How many viruses are made by anti-virus companies?

Discussion in 'other anti-virus software' started by sg09, May 26, 2011.

Thread Status:
Not open for further replies.
  1. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    seeing as how i was once contacted by a representative of an AV company looking for assistance getting a particularly vocal virus writer put behind bars, i can assure you they don't reward malware coders - at least not the way you're thinking.

    that being said, mcafee's partnership with hbgary (in light of the revelation that hbgary wrote and sold malware to the government for large sums of money) could arguably be called a kind of reward for malware coders. i rather doubt the partnership was actually given to them in return for writing malware code, however.

    frankly, the broader security community is more likely to reward people for writing some novel bit of malware. the reward in that case, however, is usually respect, social status, fame, etc. they like to call those people researchers.
     
  2. FlimFlam

    FlimFlam Registered Member

    Joined:
    May 23, 2011
    Posts:
    42
    kwismer -

    The majority of my post was tongue in cheek as I don't believe there is a conspiracy going on.

    But it is fun to wonder how the corporate AV industry really views malware.
     
  3. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    These criminals have no problem destroying the credit of millions of innocent people, what do you think they would do with a paper trail linking them to an AV company? There would be an extortion letter sent out about 5 seconds after the first payment was received.

    Either ethics or impossible to balance cost:benefit analysis prevent this from ever happening.
     
  4. FlimFlam

    FlimFlam Registered Member

    Joined:
    May 23, 2011
    Posts:
    42
    Regardless of the accusations of corporate induced malware, antivirus as sole security method is dead.

    If a salesman from a major name-brand antivirus company comes up to you and says “All your Windows protection lies within the walls of our software” and you believe it….

    ….that’s when two fools just met. ;)
     
  5. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    Easy answer. Just think about it. With the huge flood of new malware families (not only unique samples) every day, there is no financial benefit to detect just 1 additional malware family. Nobody would care. No way to get additional customers. Actually, the AV companies would be happy if there would be LESS new malware every day.

    But that's something people seem to like to believe and no matter what you tell them, they keep coming up with that myth that AV creates their own viruses.
    As they do like to believe that most of the AV programs today still only use plain signatures for detection. o_O
     
  6. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    y'know what i wish was dead? the idea that anti-virus was just a single technology. there's already a word for that one single technology people mean when they erroneously use "anti-virus", it's "known malware scanning".

    anti-virus includes many different technologies. every technology that can be used to prevent or detect virus infection is anti-virus. it amazes me that people have never heard of an anti-virus suite - especially since they date back to the early 90's.
     
  7. FlimFlam

    FlimFlam Registered Member

    Joined:
    May 23, 2011
    Posts:
    42
    Kurt,

    I was referring to the traditional corporate 'add-on' solution as a cure-all.
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Can you elaborate? Because you can google "antivirus" and you'll get things like Avast! or Avira or MSE. All of which are "dead tech."
     
  9. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    Seriously? Avira has at least a behaviour blocker in the paid versions (although I don't know how well it works), Avast! has an automatic sandbox in all versions (and a manual one in the paid versions), Avast! also has a behaviour blocker etc. in addition to them both having very good detection. Far from "dead tech" IMO.

    About the subject, I think the dozens of thousands of malware samples keep the security companies busy enough without them having time or need for developing their own malware. It also wouldn't be worth the risk of getting noticed.
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Heuristics/ behavioral blockers are nice but they're still

    1) Assuming you have malware
    2) Detection and not prevention

    Sandboxing in Avast! is very nice. It's features like that that are why AV's are still around, because if they were still just basic blacklists they'd be terrible lines of defense.
     
  11. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
  12. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    oooOOOooo. "solution" - that's another thing i wish would die.

    security "solution"s don't solve security problems. at best they solve business problems (maybe). "solution" is both one of the most ubiquitous and misleading terms out there.
     
  13. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    So at this point what's bothering you is semantics?
     
  14. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    the first anti-virus is nothing like what people think of when they use the term anti-virus today. scanning, integrity checking, behaviour blocking, sandboxing, etc. are all anti-virus - they just don't get marketed that way because the public has come to expect anti-virus only means scanner.

    i think it's you who needs to elaborate, though - specifically on the meaning of "dead tech".

    most of the time when people say AV is dead, they're specifically referring to the practice of relying exclusively on known-malware scanning. the technology is still plenty useful.

    these two points make me suspect that you are using the tools wrong. detecting that an object is malware before it has a chance to run is most definitely prevention.

