When I saw the teaser for 60 Minutes last night, I was a little apprehensive, but optimistic. They said they would cover the Conficker worm, and I thought that, while the issue might get a little bit of hype, they would at least encourage everyone to make sure they had security software and that it was updated. I thought that primetime exposure should get at least a few people to protect their systems.
Unfortunately, after seeing the segment, if I didn't know better, I would have uninstalled any security software I had.
Before I go on, I should say that what I minimally hoped for was that the segment would say something to this effect: "While there will always be some risk, having good anti-virus, anti-spyware, and firewall software, and keeping it updated, exponentially decreases the likelihood of being hit."
What the segment ended up stating? "The sky is falling, and there is really nothing you can do about it."
Just to recap: On the 60 Minutes segment, someone from Symantec Corp. (Nasdaq: SYMC) talked about the proliferation of Conficker. Leslie Stahl was clearly impressed by the worm, and then she turned the conversation to the fact that Symantec sold software to address the issue.
Poorly chosen words on the part of the Symantec rep had Stahl framing the conversation that Symantec benefits from the problems and left little motivation for people to use or update security software.
Then Stahl interviewed a woman who claimed to have all required security software on her system, yet still managed to be compromised by a criminal. There was, of course, no discussion of whether or not the woman had updates configured properly. So, security software came off as modern-day snake oil.
Then came a conversation with Vint Cerf that was basically pointless and an interview with a person from SecureWorks Inc. that seemed to be pieced together to say that we really can't do anything to stop the bad guys.
Leslie Stahl then said that while filming the story, CBS was actually hit with the Conficker worm. Instead of asking the admin she interviewed whether CBS had the latest updates running, or about his security knowledge, she appeared to think that if CBS could be hit, anybody could.
Clearly, if the systems were running the latest anti-virus software, the infections wouldn't have spread so quickly throughout CBS, so the CBS "expert" was hardly an expert. Frankly, he seemed like the typical overworked, undertrained network admin, who was also responsible for security as well.
I was, however, still maintaining a shred of hope that Stahl would close the piece by advising people to make sure that they had updated security software. As you might guess, Stahl basically reiterated that Conficker might or might not unleash the largest attack in Internet history, and that the sky is falling.
I wanted to provide some detail about the segment so that people can understand how Internet security is poorly portrayed. I also want to warn people who speak on camera to think about how to sell security first and their companies second. The Symantec person tried to sell Symantec. Security is about saving more than you spend, and decreasing the odds of loss.
It is easy to blame Leslie Stahl, as she seemed clueless about the topic going in, and clearly as clueless going out. However, SecureWorks and Symantec representatives should have realized the direction of the interviews and tried to make a useful point.
In fairness, such points might have been edited out, but the end result didn't serve either company. In the end, the piece made it seem as if Symantec sells snake oil and SecureWorks tracks people that they will never catch.
I am sure that both of the companies' Websites will feature that they were on 60 Minutes. They will probably hope that there is no such thing as bad publicity. While it wasn't good publicity, it does sound impressive.
My concern is that the security community had its chance to encourage millions of people to take fundamental security precautions. Instead, our representatives wasted a primetime opportunity.
— Ira Winkler, Former National Security Agency analyst and author of Spies Among Us
The problem is, I think that the 60 Minutes crowd is probably the crowd that needs good, easy to understand computer security information the most. I would hazard a guess that the majority of the computer users infected with Conficker and all the other malware out there are not the "younger set". 60 Minutes missed out on a perfeect opportunity by trying to make it into the story they wanted rather than the story it actually should have been. Nothing new for TV, I know, but it is still a little disappointing.
Well, I am not his PR person but I am a PR person.
While it is easy for me to play armchair quarterback here, the problem with Symantec's strategy was that they took the media opp as a sales opportunity and blew trhe chance to EDUCATE consumers in a friendly forum. Why should they care since they are powerless anyway?
But if we choose to give the 60 minutes folks credit for having brains, they came to their conclusions based on all their interviews, meaning everyone played a part in how the final piece came out.
Savvy security people aren't necessarily good educators. Technology is intimidating to people who aren't either immersed in it or grew up with it. The FUD factor is there and apprantely it still serves our industry to play into it or we wouldn't.
Has anyone commenting taken the time to contact 60 minutes? They do have feedback channels, right? While it may not help...at least someone tried to go to the source...
I was blown off by the major media for a story I thought they would be all over. A friend of mine went dumpster diving through the trash of a major Chicago bank and found stuff that shoudl NEVER EVER be left out in the trash, and shot a short video outlining what he found. No one seemed to think it mattered. Demoralizing, to say the least.
But...if enough people hammer away for long enough more opportunities will arise where we can set better expectations and a more empowering mindset on how to deal with the kinds of cyberthreats consumers are exposed to..
I even got call from friends: "Turn on 60 Minutes!" I might have if I had television. I can get CNBC because a friend streams it from his sattelite DirectTv feed (it is a demo of his CDN, very cool, no I cannot give you the URL).
It seems like the media and the security vendors miss the good old days of wild virus outbreaks. Remember "I love you" and SQLSlammer? Or the way MSBlaster (Conficker 1.0) took down railroads and maybe the Northeast power grid?
Conficker is going to hurt people who 1. Run Windows. 2. are not patched 3. have not updated their AV signatures. That is probably a big segment of the people who watch 60 minutes so your complaints are valid. Everyone should have said "no big deal. just patch and update and move on". The CBS admin should have been called out for *not* being patched and updated.
Why do you say the 'rep' didn't know anything? Not that I'm his PR person but he is Symantec's VP of Security Technology & Response - I'm sure he knows about, was it in his best convenience to say that it's not dangerous and people don't have to worry? of course not!
