I hope you'll forgive the presumption I'm exhibiting by creating this site.

I believe the Anti-Malware Industry needs to uphold a high standard of ethical behaviour. I believe that it needs to represent the very best parts of the Anti-Malware Community. I believe in order for that to happen it must be held accountable for it's actions and inaction, and I believe the people best suited to do that are the ones who care about those principles.

In the past the industry actually did a reasonably good job of policing itself. Unfortunately, recent events have shown us that the industry cannot always be relied on for this. One could even speculate that traditional business ethics have supplanted some of the anti-malware ethics - to the extent that it's now more important to avoid saying anything bad about one's competitor than it is to make sure those competitors don't violate the community's mores and traditions surrounding malware creation.

The gentleman's agreement of "Don't mess with my business and I won't mess with yours" has certainly benefited many industries and even consumers by pressuring businesses to not engage in dirty tricks; but I don't think it was ever meant to interfere with social responsibility or stop one vendor from calling another out when that other vendor violates some code of ethics. I certainly wouldn't expect the folks at Adidas to stay quiet if they knew Nike employed child labour, for example. Never the less, the willingness of one company to speak out against the unethical behaviour of another has waned considerably and that leaves us in a bind - who else can play the part of an effective watchdog for the industry?

The answer is not me. There are any number of reasons why myself and my anti-virus rants blog would be a poor fit to that task. Leading the pack, of course, is the fact that as a watchdog I'd have no teeth. less than a thousand people read any given thing on my anti-virus rants blog. One of the things that made the vendors ideally suited to this was their ability to reach a wide range of people who make buying decisions, and it's those decision-makers who can put the most pressure on vendors who get caught misbehaving.

Additionally, I'm not an industry insider so I don't have the necessary intel. The fact that I put the pieces together about one anti-malware company partnering with malware writers is in all likelihood a fluke. People in the industry are in a much better position to know what's going on in the industry than I am.

As I mentioned in my post holding the industry's feet to the fire over their inaction, I know there are individuals in the industry who wanted to say something. The fact that they didn't suggests to me that they didn't feel like they could; like the platform from which they normally reach people wouldn't have been open to an expression of this sort of opinion, and creating a new platform for the task would have had too many logistical costs (like making sure expressing their opinion couldn't negatively impact their jobs) and too few benefits (as in my own case, who would find and read one person's site in the sea of websites out there?).

What this site is meant to accomplish, then, is to provide a common stage for multiple people (thus concentrating their individual effectiveness) to speak out and act as a sort of neighborhood watch, without facing repercussions for their participation. I want to give members of the community, especially those who are otherwise muzzled by their roles in the industry, a place where they can express themselves more freely. And while I'm not expecting this site to draw anymore direct attention from purchasing decision makers than my anti-virus rants blog does, by putting the controversial material here I hope to also free up vendors to point at the controversy as a news item without having to say anything bad about their competitors themselves. That should provide comparable reach to what vendors achieved when they reported on ethics violations themselves while letting the vendors uphold their gentleman's agreement with each other.

I hope to be able to accept anonymous submissions from people without too much abuse. I hope this experiment can serve a valuable function. Most of all, I hope this site doesn't actually get much use, considering it's purpose to shine a spotlight on bad behaviour. Let's all hope that ethical violations are the exception rather than the rule.