Other issues in this category (38)
Share anti-virus software, not malware
Friday, October 14, 2016
We begin with a quotation, which may sounds great to some, but has nothing to do with reality:
This is an unethical, messy world where people are continuously getting infected! If one doctor’s prescription doesn’t work, you have to go get another prescription from another doctor and pay all over again to try to get well. And, this is when things get interesting, because even if that last doctor you go to has indeed discovered the source of your infection and has managed to find a cure for it, they won’t necessarily be sharing that cure with everyone else, since now it’s their “bread and butter”, their chance to make money. By sharing a sample of the virus or the cure with colleagues, the doctor would lose a large chunk of revenue, but could help a large number of infected people. And this is the problem in a nutshell. After discovering a new virus sample and creating the cure for it, the doctor won't share them with others because it wouldn’t be profitable.
Moreover, the practice of not sharing samples of viruses and malicious programs creates a dangerous condition for the general public as it compromises public safety and the reputation of the anti-virus industry as a whole. It’s the same as when an FBI agent hides a weapon that was used in a crime, for example a gun or knife, from the police. In this case, it will take longer to catch the criminal.
A computer virus represents the physical evidence of a cyber or computer crime and should not be kept secret by an anti-virus company in order to further their own financial and marketing goals. This is especially true when the failure to disclose or share the existence of a virus puts public safety in danger.
For example, if a person finds a gun that was used to commit a crime, that person can’t take that gun home like some sort of trophy because, by doing so, they’d be obstructing justice.
Of course, finding a virus sample or a collection of malicious programs on the Internet is not difficult. But most of those are already known to anti-virus companies and will most likely be detected successfully. But to test how well websites resist malware attacks, Trojans that can't be detected by anti-virus software are needed. Where can one get them? Of course, from anti-virus companies!
The myth about anti-virus companies creating viruses is so persistent that Doctor Web, as well as other anti-virus vendors, regularly receives requests from companies seeking end-point security solutions for their local networks; Journalists who write reviews for various outlets; Students engaged in research projects. They all ask us to provide something new that anti-viruses won't recognise.
Anti-virus companies provide no samples to anyone. Many of them don’t even employ former hackers because of their moral instability.
The risk to one’s reputation is too great.
Naturally, anti-virus companies also have samples that haven't yet been detected by other anti-viruses. But these are newly received files that must still be analysed. Should we postpone our analysis and risk losing our reputation with our customers?
What do anti-virus companies do with new samples? First, they are sorted—some files we receive aren't malicious. Then the collected samples are processed—some are analysed automatically, others are examined by analysts And then they become available…to other anti-virus companies!
When you select an anti-virus, you’re actually choosing a company that can collect malicious samples promptly and has a streamlined malware-analysis workflow, so that updates are released and delivered to customers as quickly as possible. Some companies may choose to save money by getting samples from market leaders, but why would anyone want to use their solutions if the delay could mean that encryption ransomware gets onto the machines of their business partners?
Anti-virus companies don't give away malware samples, because the samples on their own are useless. Anyone can detect known malware by its signature. Neutralising it in the memory is a whole different story. This requires technologies and ongoing testing costs.
Anti-virus companies never give away virus samples because, sooner or later, they can end up in the hands of criminals—and we are not going to arm them.
The Anti-virus Times recommends
- If you send us a new malware sample, we guarantee that this program won't fall into criminals' hands. Our networks are well protected from their prying eyes.