The Anti-Virus Industry

Recently, Consumer Reports decided to put the various anti-virus software to the test…

Using outside technical resources at ISE (Independent Security Evaluators), six categories of known viruses were used to provide the base from which 5,500 new variants were created.

The testing methodology had the goal of reflecting real-world conditions: not by testing against known viruses with already known and released signatures, but rather by testing how well that anti-virus software could detect suspicious behavior of executing code [also known as heuristic virus checking].

Both methods of detecting and preventing viruses have their shortcomings…

  • The process of updating virus signatures can take a few days, and does depend on some end-users getting infected. Testing against this method does nothing but provide the average signature update time — which tends to be about the same for all the anti-virus companies.
  • Heuristic detection methods tend to be somewhat generic in nature and do return a number of false-positives (eg., Word and Excel files that contain macros). To balance the results, Consumer Reports also tested this detection method by scanning more than 100,000 clean files.

Now, there is nothing about the above that is news worthy — except this bit from Microsoft, McAfee, Symantec, Fortinet, Kaspersky, NOD32, F-Secure, BitDefender, the various Anti-virus Labs and Security firms, Prudential, Boeing, 3M, Unisys, Trend-Micro, and more [in relation to the Consumer Reports test]…

The more than 100 signatories of this public letter, all security professionals with years of experience in dealing with computer viruses, and who work in all sectors, wish to express their whole-hearted support of the following principle:

It is not necessary and it is not useful to write computer viruses to learn how to protect against them.

I understand the industry is largely incompetent, but to put this out so blatantly… I have to admit, is a bit surprising.

And for those that subscribe to the idea that… It is necessary and it is useful to write computer viruses to learn how to protect against them… Here are a few links…

The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project is a powerful tool for penetration testing, exploit development, and vulnerability research.

Rootkits are powerful tools to compromise computer systems without detection. Learn why virus scanners and desktop firewalls are not enough. Learn how attackers can get in and stay in for years, without detection.

In other related news…

  • The anti-virus industry cries foul at Microsoft for “locking-down” the upcoming ‘Vista’ operating system — claiming that 3rd party anti-virus solutions will be unfairly treated and locked out.
  • Microsoft is accused of profiting and taking advantage of the problems they have created with insecure software, as Microsoft releases their own anti-virus solution — Windows Live OneCare.

By the way, all the tested anti-virus solutions somewhat failed, with the best being BitDefender. Some brands were not tested, like NOD32… Which has come highly recommended in the past. And surprisingly, both BitDefender and NOD32 are listed as signatories on the public letter.