Wikipedia:Articles for deletion/Malware Spread Mitigation


 * The following discussion is an archived debate of the proposed deletion of the article below. Please do not modify it. Subsequent comments should be made on the appropriate discussion page (such as the article's talk page or in a deletion review).  No further edits should be made to this page.  

The result was delete - all of the editors voting keep are single purpose accounts and many display and apparent conflict of interest. ck lostsword•T•C 22:38, 17 July 2007 (UTC)

Malware Spread Mitigation

 * – (View AfD) (View log)

Notability not asserted, suspected promotional material. New author with no other meaningful contributions. A supposed infosec term that is marginally visible in Google, is defined in a remarkably vague way (Northeast Blackout of 2003, KFLOCS, chaos theory and such) - and in the end seems to be a covert ad for a proprietary and not necessarily notable technology used by this company in their products. The company itself does not seem to be particularly frequently noted either. lcamtuf 11:51, 11 July 2007 (UTC)
 * Update: article author's nickname (Ishisaka) coincides with a login used on some forums by a person claiming to be Ken Steinberg, current CEO of said company (see here); this link seems to be further confirmed by later comments on this AfD page. --lcamtuf 13:18, 14 July 2007 (UTC)


 * KEEP I have been working in the computer industry for a while and have come across many terms, including "Malware Spread Mitigation," during web searches for products which stop malware in its tracks. My interest is in low-level code that can run on a variety of platforms (PC's, embedded systems, etc.). The term, which is fairly new (like "Code Access Security," a term already in Wikipedia), refers to a new concept in preventing viruses from spreading to other systems. Like many computer-related terms, this one -- which user Lcamtuf called "supposed infosec" -- can already be found in web searches both in phrase and in concept. The parenthetical reference to "big word" was somewhat amusing, especially since Wikipedia already has an entry for "Popek and Goldberg virtualization requirements." If Lcamtuf is looking to rid the world of "big words," there are many places to look. But what grabbed my attention here was that, unlike other Wikipedia entries, I was struck by Lcamtuf's tone and rather disparaging comment about the author's lack of meaningful contributions, and his comment about "suspected promotional material." If the entry contains a line which the administrators think is promotional, the text can always be modified. I think deletion would be too extreme. And if Lcamtuf (whose real name is Michal Zalewski) wants to chide submittors for, as he calls it, "promotional material," he can start by removing the Wikipedia reference to his own book, "Silence on the Wire." It turns out that Mr. Zalewski (Lcamtuf) might indeed have a motivation to have the entire concept removed from our computer security vocabulary. He works for a competitor company which provides blacklisting technology. Having researched Savant Protection, both press releases and other independent sources, it seems clear that Savant Protection's approach is not only the best at preventing execution, but also the best at stopping the spread across systems. I think the emphasis on new approaches to virus and spread protection, like countless other trends in the computer industry, will spawn new terms which will become -- or are already becoming -- part of our vocabulary. goodville 16:00, 11 July 2007 (UTC) — Goodville (talk&#32;• contribs) has made few or no other edits outside this topic.
 * As a matter of policy, Wikipedia is not a place to describe terms or ideas that "will become or are already becoming" a part of our knowledge or vocabulary. Furthermore, extraordinary claims of efficiency or notability require extraordinary (and verifiable) third-party proofs. See WP:OR. --lcamtuf 16:48, 11 July 2007 (UTC)
 * Keep First and foremost the entry is new and not fully baked. Second, it is a legitimate entry since this is a new computer security approach that can be added to the other approaches such as blacklisting, whitelisting etc.  So is lcamtuf saying that nothing new should be added to Wiki because it is not highly ranked in Google or notable yet?  lcamtuf should then remove his entries promoting his book and perhaps the AV company he works for.  If whitelisting is posted, another somewhat new approach - relatively to blacklisting, then Malware Spread Mitigation should be noted.  This is an accepted approach in the security community and with several of the top analyst firms.  This appears to be a case of a large firm exerting itself on a changing market. My understand was that Wikipedia is a knowledge tool and that postings should be of this ilk.  The posting is not promotional (I have seen much, much worse).  Great care was taken to not be so.  The entry should be allowed to exist and let the community contribute.  Of course it could be edited to use small words if they are too complex for the reader - geesh. ishisaka 16:11 11 July 2007 (UTC) — Ishisaka (talk&#32;• contribs) has made few or no other edits outside this topic.
 * Again, as a rule, we do not describe concepts that "can be added" to common knowledge - we focus exclusively on concepts that already are included there, by reputable, verifiable third-party sources (such as peer-reviewed journals). --lcamtuf 16:48, 11 July 2007 (UTC)
 * So you would have me believe that every entry is Wikipedia can quote a third party source on the day it is entered? That would require a lot of content to be deleted. — Preceding unsigned comment added by 24.61.93.173 (talk • contribs)
 * Delete per lack of "significant coverage by independent media" Only hit on google news archives is a press release Corpx 16:43, 11 July 2007 (UTC)
 * Delete All but one of the hits on a standard google search are press releases from the same company. Not discussed in any of the reliable sources that are likely to discuss something like this (e.g. securityfocus, zdnet). JulesH 17:01, 11 July 2007 (UTC)
 * Keep Let's give sometime for this article to develop before XFDing it. Thansk Taprobanus 17:15, 11 July 2007 (UTC)
 * How can it develop if there's nothing to develop it with? Ten Pound Hammer  • (((Broken clamshells • Otter chirps))) 17:35, 11 July 2007 (UTC)
 * How do you know ? just a question Taprobanus 17:48, 11 July 2007 (UTC)
 * Because of the lack of notability right now. We cant let articles stay and hope that notability might be established in the future.   Corpx 17:58, 11 July 2007 (UTC)

If it is there is a lot of stuff on Wiki that needs to be deleted. I've seen a lot of pages about people that have little to no references. How do those get to say? A bit of a double standard, I think. right lcamtuf or is that Mike Z? ishisaka 21:46, 12 July 2007 (UTC)
 * KeepI did some checking-seems SC Magazine, Government Computing News, eWEEK and NETWORK WORLD have some very good things to say...new terms, new technologies, new knowledge - let it stand an TVJones 19:06, 11 July 2007 (UTC) — TVJones (talk • contribs) has made few or no other edits outside this topic.
 * Please provide full references, so that we can check these assertions. JulesH 10:00, 12 July 2007 (UTC)
 * Delete - appears to be a neologism (or more like a protologism) that gets most of its traction from one company's phrasing with regards to its product. I came up with mostly press releases in searches; notability doesn't appear to be established, and I don't think it will be any time soon. Tony Fox (arf!) review? 20:19, 11 July 2007 (UTC)
 * Delete, NN advertising slogan. --Dhartung | Talk 23:26, 11 July 2007 (UTC)
 * A Google search shows there are numerous sources attributed to numerous companies all providing malware spread mitigation. Cannot be a slogan if mentioned across several companies and media outlets.  Research please — Preceding unsigned comment added by 24.61.93.173 (talk • contribs)
 * Can you link to some of them, please? When I performed that search I found approximately 100 press releases from Savant, and precisely one article that used the term otherwise, and not in relation to the technology described in the article. JulesH 09:56, 12 July 2007 (UTC)
 * KEEP A Google search using the terms virus or worm or bot or malware plus mitigation excluding “Savant Protection” from the results produces 1,770,000 hits! Implied in most, and explicit in many, of the references is the notion of preventing harmful computer code from propagating to other non-infected computers. Every malware related product on the market promotes and differentiates their capabilities for effectively performing this service. I believe that the term Malware Spread Mitigation, although somewhat new in terms of putting these specific words together in this way, is not new in what it represents. It is an excellent lens for focusing attention on this critical area of computer security. With the help of the Wikipedia community it can be enhanced over time to bring a much needed focal point to this specific subject area. Isn’t that what Wikipedia is all about?  I also believe that there is plenty of precedent for acceptance of Malware Spread Mitigation. The term computer security incident management already exists in Wikipedia as does Anti-spam techniques (e-mail), Trusted Computing, and Computer security to name a few. I was also surprised to see McAfee VirusScan and Norton AntiVirus entries along with a number of other commercial antivirus products listed in Wikipedia. Compared to these entries I see absolutely no self-promotion by Savant Protection in this entry. In fact, I would recommend that Savant Protection create their own entry seeing that McAfee and Norton are allowed. :-) Mronayne 14:12, 12 July 2007 (UTC) — Mronayne (talk&#32;• contribs) has made few or no other edits outside this topic.
 * Google search for virus OR worm OR bot OR malware +mitigation -“Savant Protection” is remarkably broad and predominantly returns pages unrelated to the subject of this article. --lcamtuf 14:30, 12 July 2007 (UTC)
 * A Google search on Computer Security = 5,250,000 hits! On Trusted Computing = 1,360,000 hits! Both are accepted Wikipedia entries. And, I believe that there are a significant number of results from my search that do pertain to the detection, isolation, and removal of malware – in essence, stopping the spread of malware – most definitely the subject of this article.
 * "With the help of the Wikipedia community it can be enhanced over time to bring a much needed focal point to this specific subject area. Isn’t that what Wikipedia is all about? Well, no, actually. Wikipedia is not for promotional purposes or for "enhancing" a brand-new term that, when searched for in its entirety, has very, very minimal traction outside of a single company's marketing material. It may be that down the road there will be multiple, non-trivial reliable sources using this term, and at that point it may be right for an article. Right now, it fails attribution policy. Tony Fox (arf!) review? 15:49, 12 July 2007 (UTC)
