AMTSO responds to negative criticism
I had hoped that I need say no more about AMTSO – at least for a while. But I have to say something about its latest comments signed by several members and posted simultaneously to multiple blogs. First some background. I wrote my first article and allowed AMTSO members to express their views freely. It subsequently seemed, and I was so warned, that some areas of AMTSO were taking this article as my approval of the organization, even though it expressed some of my reservations.
I subsequently, and consequently, wrote a second article to outline my opinions. The second article was more forceful than the first: it is sad but true that when talking to industry, you need to shout to be heard. But I would have been content with this: to let readers see the views of AMTSO in the first article and my own in the second; and then come to their own conclusions. AMTSO clearly has a right to respond, and has done so in comments to the second article and individual blog postings elsewhere by Andrew Lee and David Harley. Kurt Wismer, not a member of AMTSO, has also responded.
Now a group of AMTSO members has published a new coordinated blog across many sites, and I feel that I need to respond to that. This piece has, in its first paragraph:
Given some recent negative publicity aimed at AMTSO (example), we want to collectively clarify the following points on behalf the anti-malware industry, where we come from, and indirectly on behalf of AMTSO.
Testing and Accountability
The ‘example’ link points to my ‘dissenting’ article. It is the only critical article referenced. It is reasonable to assume, therefore, that this posting is meant as a rebuttal to my article – and AMTSO is perfectly entitled to do so. The problem is that AMTSO defends areas that I have not, and would not, criticise. The effect of this is to suggest that I am unreasonable and vindictive. I would therefore ask that readers of this AMTSO post look again at what I actually wrote.
You will see that my only criticism of the anti-malware industry is that it sometimes misleads the market by allowing the suggestion that 100% detection of viruses ‘in the Wild(List)’ is the same as 100% detection of viruses in the wild. In the same article I point out how valuable and necessary the anti-malware industry is. My criticism of AMTSO is that it does not censure this practice.
Apart from this, my comments point to just one criticism with a simple solution: AMTSO lacks credibility because it is the industry laying down rules for itself. (In comments to my article, Mark Kennedy, one of the signatories to this AMTSO piece disagrees. His view is that AMTSO is credible because its work is credible. My view is that its work lacks credibility because AMTSO lacks credibility.) But the solution is very, very simple. AMTSO should include members taken from the customers of the anti-malware industry. This would give AMTSO credibility; and that credibility would allow its work to be credible.
So this is my problem with this AMTSO posting. It states that given some recent negative publicity aimed at AMTSO by me, it wants to collectively put the matter straight. It then goes on to list a series of points that are either irrelevant to me, or to which I am in whole-hearted agreement. The implication, and these people are more than clever enough to know this, is that my criticisms are trivial. It is a clever way of dismissing me and praising themselves as being super-reasonable folks.
I would ask five things of readers:
- read my original articles and see what I actually did say before believing what I am accused of saying
- search this blog for ‘PandaLabs’ (one of the signatories of the AMTSO post) to see how unreasonably anti the AV industry I really am
- search this blog for ‘David Harley’ (one of the signatories of the AMTSO post) to see how prejudiced I am against AMTSO members
- ask yourself why, when they say they are responding to negative criticism from me, do they not even mention the only two criticisms I actually make. Why is the WildList advertising sacrosanct? Why are there no users within AMTSO? Solve these two issues and I, for one, have no other criticism
- and finally, make up your own mind: be manipulated neither by me nor anyone else.