Computer security is a field I've always been interested in, both as a journalist, researcher, and system administrator. However I'm also often quite critical of the industry as a whole, and the manner in which they communicate with their customers.

Today a particularly symbolic and silly episode is transpiring that illustrates why the trust and power we put into security and anti-virus software is often misplaced.

Users of the CA eTrust software are being alerted that they've been infected by the JS/SNZ.a virus whenever they surf a website that runs any one of a few common javascript libraries. This includes my own site, which is causing some of my readers to get alerts, one of whom emailed me about it.

The problem of course is that this is not a virus at all, rather a false positive. Most users however won't know that, and instead are being scared away from thousands if not millions of legitimate websites.

There's a ton of discussion on this site/thread, and it's interesting to read/watch as people start to figure out that this is a bug and that CA needs to get on top of it and send out an update to fix the situation.

The security industry has created a great deal of power, based on fear, by selling software to people that on command can effectively censor or control their online environment. Today's example shows just how quickly even a mistake can generate fear and reach millions of users with an "alert".

Bruce Schneier is a security researcher I respect quite a bit, and he links to another story on the emergence of the Nugache Worm, which is similar to the storm worm, although it employs even greater autonomy and spontaneity with regard to its command and control structure:

But this new piece of malware, which came to be known as Nugache, was a game-changer. With no C&C server to target, bots capable of sending encrypted packets and the possibility of any peer on the network suddenly becoming the de facto leader of the botnet, Nugache, Dittrich knew, would be virtually impossible to stop.

This type of malware is able to stay ahead of most anti-virus and security software, so at some point it does beg the question, why bother? Why bother with the security software? Why bother with the Windows operating system? Obviously Linux and Apple have their own security problems, but apt-get update/upgrade seems like such a better way to go about it. That way you retain your power/control over your environment and an incident like today where CA accidentally censors a large portion of the web won't be able to happen.