I dont think I expected too much. With the Blaster worm, all of the reporting at least ended with the phrase, "Make sure your software is up to date." Also, good or bad, 60 Minutes does tend to do thorough investigation in most cases.
Likewise, and the point of the article, Symantec and probably SecureWorks would have had PR professionals standing in the room during all interviews. They would have thoroughly prepared the onscreen employees to get across a message, and should have worked with the producer to get the messaging across.
Also, I know 60 Minutes producers and it is also more likely than not that the whole Conficker story would have originated and been pitched by Symantec PR people to producers.
If the story was pitched with security in mind, as opposed to with Symantec in mind, it would have likely come off very differently. There is a big difference between, "My company is on the bleeding edge of security," and "You can help millions of people by letting them know that there is a potentially huge attack coming, and it can be prevented very easily."
Leslie Stahl seems to like acting like a technological idiot, or just playing stupid, and the story could have easily been framed for her. Again, if you look at the story, Symantec just loved to show off their incredible operations center (it is actually really cool), which actually had very little to do with Conficker. Likewise, as opposed to talking about anything directly related to Conficker, SecureWorks talked about their "underground research" into the Russian underground. This seems to be the messaging they sought.
On a side note, there was a potential lapse of SecureWorks operational security as Leslie Stahl apparently named a handle that they frequently use to infiltrate underground networks. If I was a bad guy, I would be tracking that user id back to see which systems they were using to access the appropriate underground systems.
I agree... 60-minutes is not aimed at the younger crowd. And even if it were targeting a younger crowd, those that even care remotely about Conficker would not watch it.
Their coverage of Conficker is no different than any other topics they cover - health issues, crime, consumer issues, etc.
I don't despise 60-minutes or feel it is inadequate, I simply just recognize it for what it is. We shouldn't expect more.
LOL, funny that we looked at the same metric. BTW, please stay around as I will need the support after Andrew Keen reads my post to his blog ;). I think that we may now have our own version of Andy.
td, Brilliant minds think alike, as soon as I finished Ira's blog, I went and googled 60 minutes reporting staff to find the average age, thanks for the math.
Which coincidently is probably close to the average viewers age. I don't think it would have been any more effective if they chose not to dumb it down for the viewer.
Sure this audience found it terribly sophmoric, but 60 minutes still does some good reporting.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
In his recent Congressional testimony, Dennis Blair, the U.S. director of national intelligence, stated that the U.S. is "severely threatened" by cyber attacks and that the recent Google (Nasdaq: GOOG) attacks should serve as a wake-up call.
I keep telling people that if they do everything right, they will be generally secure. I like to think I do everything right myself to minimize the likelihood of being hit by malware. I avoid going to unusual sites. I don’t click on links in strange emails. When reading normal emails, I verify any embedded links, just in case.
The U.S. Department of Homeland Security is going on a hiring spree. They intend to hire more than 1,000 cybersecurity experts over the next three years.
Given all the issues we have with cybersecurity, it amazes me that every time there is a government effort to improve security, it always involves calls for more research. Such is the case with the proposed Cybersecurity Enhancement Act.
Smarter Collaboration: How to Thrive in a Challenging Business Environment Market conditions are changing faster than ever, and organizations need to improve their agility and adaptability in order to provide better service and improve processes. The ability to work with customers, business partners, and employees as effectively as possible - while at the same time holding down costs - is a key to success. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
The release of Microsoft's newest OS raises the question of the company's relevance in an era when Google dominates applications and search, and Apple runs circles around Redmond with its gadgets and user interfaces.
Microsoft reportedly has plans to integrate Windows Live and even Xbox with Windows Mobile. That may provide them a strategic advantage, but what will the cost be to your privacy? Tom explains all.
Techies are going crazy over the possibility that Google might design and sell its own Android phone. Some writers say it's a very big deal. Reiter questions whether it will happen and, if it does, whether it even matters.
Ever since the iPhone debuted, cellular manufacturers are rushing to incorporate touch screens into their phones. Alas, cellphone touch screens have significant problems that can actually harm business productivity. And doing business isn’t about getting the high score on Super Monkey Ball!
Companies used to be confident they'd know exactly what a cellular OS would look like out of the box. Today, that confidence should be fading. Reiter discusses how a cellphone OS's looks could be deceiving, and why businesses need to understand it.
E-discovery is the requirement to make available all digital information related to, and in conjunction with, a legal proceeding. An appeals court ruled recently to limit the scope of e-discovery searches, which gives corporate counsel and IT executives a bit more power over the e-discovery process.
Google Chrome isn't pretty like other OS GUIs, but it's the first OS ever designed from the Internet inward to the desktop instead of the other way around. Crochet a nice border for a Chrome OS window if you like, as long as you realize the world of the cloud will change our conception of desktop computing forever.
When Reiter gets incensed over incompetent Verizon FiOS order-taking and support, he broadcasts it via Twitter. Did it do any good? How should your company offer Twitter support? Watch this for all the answers.
Research shows that the youth of today like Facebook – but not blogging or Twitter. Does that mean Facebook has won, or just that it's not yet out of favor? Will all the services we see today fade into Ovaltine-or-Wheaties status in just a few years?
What kinds of companies are doing the most innovation in the data center? Turns out it's midtier enterprises that are taking the "Just Right" approach.
Ray Kurzweil's Blio and Apple's iPad tablet will make it easier than ever to have books "read" to us, says Dr. Kim, who believes that talking tablets will become interwoven into our consciousness as we "merge" with the increasingly elegant machines we hold in our hands.
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
