The Ashimmy Blog: Hey Mike big boys know, nothing is for nothing

September 25, 2006

Hey Mike big boys know, nothing is for nothing

I am glad my friend Mike Rothman had time to reflect and rejoice over the holiday weekend. I did as well (in between fixing relatives computers). With the new year though, it is time to get back at it with Mike. Lesson one for this year Mike, nothing is for nothing. I refer of course to your comments on the gratuitous offer from eEye to give away a consumer version of Blink. I will say that I have always admired eEye for making scans for the latest vulnerabilities available to all for free, as well as when they release a 3rd party patch (whether you agree with 3rd party patching or not) they make it available to everyone. However, in this latest product announcement made via Ross's blog (is this a new trend to do product announcements on the blog, hey I did it with Safe Access 5.0 too, so I am not throwing stones here), you leave out an important piece of information. Mitchell Ashley, picked up on it when they first announced the free product. Besides hoping you buy the product for your corporate network, they are using the product to gather data to improve the commercial product. Mac Maiffret himself describes it as a "massive honey pot".

Like some other things recently from eEye, the marketing is slick but their true motives are hidden underneath. The obvious one is that they hope to seed the market with a free product. As people use it for home computers they would want to buy it for their corporate networks. The underside is they are going to use it build up their vulnerability research about what is out in the wild and make the commercial product better. There is nothing wrong with that by the way, they just don't go out of their way to let you know it. Obviously someone as smart and experienced as Mike did not even mention it. In contrast our Strata Guard Free NIPS is free and we make clear our only objective is to seed the market. We collect no other data and their is no other agenda. Now, if Microsoft was doing this, you could bet there would be yelling from the rooftops about it (ala the WGA debacle). Will eEye use this information for some reason that could identify you? Is there another use for this information that we don't know about? I don't know, but I would want to know that my data and habits are being mined when I use this "free" product. Mike the bottom line is, nothing is for nothing and you and I have both been around the block enough to know it.

Posted at 12:51 PM in General Security, other security companies, Security Incite | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451e4d369e200d8342af1aa53ef

Listed below are links to weblogs that reference Hey Mike big boys know, nothing is for nothing:

» http://technobabylon.typepad.com/tb/2006/09/there_has_been_.html from Technobabylon
There has been a great response so far to Blink Personal as a free endpoint security product; the only folks with any angst over it appear to be quasi-competitors who bring up two points in response to Mike Rothman's post - we are collecting attack dat... [Read More]

» The Role of Data in Security from Security Incite: Analysis on Information Security
The latest battle between eEyes Ross Brown and StillSecures Alan Shimel got me thinking about a bigger topic. How can/should we use data to make our security defenses stronger and to improve our posture?To provide some context, I covered Ross [Read More]