Schadenfruede

Thomas Ptacek | June 15th, 2005 | Filed Under: Uncategorized

If one thing assuages my irritation over this ridiculous Symbiot press hit, it’s the fact that the company was reduced to issuing a press release saying it “targeted” a $10MM round.

Further dubious Symbiot claims:

• That they won an Apple Design Award (they were runner-up in a category that seems to equate to “first product to ship on an Xserve”).
• That they work with the Apache Software Foundation on OSS SIM (they proposed their project as an Apache Incubator project, to no apparent avail.)
• That Cisco has validated their claims by launching a Self-Defending Networks strategy; Cisco SDNI is the marketing successor to SAFE, and has nothing whatsoever to do with strike-back; also, Symbiot seems to have changed their branding to mimic Cisco’s.
• That their ideas appeared on a major TV show (a product placement on Fox’s 24, which had nothing to do with Symbiot or strike-back).
• That major corporations have deployed public deployed strike-back technology (presumably Symbiot’s, though I can’t find one press release naming a customer on their site).
• That their white paper launched an industry-wide debate on strike back (any debate seems to have begun and ended with Schneier calling Symbiot immoral, potentially illegal, and uncivilized).

Really though, the problem isn’t that “strike-back is immoral”. It’s that it’s stupid. The defining attributes of an Internet attacker are anonymity and mobility. Pinpointing a single compromised box and wailing on it with some vendor’s lame flooding script accomplishes precisely zero to improve your security. Whomever is attacking you will laugh at you. And so will I, for wasting money on such a useless tool.