About the bath, trolls and free products "Lab"

In the 2001 Space Odyssey, Frank Bowman disconnects, one by one, the HAL 9000 computer memory modules, and HAL 9000 sings a song about Daisy. Earlier, HAL tried to kill Bowman himself, and at the same time all the other people aboard Discovery-1, and he almost succeeded. Why did he do it? You can interpret in different ways. For example, having received two introductory ones: “I know more than the crew, and I must keep this secret” and “They plan to turn me off”, HAL absolutely logically considered that it is more important than the crew. Frank nevertheless wanted to live very much, and, knowing that he was dealing with a computer, he did not ask the computer to come to its senses, but simply smashed the damn piece of iron on the chips.

With computers it is actually very simple: they always (always!) Do what they are programmed for. It is more difficult with people: it is sometimes impossible to understand the motivation and the reasons for statements and actions. People (for the time being only they) program computers, and in fact all computer problems - from system glitches to viruses - from people. In today's April Fool's Day - five stories about people, as well as a little bit about the program. And just a little bit about the trolls and the bath. And just a little bit - about how people interfere with programmers to work.

The first story. Affected user.
The injured user downloaded our free Kaspersky Security Scan utility, launched, scanned, saw that her computer wasn’t doing well (well, that’s not really horrible, but not perfect), was horrified and acquired our full-featured security solution. Well, it seems like everything is fine, only then the user realized (or she was prompted) that in this way we kind of forced her to spend money.


')
In the United States, an appropriate lawsuit was filed against us, during the course of the hearings, we presented a wealth of evidence that system settings and vulnerabilities noted by the utility do affect security. Perhaps the real injured user would like to hear the judge's verdict on her and our arguments, but the real purpose of the lawsuit was not this , but to receive substantial compensation from us. Realizing that they just would not get anything, the would-be lawyers instantly disappeared into a fog .

The second story. Elusive Advar.
The most important feature of the previous story is that it has nothing to do with how our utility actually works. At all. There was no interest in the lawsuit to somehow reasonably discuss how effective the program is, whether it solves the task and whether it is needed at all. They wanted easy money, and when we brought at least 112 arguments in our defense, they immediately merged. Discussions are not their area of ​​expertise.

What does Kaspersky Security Scan actually do? The program searches for a) malware b) vulnerabilities c) incorrect system settings like autorun. Its task is to a) scan the system on which the antivirus has never been (there are, alas, many) or b) scan the system on which another antivirus is installed (and there are suspicions that it is not a cake). The last point imposes serious limitations on the utility: it is impossible to conflict with another AV, therefore, by definition, it has less capacity than a full-fledged solution. And how does it work? I will give an example.

Downloading Privoxy , which, ironically, is designed, inter alia, to block ads. As it often happens, we download not from the manufacturer’s site, but from anywhere. As a consequence: during the installation, we get both the program and some other incomprehensible process called Close_Ad.exe.




We observe in the browser a pack of unsolicited ads:



We don’t really like it, so we download Kaspersky Security Scan and scan:



Kaspersky Security Scan detects Advar and further offers to download a trial version of our commercial product (or immediately buy it), which, in turn, can cure your computer.



Kaspersky Security Scan uses the database of December 7, but it didn’t stop him from catching more recent Advar (tested at the end of January) - heuristics!



And now we will try to scan the computer with a free antivirus, it can cure us, and there is no need to pay money. But not destiny.



But it was in January, and it was April in the yard (although it does not look like it), let's see what has changed in two months on VirusTotal. Not all are detected by Advar, but at least Avast was rehabilitated (in January only five products were detected at all).



But the user who has already caught Advar, and wants to get rid of it, it will not help. Since the script that substitutes the advertisement is not detected at all by anyone but one Russian product. Yes, free Kaspersky Security Scan also detects the script.

The third story. Fat troll.
Of course, the example above is just one example, albeit an impressive one. I'm sure you can easily give the opposite example, when Kaspersky Security Scan does not catch something. As I said above, this program, in principle, cannot detect everything, for example, rootkits cannot use this utility. But it was also made for those who, say, see a lot of advertising in the browser, and cannot understand whether the Internet is so littered or something is wrong with the computer.

