And screaming into the abyss!
We’re all entitled to our opinions. So why is it so aggravating when “someone is wrong on the internet?”
Security forums vs. test results
People are biased. It’s natural human behaviour and not something we can correct. Not least because we have our own biases… In fact, research indicates that providing evidence to counter someone’s argument actually entrenches their initial position! Here, we’re going to explore opinions on security testing.
There are discussion forums about every subject imaginable (and beyond, depending on the scope of your imagination!) It’s no surprise that internet security and, specifically, anti-virus has its own echo chambers.
When some of us worked at (now defunct) Dennis Technology Labs we faced the same adulation/ hate that anyone or anything with a public face experiences. Our ‘crime’ was to test anti-malware products in a realistic and transparent way.
Our CEO and founder Simon Edwards wrote a blog article about this in 2013 called Anti-Virus Testing Conspiracy Theories. In it he noted that:
Common opinions on security tests
Following publication of a new anti-malware report you usually see the following responses:
- Thanks! Interesting report!
- Surprising not to see Vendor X included!
- Surprising to see Vendor Y do so well!
- There’s no way Vendor Z is that bad!
- These testers are all corrupt/ incompetent/ both!
- Fake news! Buy this/ that/ my product!
- Actually, those testers are reliable…
- Not possible! All bad! Argh!!!
How does that make us feel?
It’s actually surprisingly personal. You can spend decades building a reputation for technical excellence and the highest levels of ethics and an anonymous stranger can call you out as a hoax with significantly less effort than it takes to create a business, train a team and convince an industry that what you’re doing is worth their attention.
It really hurts the team, too. There’s outrage that we can be so misunderstood. And sadness that people can be so cynical. But mainly people get angry and want to respond online.
These people’s opinions on security tests are wrong and must be corrected!
So the temptation is to snap out a couple of sarcastic responses. This morphs into a desire to get involved calmly, answer comments rationally and try to correct the wrong-headed. But it’s largely a waste of time, isn’t it?
The internet is a historical document
We think it’s worth letting people express their opinions and to express your own without letting things drag you into a long discussion. In other forums we’ve seen people try to wriggle out of ‘losing’ a debate by switching focus to definitions and other technical details. “So when you say ‘anti-virus’ what do you mean? I mean something else…” and so on…
In the case of the Wilders forum thread above, we let people say what they had to say and then wrote a 1,700+ word essay on testing, addressing all of the contentious points that we could see. At least future visitors to those pages would see all sides of the debate.
And finally, the thread was closed by the administrators. But not before the last few users gave their thoughts on tester/ tester friendships, vendor/ tester orgies and flawed MMR jab research.