Blended Threats == Hemlock Smoothies

Andrew Jaquith
Andrew Jaquith ∙ Managing Director, Markerbench
2 min read ∙ February 11, 2006

An open letter to all anti-virus software makers:

February 2, 2006 Dear Antivirus Industry,

Why are you so addicted to the term “blended threat”? It seems to mean something special to you… but it means nothing to anybody else. Certainly not to Grandma or to security professionals who don’t work for anti-virus companies.

To the lay person, a “blended threat” might be what happens when someone slips arsenic or hemlock into their Starbucks frappucino. That’s what you meant, right?

Oh, silly me. You meant “a complex program that targets multiple weaknesses in computer networks and uses multiple distribution methods to spread” (Trend Micro’s definition). But doesn’t that describe the behavior of every sort of malware that’s seen today?

Grandma doesn’t get infected by “blended threats”—she gets infected by:

  • Adware that spies on her and makes her computer sluggish and unusable
  • Viruses and worms that wreck her hard drive
  • Keyloggers and trojan horses that steal passwords and credit card numbers and send them to nasty mean people in Lower Slobovia

We don’t get it. Characterizing malware as using more than one vector of attack may be technically correct but it isn’t the point—it’s the consequences that matter.

The term “blended threat” might have been useful toyour marketing efforts in 1998, but it seems a bit quaint in 2006—rather like describing today’s automobiles as “horseless carriages.” Please stop.


Everyone Else