2005-02-16

An amusing commentary on the state of malware

One of the restrooms at a location where I work has a cheap magazine rack. On occasion, people will leave behind sections of the Washington Post or, more commonly, the free version given to Metro riders called the Washington Post Express. Today, I noticed something different. There was a magazine-sized publication printed on newsprint-style paper in the rack, opened to a page and folded back on itself so as to only show one of the pages. The page contents were divided into three vertical columns, filled with plain-text advertisements for a variety of educational lectures each a few paragraphs in length. At the top, and the center of the page, I saw the following (copied verbatim):

10 ways to avoid the 60,000 Viruses on the Internet
Here is the most valuable computer course you could ever take! Avoid the drive-by download! You'll walk away with a ten point checklist of FREE ways to avoid the 60,000 viruses on the internet. Learn where to test your system for vulnerabilities. Discover which spyware detector is actually spyware! Override your default settings to make your system safe. Find out what the biggest mistake people make with their computer. Why a free firewall is better than Microsoft's and plenty of time for Q&A with "The Computer Guy."
(followed by text about the lecturer)

Knowing nothing about the individual giving this lecture, I have no reason to doubt that the information provided may be very useful to the average computer user. However, I wasn't sure what was more amusing: the text of the advertisement, that the class is $25 for "Nonmenbers" or $15 for "Members" yet you're provided with a "free" checklist, or that the ad was right next to a headline bellowing Astral Travel: How to Induce Out-of-Body Experiences offered by the same organization.

This advertisement was in a magazine from "First Class Inc., a non-profit 'adult-ed' center." This harkens back to my previous call for a comprehensive information security clearinghouse. While the information provided in this lecture may be great, there is an equal chance that it could be bad advice; this organization is hardly an accredited university. The government provides services that serve the public's interest in many aspects: the FDA, the CDC, etc. Why not Information Security as well?

No comments: