The Man Who Debunks Virus Myths

[InfoSec News <isn () c4i org>]

http://www.wired.com/news/technology/0,1282,45812,00.html

By Michelle Delio 
2:00 a.m. Aug. 6, 2001 PDT 

Rob Rosenberger is determined to shine the bright light of sarcasm
into every dark corner of the computer security industry.

His website, Vmyths, focuses on presenting the facts -- as Rosenberger
sees them -- about computer viruses, dispelling any media-fueled
hysteria about computer security and disputing the smallest shred of
misinformation from the security industry itself.

Rosenberger carefully reviews the press coverage of every virus alert
and rips into reporters who mindlessly repeat whatever "facts" they
may have been fed by their sources.

He also savages the experts themselves, mercilessly analyzing their
motives and stripping them bare to the public's glare.

Victims of his investigations often ask each other: "Just who the hell
is this Rosenberger guy anyway?"

Rosenberger is not just a random ornery writer with a website and a
bone to pick. He's an experienced programmer, a systems administrator
and a man of mystery with high-level CIA security clearance.

Information about Rosenberger's status with the CIA was confirmed by
an inquiry to a government office, and Rosenberger understandably
refused to verify or even discuss the issue.

That's odd, because he's usually ready, willing and able to talk about
almost anything.

In his columns for Vmyths and his press releases, Rosenberger happily
employs huge amounts of sarcasm, satire and outright absurd comments
to trash any pronouncement that he thinks is intended to spread FUD
(Fear, Uncertainty, Doubt).

In response to last week's Code Red media blitz, Rosenberger suggested
that the best course of action would be to simply "turn off the
Internet."

"If Code Red can destroy the Internet, then clearly, the time has come
for us to give up interconnectivity. Let's just shut down the Internet
for safety reasons. Call it a failed experiment. Stop the insanity!"
Rosenberger wrote in an e-mailed statement.

He vehemently disapproved of the FBI's National Infrastructure
Protection Center's (NIPC) decision to push the mainstream media to
write stories about the Code Red worm.

"When officials need to warn people about a tornado, they broadcast a
prepared statement over radio and TV. They don't implore reporters to
write stories about the tornado," Rosenberger said.

"And they don't ask USA Today or the Wall Street Journal to get
involved. They deal with local media. Local media in this case would
be technology publications and websites."

Rosenberger decided the best way to change the NIPC is to become a
member. He wants to set up an industry advisory board to work with the
NIPC and, of course, he wants a seat on that board.

He launched his campaign with a press release shortly before the Code
Red story broke and preoccupied the media, so Rosenberger feels the
worm may have pushed his story out of the limelight.

"The fallout from the hysteria will occur soon, though, and I predict
everyone who backed the NIPC will suddenly back out. They'll want the
Feds to take all the heat. When the fallout starts, everyone will say,
'You know, I think Rosenberger had an interesting idea there,"
Rosenberger said.

Currently, most of his attention is centered on writing for Vmyths,
which was launched in 1998. Rosenberger handles the day-to-day
editorial affairs, with Crypt Newsletter editor George C. Smith
serving as the editor-at-large.

Rosenberger said he doesn't closely monitor the site's pageview stats,
but he says he speculates that about a quarter-million people visit
the site each month.

Of course, Vmyths feeds off the very hysteria that it aims to combat,
an irony that Rosenberger is quite aware of and attempts to combat by
refusing any advertising from the computer security industry.

"Vmyths.com is the first safe haven for computer security critics,"
Rosenberger said. "It must refuse money from the computer security
industry in order to survive. We could get wiped out or we could be
corrupted if we grow addicted to their income. Addicts will do all
sorts of things just to satisfy their addiction."

Some people in the industry understand that Rosenberger's rather
over-the-top pronouncements are meant to draw attention to serious
issues.

"Rob is a pretty funny and opinionated guy," said Marquis Grove, of
Security News Portal.

"You may not always agree with his take on any given topic, but it
does cause you to give careful examination to both sides of an issue,"
Grove said. "If Rob's opinions cause you to pause and ponder, then he
has accomplished his goal of creating awareness."

Rosenberger is the first to admit he doesn't have a lot of fans in the
computer security industry. But he figures any dislike is just part of
his job as a critic.

"Roger Ebert faces the same problems when he trashes a movie,"
Rosenberger said. "The actor takes it personally, the director takes
it personally, the producer takes it personally, and the movie studio
takes it personally. So when someone yells at me, I think to myself
'Ebert hears the same shit.'"

He also said he understands why his writing might anger the people he
focuses his attention on.

"We're talking about real people who go to work every day just like
the rest of us," Rosenberger said. "They fight viruses for a living.
They want to go home each night feeling like they accomplished
something. We all do. So it hurts when a critic comes along and says,
'You Suck!'"

But some of the people he's written about over the years still like
Rosenberger.

"I don't always agree with the way he phrases things, but when he's
been wrong about something related to me, he's been quick to correct
it which to me is the mark of a gentleman," said Sarah Gordon, a
member of Symantec's AntiVirus Research Center team.

"I guess that's how I'd describe Rob," Gordon said. "He can rub people
the wrong way and I don't always agree with him or the way he puts
things, but at the end of the day he's a real gentleman and a class
act."

Before launching Vmyths, Rosenberger, 38, was a computer programmer in
the U.S. Air Force. After leaving the force, he worked on Department
of Defense contract jobs until 1989.

He authored shareware from then until 1996, when the Air Force invited
him back to active duty for a year to work on computer security.

After that stint ended, Rosenberger planned to go back to college, but
a St. Louis Fortune 1000 firm flung a lot of money at him, and he
handled their security until 1999, when his wife decided she wanted to
move to Iowa to be near her mother.

Rob took a six-month sabbatical in 1999 "so I could putter around the
house and get it ready for sale," he said. "During that time I worked
almost full-time on my virus hysteria website. My wife invited me to
try to turn the site into a real job, so I opened an office in our
little town and picked up a sponsor, ScreenSaver.com. And here I am."

But he's not completely removed from his government connections.

A plaque on a wall of his office refers to his status as "Crew Chief,
First Information Warfare Division, 609th Information Warfare
Squadron."

He will discuss his official status as an "Air Force historian," but
refuses to discuss why a historian needs to have DCID 14/4 clearance,
which, according to the Central Intelligence Agency, gives Rosenberger
"access to sensitive compartmented information on a need-to-know
basis."

Rosenberger just smiles politely and changes the subject when asked
about security clearances or anything related to government work.

But a flash of what might be military training is present when
Rosenberger is asked if he really expects to win his war against
hysteria.

"I did not come here to lose," Rosenberger snapped.

The next stage in his battle plan against virus myths is a research
project that Rosenberger has dubbed "House 2.0."

The project is intended to determine if a safe and secure business
network with no traditional antiviral software can be successful.

For this experiment, Rosenberger built a genuine enterprise network in
his own home, complete right down to the T1 line and the two data
racks bolted to the floor of his server room.

"You really don't want to know how I convinced my wife to add a server
room to our house," Rosenberger said.

The experiment has just passed Phase One, which Rosenberger said
proved successful because he built the network from the ground up with
security as its goal, and because he implicitly trusts every user on
his network not to click blindly on strange attachments, or download
files harboring any evil code.

In Phase Two, he plans to expand the network to other,
not-so-trustworthy users, thanks to a company called LogiCerv, which
has offered to supply him with 16 more servers.

He'll educate the new users about computer viruses and turn them loose
on the network.

Assuming Phase Two is successful, the experiment will enter Phase
Three, and Rosenberger will see how long he can maintain a virus-free
network, sans any antiviral software.

The big test is soon to come, Rosenberger said.

"Phase Two will bring my mother-in-law into the fold. Now there's a
non-trustworthy computer user."




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.