Sunday, March 12, 2006

the adware comment thread to end all adware comment threads

story time folks... currently i'm embroiled quite the debate in the comments section of a posting over at sunbeltblog and in true vitalsecurity.org fashion i thought i'd offer up my observations here...

first i'll confess to making an error, i started out by misinterpreting the source material, i thought an anti-spyware app had been labelled rogue simply because it had been bundled with adware... the interesting thing is that people actually defended this interpretation - that is, if my interpretation had been what actually happened they would defend that action apparently just because the adware in question was produced by a company with a shady past...

now, i hate adware as much as the next guy and i certainly wouldn't touch this thing with a 10 foot barge pole (at least not outside of a virtual environment), but i'm honest enough with myself to admit that that is purely on suspicion alone, whereas the overwhelming opinion of the other participants seems to be that if the software is made by bad people or even people who have done bad things in the past then the software itself is bad... it's been these kinds of peculiar ideas that have kept me going back...

now i've known for a long time that the malware problem has many dimensions, it's not just the software that we need to concern ourselves with, but when we are dealing with the software part of the problem should we let things like the creator's past cloud the issue? no, of course not, that's a different part of the malware problem and it's best dealt with in a different way... when we classify malware we're concerned with whether or not the software itself poses a risk, not whether it further's some corporation's nefarious agenda... internet explorer furthered a corporation's nefarious agenda (just ask the department of justice) but that doesn't make it malware...

another peculiar idea i encountered was that if you don't deal with the question of whether the people who made the software are bad when you're deciding whether the software itself is bad then somehow you're not addressing the badness of the people at all... come on, the malware problem is a complex one, and the secret to dealing with complex problems is to break them into their component parts and deal with those parts separately... just because you aren't dealing with the people when you're dealing with the software doesn't mean you aren't dealing with the people at all, just that you've compartmentalized your efforts... is that a bad thing? no, certainly not, in fact it means you're much less likely to try and use your software solution on a people problem... and lets face it, software doesn't solve people problems - it solves problems for people, but not problems with people...

0 comments: