Prevx has defended its participation in the BBC Click programme.
Mel Morris, CEO of Prevx, who participated in the BBC Click programme, claimed on the forum for The Escapist magazine that companies should ‘focus on the real fight that threatens our customers and our industry too'.
Speaking directly about Sophos' senior technology consultant Graham Cluley, Morris claimed that Cluley ‘might like to move onto the aspects of this story that could add some value to the customers of the security products from the numerous vendors that completely missed this botnet infection for several days'.
He wrote: “Botnets exist primarily because of an abject failure of the PC security industry to adequately protect consumers from such threats. It is a myth, albeit a popular and industry serving myth that botnets only infect PCs with little or no security.
“Users with well respected brands of fully up to date PC anti-virus and so called internet security products are infected every day while their PC security product tells them they are clean. Maybe that's a larger public injustice and one Graham and his team of very capable guys should focus a little more on than trying to pose as a legal expert.”
He further questioned whether Sophos are ‘by their own standards, unable to investigate the workings of botnets, information stealers or to retrieve details of stolen information, which might bring the real criminals and terrorists to justice'.
He asked: “Has Sophos never trawled malicious websites to seek out new malware to protect its customers proactively without permission from the website owner? Of cpurse they have. How is this different, legally?
“Never mind a snowball fight with Kaspersky and trying to be lawyers, let's focus on the real fight that threatens our customers and our industry too. At the moment we are all, simply not doing anywhere near enough to educate people of the real risks. The risks that are ever present in spite of running up to date so called PC security.”
In response, Cluley said: “Note that I have no issue at all with raising awareness about computer security, but I do have a problem with the BBC breaking the law when it was clearly utterly unnecessary.
“I know that Prevx was intimately involved in the BBC report and so may be feeling sensitive about this, and maybe that's colouring your [Morris] message to me a little. Did Prevx realise that the BBC was planning to break the law? Did you tell them what they were planning to do was illegal? Can you see that there are ways to explain the botnet problem in the media without breaking the Computer Misuse Act?”