Friday, February 02, 2007

words that mislead: solution

when is a solution not a solution? when it solves the wrong problem...

how many times have you seen an anti-malware product called a solution? i know i've seen it a lot and it's one of those things that really bugs me because they aren't solutions to the problem you're expecting... when people think of an anti-malware solution they naturally think of something that will solve the malware problem...

but there is no solution to the malware problem and there can never be such a solution... a solution to the malware problem implies that it wouldn't be a problem anymore - that you and i wouldn't have to worry about it, think about it, or deal with it anymore... it implies that the problem would just go away - that will never happen... there can never be perfect security so there will always be things that can be taken advantage of, and so long as there is darkness in mens' hearts someone will be taking advantage of those things...

what anti-malware solutions solve are not malware problems or even security problems, but rather they solve business problems... say you're given the task of finding a security product with some arbitrary set of properties and deploying it in your organization... the problem you face is finding the product that is the best fit, that has the most requirements from your checklist with the fewest undesirable trade-offs - that is the type of problem that anti-malware solutions solve...

unfortunately, most consumers of anti-malware products are not thinking about business problems, they're thinking about keeping malware away from their computers... most of them are people, not IT departments with a new demand from management - and those who work in IT departments are people first and IT workers second, they're people when they go home at night, they're people when they're with their families on the weekend...

as much money as anti-malware companies make off of corporate customers, framing their message for the narrowly defined business context sends entirely the wrong message to everyone else... it suggests the product can make the malware problem go away instead of more accurately suggesting that it's simply a tool that can help the customer to better protect their systems...

0 comments: