Dr. Vesselin Vladimirov Bontchev, a computer security developer and commentator on cryptography and malware issues via his Twitter handle VessOnSecurity has taken aim at John McAfee’s legacy and in particular, his claim to have ‘invented cybersecurity,’ in a Twitter thread full of pointed attacks on McAfee's abilities as a computer developer.
John McAfee, a cryptocurrency enthusiast who first came to prominence developing some of the first versions of consumer anti-virus software, has taken a few hits recently. Earlier this week the BitFi crypto wallet, which McAfee has bet $250,000 on the fact that it is ‘unhackable,’ has been shown to be certifiably hackable. Prior to that, McAfee’s treasury reportedly stole up to $100,000 worth of cryptocurrency from the Team McAfee digital coffers.
McAfee doesn't seem to be taking his losses to heart however, having two days ago boasted on Twitter that he 'fucking invented cybersecurity' in response to some criticism.
Am I a wannabe? I fucking invented cybersecurity. Get your fucking facts right— John McAfee (@officialmcafee) September 1, 2018
Today, his titular McAfee Anti-Virus software, which enjoyed ubiquitous installation in countless Windows machines through the 1990s through to today got a pretty rough evaluation from a cybersecurity expert who concurrently developed the anti-virus model we are familiar with today.
Of course, John didn't invent cyber security. It existed long before there were computer viruses. The names of the inventors of the login prompt and the file access rights are probably lost in the mists of time.— Vess (@VessOnSecurity) September 3, 2018
Vess does concede that McAfee came up with the novel idea to create a ‘bulk virus scanner’ to replace the need to create programs specific to each virus, but gives a blistering critique of McAfee’s original designs.
For example, Vess claims that McAfee’s original program utilized the rudimentary string-searching that operating systems have built in, but only programmed his virus hunting software to look at the beginning and end of code sequences, which missed out on any viruses hidden inside the rest of a piece of software.
Vess went on to critique McAfee’s original software, stating that ‘it sucked at detection, it sucked at identification, and it sucked at disinfection.’
Furthermore, Vess has quite a bit of scorn saved for McAfee’s abilities in cryptographically securing his software. Vess described a number of security flaws in McAfee’s design and his near-sighted ‘solutions’ which Vess says would cause anyone who knows ‘anything about cryptography are probably rolling on the floor laughing at this point.’
When this was pointed out to John, he, in a stroke of genius, decided to "solve" the issue by making the program output *two* different CRC-16 hashes. Surely that can't be broken! Checkmate, hackers.— Vess (@VessOnSecurity) September 3, 2018
This criticism hits particularly hard, as computer cryptography is something of utmost importance not only to anti-virus software, but absolutely essential for McAfee’s current interests in cryptocurrency.
Vess does however give credit where credit is due, attributing the invention of ‘overhyping the issue’ to McAfee, citing his dissemination of fear over the Michelangelo virus, one of the first major virus threats, in order to sell his anti-virus software.
Vess truly holds no punches, summarizing his assessment of McAfee as a ‘technically incompetent schmuck’ who ‘deserves none of the credit’ over the success of his anti-virus software.
Nowadays McAfee Anti-Virus is one of the best anti-virus products around. But John McAfee deserves none of the credit. His anti-virus was crap. It sucked at detection, it sucked at identification, and it sucked at disinfection.— Vess (@VessOnSecurity) September 3, 2018