Is it true that some viruses are also made by anti-virus company?

One of my friend a computer sales agent at one time said to me that some of those viruses are also being made by anti-virus company released into the wild in order for their products to sell like hot cakes.

I'm just wondering if this really true, coz in truth, they're also the one who knows more better than anyone else about virus. Isn't it?

 

An ex Symantec guy I know chuckles at those rumors, and basically summed it up thus: "If Antivirus companies wrote viruses, watch out - they'd get straight through, be professionally engineered and well tested."

Whether or not you believe the bravado of the AV companies having all of the knowledge about such things, as LWM pointed out - any company that did something like that would be destroyed, overnight.

Assuming it came to light, if "XYZ Company" released a virus, what would happen...

Well, global news for a start.
A halt in sales, overnight.
Refund requests from their customers.
Criminal Charges.
Attacks from vigilantes
Compensation claims from victims - each time a virus is unleased, damages are claimed to be "in the billions".

So, having thoroughly destoyed the company, one could also expect:

Jail time
Shareholder suits for destroying all value in the company.
Never working again in the industry?

All it would take is ONE person to let this out with proof.

On a straight cost/benefit analysis when you have a potential upside of a few additional percentage points. Potential downside - complete destruction of your business, career, personal life.

There is no value for them, and only risk.

 

Well maybe AV companies did this ages ago when viruses were still emerging (i'm not saying that they really did this, just assuming!).
But today people want to have the biggest army of bots and worms. And this way AV companies really don't have to write malware because there is thousands of people writing malware every day worldwide.

 

Let me sum up what others already have

As mentioned before, it would be a serious business risk for any company to indulge in any such "conspiracy". If the news ever leaks out.......oops.

So, this is just plain BS and there is no such conspiracy.

 

Well the scientific stance is of course to remain agnostic.

Maybe they write, maybe they don't.

Of course, with the risk of being caught, all the repercussions and no need to really write them yourself (freelancer malware writers do enough them, thank you), it's highly highly unlikely.

Still, nobody can prove that they are NOT writing them.

Just like it's pretty hard to prove that there's no intelligent life outside our athmosphere. or that god(s) do(es) not exist.

Don't get stuck in a dogma, either way. Remain open, look at the evidence, evalute it. Be critical.

 

Hi halcyon,

Still, nobody can prove that they are NOT writing them
Which is impossible to do which is why ideas like this survive.

Scientific reasoning and logic apply to the natural/physical world.

So I'm not agnostic about this sort of thing where a different "logic" applies - that of human emotions and motivations.

Regards - Charles

 

Human beings are incapable of deceit and unfair business practices. I trust all humans.

 

Not the issue.

The issue is the tendency of humans to babble and the consequences of getting caught.

Regards - Charles

 

Oh no, the issue is for humans to be wise enough to realise the consequences of being caught and to resist the tempetations of doing wrong.

 

Would you like to buy a bridge?

 

I don't believe in the "virus conspiracy theory" either, although the AV companies sell alot more AV's than usual, after a major outbreak of a new damaging virus in the world, but that is pure accidental.

BUT I strongly believe in the "adware conspiracy theory" to make personal advertising on PC possible in the future, just like general advertising on TV.
The users convicted adware/spyware already, but the Anti-Spyware Coalition (ASC) was established to make new adware/spyware definitions.
Why does the USER need new adware/spyware definitions ?
The users want only ONE thing : NO adware/spyware on PC and you don't need ASC to make that possible.
ASC means Anti-Spyware Conspiracy

 

It is so easy to write Windows viruses, and there is so much financial motivation to produce and install malware that no legit AV company would ever have to bother to write viruses. Everyone else is doing it for them.

There was one individual who got caught installing spyware in drive-by downloads and then selling a program to remove it for $30.

 

Pavel from Alwil (avast! antivirus) on the same subject, 1 1/2 year ago:
http://forum.avast.com/index.php?topic=3680.msg26393#msg26393

 

All I want to know is, did someone push Humpty Dumpty?

 

To come back to the topic - most of the AV companies REQUIRING a statement that you didn't write any malware before you get employed.
I mean even without that, you would expect that nobody who kills the fire with water will burn down in his free time a few houses just to make use of his water.

Next thing is the risk would be far to high that some other av company finds out who wrote it. Based on malware samples a good analyst can tell you how skilled the malware author is. And just believe me - no recent sample does match the skills of an even moderate skilled av expert. They are full of bugs and technical design mistakes - only taking advantage of public available vulnerabilities, like Mytob or Zotob worms. That's nothing advanced. A very few "interesting" things exist, like the Bakaver virus with EPO, but oh well - even this virus is easy to find if it would be a real threat. It takes an antivirus researcher a few min to provide a detection even for complex malware - but it takes the malware author months ( if not even years ) to write a real complex virus. It's not worth it. Most virus writers dropped ther "hobby" because of this fact. And what do we see now? Crappy malware which could be developed by every 12 year old individual. That's it. Times of interesting malware, such as ZMist, Driller, ETAP etc are over. Spyware and other money-making nasties holding close the line. Money making Nasties for spammers. Doesn't matter if it's a worm who drops IRCBot's or if it's a spammed trojan downloader who installs another IRCBot - that's basicly all stuff to use other machines for spamming and advertising for free!

 

Why would skill come into it? The purpose is to get scary headlines, to scare noobs, that is more an artifact of antivirus companies choosing to hype up threats and less the expertise of the virus writer.

Assuming we are talking about people who's motivation is to score up AV sales, I don't see why they would only write innovative interesting advanced malware. Much more efficient to write tons of solid malware that work than spend months writing one.

 

And what's the point of this? You would boost the competition as well with this. Besides, almost every AV company has some side business like firewall, spam protection etc. According to your conclusion a AIRBAG company would also put trees along the street isn't it?

Or a doctor hires a few bandites in his local area to hurt a few people to improve his business. That's just in plain words silly.

 

What is the point of this has being discussed already. As for boosting the competition as well, that's unavoidable, but so what? everybody wins is better than if nobody wins right?

Only true nowdays. Besides in such businesses, they have other aims and agendas, finding security exploits in windows for example to justify their existence

If they knew they could get away with this and were unethical maybe.

 

Based on your "facts" i see really no reason to waste more time in such a nonesense discussion. Do you really think we have nothing else to do than shooting in our own ass? Just guess who gets called during the night if there is a new important virus? And i can guarantee you that i would cut off the balls of this guy who wrote this virus, worm or whatever when i would know where he lives.

 

Why? Would cutting off their balls, make them unable to write more virus?

Besides why so angry? according to you it takes only "minutes" to write a detection routine.

 

It won't stop him to create new viruses, but it will stop him to create new virus writers.

 

I have heard the same thing in the past and also which ever company released the fix the soonest was most likely the one responsible as they already had a fix ready to go.

I also heard that in China in one of the required school courses teaches students how to make trojans and viruses, they need to make one, release it in to the wild, and are then graded depending on how well it proliferates and how much damage it causes.

 

What you heard concerning China is utter nonsense as they would damage their own economy. And as far as an evil cabal of Av companies conspiring against an unsuspecting world to boost their profits? I'm sure some ex Av companies employee with a grudge would have spilled the beans by now.

 

It's the timing of the call not the work involved I'm sure. Three AM for instance would be lousey.