What Symantec Knew But Didn't Say
from the oops dept
Anti-virus and security companies are known for overhyping. It’s what they do. Every time there’s a new security hole or virus they put out tons of press releases about how it’s the biggest problem since the internet was invented. Now, it looks like Symantec is getting in trouble for a slightly different form of overhyping: overhyping what they knew but didn’t say. They came out with a press release saying that they knew about the Slammer Worm before it came out. However, they only told their customers who were subscribed to some sort of premium program. There are a ton of questions raised by this. First off, how did they know and when did they really know it? If the virus spread in 10 minutes, how is it that they say they knew about it hours before anyone else did? More importantly, what obligation did they have to let the wider community know? Some are accusing them of being “accomplices” to the spread of the virus for seeing it and not doing anything to stop it (unless you were a paying customer).
Comments on “What Symantec Knew But Didn't Say”
Why should a company be held to higher standards t
So Symantec knew and didn’t tell anybody (or didn’t tell the general public). So what?
Would you accuse an individual of being an accomplice because they found out about a virus or worm and didn’t inform the entire frickin’ world about it? I think not.
Symantec is NOT responsible for making sure that the world is safe from worms (or viruses for that matter). Symantec makes money by providing a service (be it virus protection, Internet host security, or whatever).
People now-a-days seem to always want to blame someone else for things that happen to them and not take personal responsibility.
If Symantec was the one that created the worm, then that’s a different matter, but they didn’t (as far as I know). Why should we expect Symantec to keep us all safe from the evils of others?
That’s just my 2.40653 yen.
Re: Why should a company be held to higher standar
While I agree that Symantec probably should not be labelled an “accomplice”, I still think if they withheld info that they acted unethically. Perhaps all security companies should act completely independently, withholding any information that might give them a competitive advantage…? From their independent business perspectives, that would seem to optimize their respective businesses. But I think that would lead to the “corollary” to a “tragedy of the commons” — the tragedy of selfishness, where selfishness leads to the detriment to all…..
No Subject Given
The timeline makes no sense.
Slammer debuted at 9:30 pm PST.
Symantec issued an alert shortly after 9 pm PST.
The rest of the internet noticed shortly after midnight EST. I thought midnight EST is 9pm PST.