It seems like it’s been awhile since we’ve heard from John McAfee, the founder of the security vendor of the same name when he fled Belize to the U.S. via Guatemala after becoming a person of interest in the death of an American citizen amidst a media feeding frenzy.
In an interview last week in Maclean’s, McAfee said he orchestrated the media coverage to draw attention to this case and ensure the Belizean government couldn’t quietly frame him for a murder he didn’t commit. The plan included faking a heart attack in Guatemala to buy his lawyer time to fight extradition, and claiming to have tried “bath salts” as he knew the drug was drawing lots of media attention at the time.
It’s a fascinating interview, but I’ll leave it to you to read the tale of his escape to the U.S. and draw your own conclusions. I wanted to share one non-tabloidesque tidbit neat the end of the article though, where McAfee is asked about fermenting paranoia in the early days of anti-virus software, and if the software was even necessary at the time.
His answer was interesting:
“It wasn’t of paramount importance, but I knew one day it would be, and if you had the software it wasn’t going to hurt you any. I did use paranoia. I encouraged it. I admit that.”
While security software is certainly very much necessary, the paranoia probably isn’t, although it still drives the marketing messages of most security vendors, even if they don’t admit it. Hardly a week goes by without one of them sending me a “threat report” showing ever more frightening threats. We get stats on the growing number of malware definitions; not clear what it means, but the number sure is high. And, of course, the number of threats never seems to decrease.
Not to pick on the vendor McAfee, but I got a chance to interview former McAfee CEO Dave DeWalt three years ago. It was after a presentation where the vendor painted a scary picture of the security landscape, from monetarily-driven financial hackers to state-sponsored attacks crippling nuclear power plants.
During our discussion, I asked DeWalt why, in this day and age, it was necessary to still use fear and paranoia to sell security. It’s not like in the early days, where they had an education job to do. Are we not at the point, I asked, where most businesses certainly agree they need some level of security? Is it not really a question, not of security or not, but of what level of protection is necessary for their respective threat level?
While dodging the paranoia question, DeWalt said they focus on threats because there is still a need to educate businesses (and, by extension, consumers) about the threats that make security software a necessity. If that really is the case though, considering that paranoia has been the game plan since the birth of the industry, if people still haven’t gotten the message all these years later and education is still necessary, maybe it’s time to try something else.
In the meantime, (John) McAfee has admitted at least one obvious truth.