On our example of the utility of Kaspersky Security Scan, you can give your example when it doesn’t see something. You can test the product for a specific database of malicious programs and compare its performance with similar utilities. In any case, it will be a kind of discussion with the arguments of the parties, where everyone will be able to evaluate for themselves the strength of the evidence presented.

And you can also write a post in which, without any evidence, put Kaspersky Security Scan on a par with fake AVs, and even call this utility “antivirus”. To tell there that he does not catch any Trojans (but not to tell which ones). Particular attention is paid to the date of updating the databases, not even trying to figure out why it is so and whether it affects something. And, finally, distort the license agreement and “the right to make conclusions to leave to the reader.”

I will not cite the link to the post, although it lies here nearby on Habré. I would rather quote one good book:

- I will now ask you a simple question, and you will see this for yourself. Here, listen! You stopped drinking brandy in the morning, answer - yes or no?
“Yes, yes, of course,” assured the Kid, who wanted so much to help Freken Bok, with conviction. But then she completely brutalized.
- Not! - She cried, completely losing her head. The kid blushed and picked up to support her: - No, no, she did not stop!
“Sorry, sorry,” said Carlson. - Drinking does not lead to good.
Astrid Lindgren. Kid and Carlson

Naturally, the author of such a post does not respond to any comments, because there, something else was missing, some facts and evidence of his being wrong can be cited. Because the task of the author of the post (as well as the affected user ) is not at all in the search for truth. Nobody needs to prove anything to him at all; it is enough to spread the previously prepared bad-smelling substance over the maximum possible area.

Fourth story. Bath and translation difficulties.
Take the method from the previous story and add the scale (well, and tear off the quality of the plinth). When it comes to not only Adwari and some dreary Trojans, but about extremely complex and targeted cyber espionage tools (and even cyberwar), there is such a very serious problem - when to publish information about them. The problem is mostly technical and organizational: you need to collect the maximum amount of information about a specific cyber attack, analyze it, not to frighten its authors ahead of time, and consult with experts from other companies (sometimes even with competitors). All this takes time, sometimes a lot. We wrote more about this here and here .

It is important that the problem is precisely when to publish. And not in the "publish or not." And there is no problem “to protect our customers or to delay” (to protect immediately, of course). If we just add some tricky malware to the database and calm down on this, we can skip something more complicated and dangerous. And I would not want to.

One respected business publication decided to investigate this problem, did a great job, interviewed many different people. And published the results, which, as you have probably heard, boil down to the fact that Eugene Kaspersky regularly goes to the bath. What does this remarkable fact have to do with the issue of disclosure of data on cyber weapons, presumably developed by order of government agencies? So we do not know.

And yes, we brought our arguments. And after the publication of the article on Bloomberg, and before. They were not heard in both cases, again, because the authors of the article did not have this task. Read more here .

The last story. Do not interfere with the programmer.
I can not cite this wonderful comic ( source ):



What is it for me? I started the post by saying that people write programs. They are responsible for how well (or not) these programs work. And yes, the process of human communication with a computer is somewhat different from how people communicate with each other. Our company employs 3,000 people, at least 1,500 of them are somehow connected with software development. Everyone else is busy helping them, or at least trying not to interfere.

OK, this is a rather simplistic view of the company, but it is important now. There are things that help make our programs better, and there are those that interfere. The first is any reasoned discussion based on facts. Even if it is criticism - our products, our company or something else. The latter include litigation, the response to fat trolls and articles about the bath. Do not think that these events do not affect the development. Money is spent on the courts, time is spent on responding to stupid posts. And not only the time of lawyers, PR and marketing specialists, but also developers and researchers. Because we want to answer the facts, and the facts are owned by techies.

Reasonable criticism makes us better. We try to respond to the reasoned claims - and here, on Habré, and in general. Trolls do not want to feed. But we will respond to outright lies.

Some serious April Fool's post turned out. Well, nothing comic too .