 * Please explain entries for McAfee VirusScan and Norton AntiVirus - not trying to be difficult, just trying to understand Wikipedia better. Mronayne 16:01, 12 July 2007 (UTC)
 * Both are extremely well known, have multiple non-trivial reliable sources about them (though teh McAfee article could use some additional refs), have two million-plus Google hits, and are products, not a neologism that is thus far applied to a single product by a single company. Tony Fox (arf!) review? 17:42, 12 July 2007 (UTC)
 * Still curious - what is the threshold in Google hits - assuming they are reliable and 3rd party - to qualify a product (or term) as eligible for a Wikipedia entry? Is this just a judgment call or is there some rule of thumb? Mronayne 18:42, 12 July 2007 (UTC)
 * Google hits are an indication of notability, not a threshold to be met; it helps indicate the potential level of sources available for a particular topic. Here are some relevant links for this discussion: Reliable sources; attribution; notability. This phrase meets none of them, in my (and others' opinion. Tony Fox (arf!) review? 18:55, 12 July 2007 (UTC)
 * Thanks Tony.  I appreciate it.  :^) I did take a look at these but I need some further clarification.  The criteria don't speak of specific thresholds so how does one know what is acceptable as a new entry and what is not?  It seems very subjective.  My only reason to add this entry was to start down the path.  I never envisioned such a caustic response to such a small entry.  If no one can clearly articulate the threshold for beginning an article then I can imagine many would get pretty frustrated with new postings. One would think that articles by third party security-focused publications would be a good thing? =]:^) No one paid them to write.  I was as surprised as anyone but it appears that Google hits is the only yardstick.  What does that say about the computer science press or the analysts?  Who else would write about it anyways?  I would think it would be far worse if all one found were whitepapers I had published.  All of the articles were done by independent technologists/writers who had no reason to even look at this technology.  They chose to write over the course of 3 years. We never asked.....so I am left feeling a bit pinched by all of the directness from a range of individuals, some obviously learned and senior Wiki-est and others who seem to have no direct security experience....but that is just me.  I am not trying to get anyones knickers in a knot.  Just trying to add a couple K of words to probably many quadrillion.  A bump on a flea on an ant on a cat sitting in a wall....ishisaka 20:23, 12 July 2007 (UTC)
 * Multiple, non-trivial reliable sources means just that: multiple (more than one - generally, several is best at minimum) non-trivial (feature articles, large portions of existing articles, etc.) reliable sources (publications that are established and have some modicum of editorial oversight). Press releases are not reliable sources, but make up most of the results that turn up in Google. If you can show multiple, non-trivial reliable sources that this phrase, as it stands, is a notable phrase in general use, then please provide the references. Tony Fox (arf!) review? 20:51, 12 July 2007 (UTC)
 * OK, well then as you stated earlier with respect to McAfee and Norton, given that four independent publications (see above or Google) have made reference of Savant Protection, I should be able to do what they did and put a direct reference in. It boggles the mind that you are actually saying a direct company reference is better than letting everyone chime in on a particular subject matter but GCN/Newsweek, eWeek, Network Computing, and Secure Computing would match your definition of multiple, non-trivial, reliable sources.  Seems a bit bass-ackwards but if that is what matches the Wiki criteria, I will retract this topic until more direct coverage is applied and write another. Do me one favor though, explain why everyone says Google hits are not the measuring stick, but everyone keeps bringing it up? Either it is the measure or it isn't.
 * (deindent a bit) If Savant Protection meets the corporate guidelines, go for it. This phrase is entirely non-notable and a neologism, and that's what this discussion is about. Tony Fox (arf!) review? 02:05, 13 July 2007 (UTC)


 * KEEP The nature and maturity of organizational security is still evolving; compare the field of security from 1955 to that of today. There is no comparison. Further, this field is not a finite discipline such as basic mathematics where 1+1=2.  That is highly apparent by the varying opinions within this call for deletion. After all, Wikipedia is here to help derive new definitions. Case in point: Lookup Google in Wikipedia.  You find that it is listed as a verb.  However, that is probably the product-focused Wikipedia entry that you will find.  As a full blown “Google-a-holic,” I do not  have any problem with the entry.  It’s pretty darn accurate.  But if we are going to apply the standards that are called out by the DELETE crowd, then we should also get rid of that entry.  For that matter, why not censor the entire site? The truth of the matter is I don’t want someone censoring any terms that may be perceived in different ways by different people. Unfortunately, just about every definition in the domain of organizational security is like that right now.  Rather, we should be EDITING and refining the definition into something that everyone can work with and develop.  This brings us all to a more educated place; a place that we can all thank WIKI for aiding us in achieving. — Preceding unsigned comment added by 70.233.9.2 (talk • contribs)  — 70.233.9.2 (talk) has made few or no other edits outside this topic.
 * Delete WP:SOAP, WP:NOTE and probably WP:COI. I assume good faith as a starting point, but it is obvious that this discussion is being flooded by Keeps from single-purpose accounts, which I think also makes the reasons for the creation of this article suspect. Google returns are overwhelmingly for press releases by Savant, and the ezine "article" I saw was written by the CEO and the VP of Savant. WP:NOTE can't be established until this technology is referenced more in reliable sources that aren't just self-promotion by Savant. The Wikipedia article itself touts Ken Steinberg, CEO of Savant, as "advancing the technology". Lipsticked Pig 05:32, 14 July 2007
 * Excuse me but I did advance the technology but so what. As to the ezine articles, go Google Symantec. What do you find?  The same thing.  Whitepapers, ezine articles and more press releases than you can read.  I did NOT write this entry to promote the company (the mention of which IS part of the history) but to capture the technology and it's history.  So maybe we should go remove the reference to Peter Norton from the Symantec entry or Woz from the Apple Computer entry. You cannot discount an article because of historical reference. Every entry in Computer Security has historical listing.  Also note that if this was promotion, which it is not, I would have listed all of the supposed e-zines. Wiki dictates consistent use of criteria across entries.  This article adheres to the same criteria used to publish other entries.  This articule conforms to WP:NPOV although this discussion is becoming borderline WP:NPA as several of the people requesting deletion have not written any articles in computer security and have no basis for commenting. ishisaka 12:19, July 14 2007
 * If you're indeed Ken Steinberg - please see WP:AUTO for a discussion of reasons why authoring articles on yourself or your projects is discouraged and is likely to cause conflicts. Wikipedia employs a number of common-sense rules designed to ensure that all articles describe notable and previously established facts or concepts in a precise, factually accurate, and verifiable manner; the project specifically forbids promotion of original thought or research that did not gain a non-trivial amount of independent traction, no matter how important or unique it is - and that's pretty much the story of a plethora of AfD votes. There's no cabal. I do not know you, I do not secretly hate you or your company; and to my best knowledge, I do not work for a competitor (see WP:COI). --lcamtuf 13:18, 14 July 2007 (UTC)
 * I can get very upset when I see a delete comment on an AfD which seems malformed and ignorant of the subject matter. And in this case, I am relatively ignorant of the specific technology. However, the article did not establish notability by standards that are obvious and clear to me (the article should be able to do that regardless of my level of knowledge), Google searches returned almost exclusively non-reliable sources for "Malware Spread Mitigation", and combined with a clumsy and bad-faith attempt to game this AfD, I don't think there can be any decision but to delete. Lipsticked Pig 17:41, 14 July 2007 (UTC)
 * That was me, forgot to log in. Anyways the article wasn't about me.  It wasn't self-promotion. If that had been my intent, I am sure I could have done better but it wasn't.  It was the beginning of a very innocuous article that I had hoped would grow out of time.  I never got a chance to work on it any more because the deletion request happened in 24 hours,  There is nothing in the entry that is in any way different from any other Computer Security entry.  The point everyone continues to make, even after I offered to recind, is not enough Google hits.  The article itself is perfectly fine and not promotional.  So calm down, go relax and let's all get some real work done.  This has gone beyond ridiculous.  I never imagined so many people would get so bent out of shape.  Makes me wonder what the driving factors are.  Seems a lot of "guilty until proven innocent" going on.  I hope others who are first time contributors to Wiki get more support and less attack. Be well" ishisaka 14:00 15, July 2007
 * The above discussion is preserved as an archive of the debate. Please do not modify it. Subsequent comments should be made on the appropriate discussion page (such as the article's talk page or in a deletion review). No further edits should be made to this page.