Sunday, April 20, 2008

a glimpse behind the kurt-ain

(it's times like this i wish i lived in australia - then i could be the wismer of oz...)

i got some 'link love' from mike rothman earlier this week that caught my eye... no word love, mind you, as it seems mike has decided i generally don't know what i'm talking about... hopefully our disagreements are over value judgments (like our respective moral compass' pointing is slightly different directions) rather than over facts, but that's not really what caught my eye... one of the reasons i read mike's blog is for the pointed criticism, it would be hypocritical of me to turn around and cry foul when that criticism is directed at me... what surprised me was mike's realization that i'm not in the anti-malware industry...

i generally don't write too much about myself on this blog, i don't think it's interesting or topical (though some schools of thought suggest it humanizes the blog and makes it easier for people to relate), but i thought i had been pretty transparent about who i am and where i fit in in the greater scheme of things in my about me post... mike now has me thinking that perhaps that's not the case...

so to start things off: i am not a member of the anti-malware industry... instead i'm a member of the anti-malware community... you know, those people who discuss the concepts with others online, who help people with malware problems, that sort of thing... i've done a bit of infiltration - an enlightening experience, but not really worth repeating... i collected viruses for a while, though i'm glad i stopped; with a half million malware projected for this year that would be like a full time job without the benefit of getting paid... i've done a bit of disassembly, though not so much that i ever got good at it, and there never really seemed to me to be a shortage of malware analysts... what there did seem to be a shortage of (at least at the time many moons ago) were people willing to get their hands dirty and help out their fellow man (or woman) with their immediate problems with viral infection and their more long term problem of learning how to cope with the reality of viruses in the future... at one time i committed myself to making sure that every plea for help in alt.comp.virus got an answer, but these days there are plenty of people down in the trenches now in multiple forums so i feel less pressure to do so myself... there's still that longer term problem, of course, which is why i put up my (admittedly under-maintained) av reference library site (to make the information more available), and why i spend so much time on this blog explaining things (when i'm not ranting on topics i know nothing about, of course)... i suppose you could say i've tried on roles the way some people try on personae (it was certainly the right developmental period)...

not being in the anti-malware industry means i don't have to wear the corporate muzzle, i can say what i like about the anti-malware field without consequences other than making some enemies and possibly making myself less employable in that field (and since i've never tried to be employed in that field and am not sure i could start wearing the corporate muzzle, that works out just fine)... i can criticize any and all vendors if i see fit (and i have)... i can point out their ethical misdeeds, their marketing mistakes, their snake-oil, their FUD, their hype, etc...

not being in the anti-malware industry also means i don't have as much insider knowledge as someone who is... the only insider knowledge that i have is what i've acquired by interacting with those who are part of the industry, but i've done a fair bit of that over the years...

second: i am not an IT/security professional... i'm not the guy that manages the networks or the desktops in my company, i don't decide whether the company roles out virtualization on it's servers or any of that stuff... i write code, and lucky for me i get to implement (and in some cases design) a variety of the security-related functions and features of my employer's product...

i'm also not under the illusion that the security professional's frame of reference is the only game in town... as technical as i may be sometimes, i generally adopt a more consumer-centric frame of reference with regards to the application of security controls... i like free tools and i like safe-hex and i think understanding the threat and the counter-measures helps a lot...

third (and this has nothing to do with mike's post, but it is something that comes up from time to time): i am not an expert... some people think i am, or think i consider myself to be one, but i'm not and i don't... i consider myself to be a specialist in the sense that i have specialized knowledge (something one tends to pick up when following a field for 18 years)... i have not and will not lay claim to the title of expert - i know experts in this field and they're far more knowledgeable than i...

finally (and this is probably of the most general interest to readers of this blog): there is nothing wrong with my shift key... once upon a time it was not entirely unusual for people to neglect using the shift key - and, if you haven't guessed from the distinction i make between hacker and cracker, i'm a little bit old-school... besides it's not like following traditional capitalization rules imparts any extra information... punctuation (whether properly used or misused as i'm want to do) is entirely sufficient to mark off the places where one statement ends and another begins... i am capable of following those rules, i just don't generally find it natural or necessary...

0 comments: