Firewall Wizards mailing list archives
BS claims (was Re: Firewall Primitives)
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Sat, 09 Nov 2002 12:51:41 -0500
Adam Shostack wrote:
Given that marketing can stamp "freakin' intensely secure" where they want, but that stamping 'gigabit' on something is falsifiable, everyone stamps "FIS," making it useless as a decision making criteria.
"Gigabit" is falsifiable but I don't think it really matters in the large that the claim is falsifiable. We saw that with the Intrusion.com "test" run by Miercomm - most technically savvy readers were outraged by what a faked-up test it was, but I bet that a huge number of potential customers (the unsophisticated ones) saw that and said "oh. look. an independent 3rd party tested that product at 900Mbit/sec and it passed" and accepted the "gigabit" claim on the marketing glossies. For me the moment of "Eureka!" regarding marketing bogusness was when I was reading a joke someone sent around about a city slicker who buys a donkey from a farmer for $500. The farmer comes the next day to deliver the donkey and says "here y'are! bad news is, it's dead." The city slicker doesn't even blink and says "Great!" "What do you mean, 'great'?" asks the farmer. "Well, I am going to raffle it off, so I don't care if it's dead." The farmer leaves and the next week drops by and asks the city slicker about the donkey and the city guy says, "I did great! I made $990 on that donkey!" "What? How?!" stammers the farmer. The city guy explains: "I raffled it off at $10 a ticket. I sold 150 tickets, which netted me $1,500. When the winner got the donkey and realized it was dead, I refunded him his $10." So that's how the "stake your claim" game works for marketing. You could make an IDS and claim that it's "5-gigabit capable" and sell lots based on that assertion. Of course a very small handful of customers would buy it and discover that it didn't keep up with the load. Meanwhile you've got their money already and can just spend lots of time sending presales engineers in to try to make it work, or blame their network configuration, or whatever, and you've still edged your competitors out of that account and can rely on people's tendency to throw good money after bad rather than admit they screwed up. Marketing something as "secure" when it isn't - same approach works just fine there. Vendors have been doing this for years. "Our system is hardened!" "oh, so - why did it just get hacked?" "Well, this year's crop of hackers is just smarter, I guess." "uh. OK." "Here's a patch." I'm afraid that the "good ole days" of Internet Security (mjr waves his curmudgeon card!) are gone forever. Internet Security is a "market" now, which means that the venture guys, empty suits, and carpet-baggers have descended upon us, lured by the irresistable smell of money in naive customers' hands. It's going to get worse, too. There are more start-ups in security today than ever before, even in the middle of a tech downturn. That means the scrabbling over customers is going to get even more ferociously darwinian - so the folks who are inclined to play fast and loose with the truth are going to be even more likely to do so. The solution: trust, but verify. mjr. --- Marcus J. Ranum http://www.ranum.com Computer and Communications Security mjr () ranum com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Firewall Primitives, (continued)
- Re: Firewall Primitives Victoria of Borg (Nov 05)
- Re: Firewall Primitives Magosányi Árpád (Nov 05)
- Re: Firewall Primitives Crispin Cowan (Nov 05)
- Re: Firewall Primitives George Capehart (Nov 05)
- Re: Firewall Primitives Crispin Cowan (Nov 06)
- Re: Firewall Primitives Marcus J. Ranum (Nov 06)
- Re: Firewall Primitives Devdas Bhagat (Nov 06)
- Re: Firewall Primitives Marcus J. Ranum (Nov 06)
- Re: Firewall Primitives Devdas Bhagat (Nov 07)
- Re: Firewall Primitives Adam Shostack (Nov 09)
- BS claims (was Re: Firewall Primitives) Marcus J. Ranum (Nov 09)
- Re: Firewall Primitives Mikael Olsson (Nov 09)
- Re: Firewall Primitives Marcus J. Ranum (Nov 09)
- Re: Firewall Primitives Christopher Hicks (Nov 10)
- Re: Firewall Primitives Predrag Zivic (Nov 10)
- Re: Firewall Primitives Stephen P. Berry (Nov 11)
- Re: Firewall Primitives Cat Okita (Nov 11)
- Re: Firewall Primitives Paul Robertson (Nov 11)