Discussion in 'other anti-virus software' started by sg09, May 26, 2011.
it might be contradictory and many people and devloper wont like it here but I dont agree with it and I have proof thats its not correct .. i cant give much disclosure on this though
It makes sense . There are so many viruses made each day I find it's convenient to write viruses and then sell the medicine ^^. It's business. I know there are hackers that write viruses. But so many every day ? I think to make a quantity so high companies of paid individuals can make more viruses than a single bored guy in his appartment.
There may have been a time when I would have believed that anti-virus companies would have done this to sell products (back in the 90's). But at this point they are losing the battle so I doubt they would do this to themselves.
@ Nevis and tekkaman,
Extraordinary claims require an equal quality of evidence. The article makes one important point (as the OP notes in his citation), but the real point would be that to do as you suggest would be both unethical (in the extreme) and potentially criminal. The mere suggestion that an AV company engaged in such activity would severely damage both their reputation and credibility at a minimum with long lasting consequences for their long term viability as a company.
This means that you would have to prove that not only did company "A" create the malware, but also was responsible for distributing same to the wild. There is no incentive for a real security provider to do this and I have never seen this done or even suggested during my own career spanning the past decade...
Doesn't it strike you as suspicious when only one AV detects a threat ? Then after a while the others will follow hehe.
If you know how things work, you don't wonder about that at all.
Companies use honeypots to capture malware and some just happen to capture that very sample faster than competitors. Same thing usually works in reverse the other time.
I hope what you say is true for majority .. i know that its not true 100 % .
we just saw 1 company who engaged in such activity. Obviously the big giants would not leave any easy proof
I would not discuss it more now
I doubt it "officially" happens and is probably not part of the company policy. But nobody can legally control what employees do in their spare time. So if someone slips some money for "unofficial" work, it could very well happen. But in such cases the AV company is not responsible for it (at least not directly).
So, if I consider some ultra-big conspiracy theory, it probably might be happening and nobody but the highest guy up will be knowing about it
But let's get real......there are certain goofups everywhere, it doesn't mean that the company is actively involved in such things. It isn't much of a financial gain for an AV vendor to develop malware. It's similar to dropping a drink on someone's food and then getting accused of being out to "get" him....(which may or may not be true, but in most cases isn't)
more malware is written for mafia, industry espionage and espionage agencies ...
so whole point is moot
Just another reason not to buy antimalware software
Just another reason why I should not rely on signatures.
I don't think anyone would disagree with that. Relying solely on signatures/ blacklists is silly.
Whether it happens or not it doesn't change the fact that malware is here to stay. Politically motivated distribution of viruses (with specific targets in mind) by government officials is increasing (stuxnet is an example), recently a large banking conglomerate in South Korea has been successfully cracked allegedly by North Korean cyber attacks, Chinese cyber attacks to US systems have been going on for a while (nobody knows for sure who is behind them though).
What I'm trying to say is that it is very difficult nowadays to draw a line between what is a criminal source and one paid by a legitimate source for whatever purposes. Experts from large AV companies might have been secretly asked for advice when government agencies need to take action.
Ultimately it doesn't really matter who the source is, because the problem would still be around.
No. When only one detects it then it is usually a false positive. If others follow it is because they are copying the first one.
There was a serious Rising accusation, but I think that's the exception.
A mere suggestion would severely damage reputations and credibility?
I don't think so.
Yes, it does... after more than 5 years there are still users thinking of a certain security vendor having its software calling home secretely. No matter if it was a bug and it was fixed in follow-up versions and no matter if privacy was not violated whatsoever...
Yeap, only case known. It does not make any commercial sense and there are enough viruses around nowadays in need of detection. They don't need to create them ad-hoc... even if they do, the effect will be null and the risk far outweighting the benefits.
Whats this honeypot thing that's being used for malware capture?
'Honeypots are closely monitored network decoys serving several purposes: they can distract adversaries from more valuable machines on a network, they can provide early warning about new attack and exploitation trends and they allow in-depth examination of adversaries during and after exploitation of a honeypot.
Honeypots are a highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering.' link
Or imagine security software companies setting up 'PC's' that function as if common users are using the net while clicking/downloading everything and everywhere (that's most used by the large majority of users).
This way, those PC's will be 'infected' with drive-by malware/trojans, fake-AV's, etc.
They try to catch those malware samples which they haven't seen before so they can write a signature/update their tech if necessary.
There it is, the DUH factor. Maybe they don't code the trojans out there, but they really DO want us to get infected.
The question that should be raised here is whether or not the AV companies hold secret award ceremonies for the malware coders thanking them for their hard work.
"Good Evening, this is the award for the Best Rootkit of 2011 - TDL4 or ZeroAccess"
"And the winner for the Best Rootkit of 2011 goes to.....Blah Blah Blah"
The winning malware coder team then walks up on stage to accept the award (a trophy) with every corporate AV logo in the world stamped on it.
"I'd like to thank my parents for forcing me to learn programming and hacking when I was young rather than practice the piano like my friends."
"I'd also like to thank the AV industry for their continued support by convincing the public that they need their software rather than change their Internet habits and enable Windows security."
"And I'd would really like to thank the public malware help forums of the world for showing us their step-by-step removal methods that has served us well in our dedication to make our future malware releases even better."
*laughter* and *applause*
"Thank you all for your cooperation and good night."
Whether or not they're involved in such activities, as far as I am concerned I'd would be merely speculating. Nothing more.
But, they rely on FUD. I remember the Conficker hype. I remember watching a Symantec's spokesperson in the news telling people to hurry buying their crap, instead of saying what these people could actually do to prevent it.
yeah, yeah, people making similar claims are a dime a dozen, but they never actually prove it. they always have some excuse for why they can't name names.
here's an example of why making a claim like that is so utterly useless: i have proof that you're actually an alien from another planet. documented evidence, video of your arrival, the works. i can't disclose it though.
we both claim to have proof of our respective claims. at least one of us is full of it. unless we disclose the proof we claim to have and allow it to be analyzed, there's no way for anyone to know who's claim is credible and who is full of hot air.
a) there isn't that much unique malware being created. the article gives a number, but that number is almost certainly the number of distinct samples, not the number of unique malware instances. server-side polymorphism can pump out thousands of samples of the same malware that are each slightly different from one another.
b) it's definitely paid individuals making the lion's share of the malware, but those paid individuals are not in the anti-malware industry. maybe you weren't aware of this, but there are all sorts of different criminal enterprises that can be performed with malware. that means the malware creators are getting paid, and paid handsomely, without any involvement from the anti-malware industry whatsoever.
uuuhhh, no. why would that strike anyone as suspicious? for every piece of malware, somebody's got to be the first to find it. the malware doesn't magically appear in every company's inbox at the same time.