  • http://anti-virus-rants.blogspot.com/ kurt wismer

    so here’s what i don’t get… how is it that CA can claim that f-secure is making it out as a huge threat when f-secure is quoted in the media as saying the opposite (from the same article “This is not a mass problem for all consumers,”) and yet CA gets patted on the back and told essentially ‘good call’…

    mikko hypponen (of f-secure) gave a talk about mobile malware in september 2005 available on the f-secure weblog (http://www.f-secure.com/weblog/archives/archive-042006.html#00000850) where he clearly represents mobile malware as NOT being a huge threat (the vast majority of cell phones [96% i think?] are immune, most of the viruses can only spread to other phones in close physical proximity, etc)…

    f-secure are not making it out as a huge threat, they actually agree that it isn’t a huge threat (so far)… CA seem to be actually smearing f-secure here, not acting as a watchdog on our behalf…

  • http://www.securitycurve.com Ed

    Kurt,

    You make a good point. Honestly, my contention has less to do with F-Secure and more to do with general phone-malware hype (read: McAfee.) CA, although they probably have reasons of their own for doing it, is right to say that phone-malware is overhyped; although I agree with your assertion that F-Secure isn’t as big an offender as someone like McAfee (maybe not an offender at all depending on who at F-Secure you pick.)

    What irritates me are statements like “2006 is the year of phone malware” (McAfee) or “when the phone is the universal method for payment, phone-borne malware will be a huge issue” (paraphrase, McAfee).

    From a rhetorical perspective in terms of defusing this whole thing, I think F-Secure should emphasize the point that you made (their message that it’s not a huge catastrophe) rather than adhering to the reaction that they have had so far (for example, today’s entry in their “news from the lab”) where they keep hammering on how real the problem is…

  • http://anti-virus-rants.blogspot.com/ kurt wismer

    today’s entry includes the words “This means that the vast majority of phones are safe against current malware”…

    there’s a distinction to be made here – it’s one thing to say that it’s not a huge threat, it’s quite another to say that there’s no threat at all… f-secure are not going to say that there’s no threat at all because the data they (and their customers) have says otherwise… also downplaying the threat too much could be an even bigger problem than hyping it up would be…

    they’re being moderate… they talk about the threat and acknowledge it’s real without saying everyone is in danger – even in today’s rant by mikko hypponen…

    as for mcafee, i haven’t looked closely at their claims – they may only be referring to the number of malware samples rather than the number of incidents… or not – they’ve been fairly contraversial lately…

TwitterRssFacebook