White House Quietly Releases Cybersecurity Plan >>
<< When Identity Theft And Child Porn Collide
 tdicon 


(Mis)Uses of Technology

by Mike Masnick

Fri, Feb 14th 2003 9:45am





What Symantec Knew But Didn't Say

from the oops dept

Anti-virus and security companies are known for overhyping. It's what they do. Every time there's a new security hole or virus they put out tons of press releases about how it's the biggest problem since the internet was invented. Now, it looks like Symantec is getting in trouble for a slightly different form of overhyping: overhyping what they knew but didn't say. They came out with a press release saying that they knew about the Slammer Worm before it came out. However, they only told their customers who were subscribed to some sort of premium program. There are a ton of questions raised by this. First off, how did they know and when did they really know it? If the virus spread in 10 minutes, how is it that they say they knew about it hours before anyone else did? More importantly, what obligation did they have to let the wider community know? Some are accusing them of being "accomplices" to the spread of the virus for seeing it and not doing anything to stop it (unless you were a paying customer).

3 Comments | Leave a Comment..


If you liked this post, you may also be interested in...
 

Reader Comments (rss)

(Flattened / Threaded)

  1.  

    Why should a company be held to higher standards t

    identicon
    Anonymous Coward, Feb 14th, 2003 @ 10:04am

    So Symantec knew and didn't tell anybody (or didn't tell the general public). So what?

    Would you accuse an individual of being an accomplice because they found out about a virus or worm and didn't inform the entire frickin' world about it? I think not.

    Symantec is NOT responsible for making sure that the world is safe from worms (or viruses for that matter). Symantec makes money by providing a service (be it virus protection, Internet host security, or whatever).

    People now-a-days seem to always want to blame someone else for things that happen to them and not take personal responsibility.

    If Symantec was the one that created the worm, then that's a different matter, but they didn't (as far as I know). Why should we expect Symantec to keep us all safe from the evils of others?

    That's just my 2.40653 yen.

    reply to this | link to this | view in thread ]

  2.  

    No Subject Given

    identicon
    Miles Minderbinder, Feb 14th, 2003 @ 11:47am

    The timeline makes no sense.
    Slammer debuted at 9:30 pm PST.
    Symantec issued an alert shortly after 9 pm PST.
    The rest of the internet noticed shortly after midnight EST. I thought midnight EST is 9pm PST.


    reply to this | link to this | view in thread ]

  3.  

    Re: Why should a company be held to higher standar

    identicon
    mhh5, Feb 15th, 2003 @ 1:39pm

    While I agree that Symantec probably should not be labelled an "accomplice", I still think if they withheld info that they acted unethically. Perhaps all security companies should act completely independently, withholding any information that might give them a competitive advantage...? From their independent business perspectives, that would seem to optimize their respective businesses. But I think that would lead to the "corollary" to a "tragedy of the commons" -- the tragedy of selfishness, where selfishness leads to the detriment to all.....

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>


White House Quietly Releases Cybersecurity Plan >>
<< When Identity Theft And Child Porn Collide
 tdicon 

A word from our Sponsors...
Follow Techdirt
Flattr rss rss

Powered by Postrank

From the Techdirt Archive...
A word from our Sponsors...

Close

Email This