My second paper for AVAR 2009 in Kyoto was co-written with Randy Abrams: Malware, Marketing and Education: Soundbites or Sound Practice?
Here’s the abstract:
What are the cornerstones of success in the anti-malware industry? Sound technology, of course. Sound marketing, too: a good product is of little use if no-one knows enough to go out and buy it. There are other factors too: sound after-sales and support service, for instance, influences the deployment, maintenance and efficacy of a product or service. Is this enough?
Commercial viability is paramount, but this industry has not generally been driven solely by profit. Many researchers believe that we have a responsibility to the community to contribute to making the online world a safer place. We try to do this not only by promoting our own products, but by raising general awareness of current threat and anti-threat trends and issues, the need for self protection, and ways in which our services fit into a wider scheme of community education and awareness.
In this paper, we look in detail at educational mechanisms such as inter-organizational community initiatives like AMTSO, security company blogging, and various forms of informational literature. Drawing on our experience as educationalists both inside and beyond the vendor community, we consider the practical, strategic and ethical issues that arise when a security company augments its marketing role with recognition of its civic responsibilities.
David Harley CITP FBCS CISSP
Small Blue-Green World
ESET Senior Research Fellow