    "basic blacklists" is a gross oversimplification. no scanner is just a basic blacklist anymore - and that's ignoring heuristic engines and behaviour blocking, which you just lumped into the mix.

    neither heuristics nor behaviour blocking qualify as "basic", and behaviour blocking isn't even necessarily blacklist-based. not only is it possible to implement behaviour blocking in whitelist mode, but since application whitelists are basically the degenerate case of behaviour blockers (they block exactly 1 behaviour - execution), whitelist behaviour blockers are rather well known (even if they aren't recognized for what they are).
     
    Last edited: May 31, 2011
  15. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    no, what's bothering me is a lie that's been repeated so many times over the past 20+ years that our very language is steeped with terms and phrases that convey false hope in fictitious things.
     
  16. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    702
    Hungry Man, maybe you could enlighten us and tell which security technology is real malware prevention according to your point of view?

    And what is the difference between "detection" (before a malware gets executed) and "prevention"?
     
  17. BenMar522

    BenMar522 Registered Member

    Joined:
    Mar 12, 2010
    Posts:
    67
    Although I'm sure this is plausable...no reputable AV company would consider doing this.

    I do wonder how so many strains of malware can be produced everyday?

    Regards

    BenMar
     
  18. kwismer

    kwismer Registered Member

    Joined:
    Jan 4, 2008
    Posts:
    240
    server-side polymorphism. the strains are generated algorithmically. sometimes a new strain is generated every few hours or minutes or seconds, sometimes a different strain is generated for each IP address that connects to the server handing out the malware, sometimes it's a different strain for every connection.
     
  19. BenMar522

    BenMar522 Registered Member

    Joined:
    Mar 12, 2010
    Posts:
    67
    Thank you for your insightful reply.:thumb:

    BenMar
     
  20. FlimFlam

    FlimFlam Registered Member

    Joined:
    May 23, 2011
    Posts:
    42
    Really? What does that mean? You don't like to create solutions? I viewed your interview from the Panda Security Summit. You were wonderful!
     
  21. FlimFlam

    FlimFlam Registered Member

    Joined:
    May 23, 2011
    Posts:
    42
    Hello Stefan!

    It's an honor, sir.

    Could you enlighten us and tell which security technology is real malware prevention according to your point of view?

    And what is the difference between "detection" (before a malware gets executed) and "prevention"?
     
  22. Ibrad

    Ibrad Registered Member

    Joined:
    Dec 8, 2009
    Posts:
    1,970
    Dead tech? I am really interested in what the current "in-tech" is for computer security then. Because when I talk to even the least techie person I know they know they should always have an antivirus program installed like the ones you mentioned.

    Also AV companies are not just standing still as the malware comes in, I doubt any of the well known AV vendors rely on blacklisting only. I think a majority of people just call it scanner because that's how they started. Most of the time the "scanners" include cloud tech, behavior blocking, code emulation, generic signatures, and heuristics. None of those are near "basic" and the computer security engines keep on advancing.

    @FlimFlam

    I am not Stefan and no where as near as much experience I'd like to comment on the question:

    And what is the difference between "detection" (before a malware gets executed) and "prevention"?

    The way I view it is that detection is that it means the file is detected before the file is executed. Say I download a file x.exe my AV would popup and say it detected the file as trojan.randomname.abc. Now if my AV did not "detect it" when I executed it but the behavior blocked stopped it from preforming malware behavior and then killed the file I would have said it prevented the infection. Now that's just how I have viewed it, most likely their is a different way to describe it.
     
  23. Judge Dee

    Judge Dee Guest

    How about not deflecting the question asked you.
    You're throwing charges around, so answer him please.
     
  24. FlimFlam

    FlimFlam Registered Member

    Joined:
    May 23, 2011
    Posts:
    42
    Judge Dee, your honor, I apologize for asking the question. If the court will permit, I'd like to ask the defendant the question again, if I may.

    Stefan Kurtzhals,

    Could you enlighten us and tell which security technology is real malware prevention according to your point of view?

    And what is the difference between "detection" (before a malware gets executed) and "prevention"?
     
  25. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    You're forgetting about real-time scanning, download/website blocking, sandboxing, and whitelisting.

    Those 2 questions were aimed at Hungry Man, not anyone else.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.