Tom the Architect and I attended the 2005 Information Security Summit put together by the UW eBusiness Institute on February 23. I have to say it was extremely interesting.
There was an interesting line up of speakers, the last of which was Richard Stiennon, the Vice President of Threat Research from WebRoot Software, Inc. and former VP of Research with Gartner.
First, he is an extremely engaging speaker. I guess thats what happens when you spend a lot of time at Gartner. One of the things I hate about conferences that have speakers that are selling something, is that the speaker is selling something. Richard doesn’t come off that way at all. His lecture is entertaining, and he talks enough about his company for you to know its there to help you with the problem he is talking about, without beating you over the head to buy his product.
Secondly, the subject matter was extremely interesting. His company has done a lot of research into spyware and adware and he had some really interesting statistics and some great stories peppered through his lecture. Richard has a good grasp of the subject matter that his company is addressing with their product.
Having just wrestled with having one of our Windows machines here at the labs being taken over by something that decides randomly to pop up porn sites, the subject matter of his talk was very real to me. As I was wrestling with cleaning up the system to get out of completely reinstalling Windows again (which I had just spent practically a whole day installing just a short month ago), one of the questions that I ask myself quietly among the swearing is “why someone would actually write software that does the things that this software does”? Richards explanation of the revenue model for the adware business helped a lot in answering this question for me. In a market that has a possible 2.4 billion dollar ceiling, I was, as he pointed out during his talk, one of the people that briefly sat in my chair going “well, for that kind of money, this isn’t that bad”. Then I had to shake the thought out of my head after remembering the pain of trying to clean a machine that had been infected.
During the initial fight with this malware on our machine, I had downloaded Ad-Aware SE Personal from Lavasoft and ran it to clean the machine. While it found over 500 instances of spyware and adware on the machine and cleaned them, the one that I wanted to get rid of still remained on the machine – you know, the one that popped up pretty explicit pictures every so often when you initially opened the browser. No matter how many times I ran the software (or others) this one piece of software remained on this machine.
At the end of Richards lecture, I decided that first thing this morning I would download his product and sweep the machine yet again in order to try and remove this thing. Why did I make this decision? The primary reason was that I didn’t feel sold to. What normally happens in these situations is that I’m so pissed off about the hard sell that I write-off the product straightaway and decide not to even look at it. Richards style is such that I felt like I was getting information (value) and, oh, by the way, this webroot software might solve your problem.
So I downloaded the free trial Spy Sweeper this morning (by the way, another great practice. If you want me to buy your software, let me try it beforehand so I know it meets my needs). I ran it on the machine this morning and found 55 “items” and over 4000 “traces” of “things” on the machine. Once quarantined, the machine looked brand new.
So, what did I learn from this little experience? Well, first I learned a lot about selling. Since I received a ton of value from a speaker and not a salesman, I tried his product. Because his company is confident in their product, they let you try it first in order to make sure it meets your needs before you actually commit funds to it. Because it actually fixed my problem, I’ll be picking up this software for the Windows machines sitting on my home network.
The exchange of value was extremely high. I received the information necessary to solve my problem without feeling violated, and he received a sale. This lecture was a great lesson for me on salesmanship.
Pingback: Threatchaos.com: March 2005 Archives