Are the good guys actually the bad guys???

system · 2008-02-02T23:15:24.000Z

well said polonus. I created this as more of a mixing pot for discussion than actual criticism or conspiracy theory. Hopefully others will add opinions.

bob3160 · 2008-02-02T23:21:57.000Z

Do major antivirus companies really have the general population's best interest at mind??

They have business on their mind and a way to earn a lucrative income. No corporation conducts it's business solely for the best of the general population but for the best interest of their stockholders. Do they perpetuate their own business by introducing their own malware? I highly doubt that scenario.

The ones that actually look for the loopholes do it mainly for profit. Although I do remember many years ago,
that it was considered cool to crash some ones computer. ;D

polonus · 2008-02-02T23:26:41.000Z

Hi philly12,

This is a good theme, and the discussion is valid. It is always better to know the enemy you are up against. And Rafel here makes a good point. It is all about money. If you have a good secret 0-day exploit it can make you or someone else money. Private security firms pay you to get their customers secure against this before others, so they get money. It is information war. You know what the code does, you know your hexes, you know what is the meaning of trust, the meaning of code running unhidden and as system, you knows the ins and outs of the registry, you know what APIS do, you know your weak CGI’s, your traversal exclusion code, etc. etc. It is just like with a hammer, you can build a beautiful statue with it or you can ruin and plunder. It is all out on black and white, the good and the bad. And the most recent malware chapter written now is spelled like G R E E D!

polonus

system · 2008-02-03T11:52:19.000Z

philly12 post:1:

I have always wondered whether antivirus companies are the ones that actually create some of the new viruses spread throughout the world. Think about it, if antivirus companies were able to completely secure a person’s computer, they would not make profits from their paid products because there would be no need for continuous updates.

Now I don’t believe this applies to avast because they offer a fully functioning free version of their product. On the otherhand, companies that start with Kas and Sym (I think you can figure it out) do not offer free products what-so-ever (yes they offer free online scans, but that does not eliminate my following point). If you think about it, these companies RELY on new viruses and adware to infect computers in order to make a profit. They benefit from computer problems that infect people worldwide. To me, this is like taking advantage of someone in an unlucky situation.

So who is to say that some of these major companies aren’t hiring programmers themselves to create new viruses/worms/adware/keyloggers/rootkit/etc. Sony itself created a rootkit not too long ago if people dont remember. Do major antivirus companies really have the general population’s best interest at mind??

I’d like to hear responses, even if you think i’m crazy. Again, this does not apply to avast since avast offers a free version which is almost as good as the paid version.

What a load of poppycock,I can think of lots of companies,who might want to create malware,and criminals too.Can you imagine what it would do to the reputation of an anti virus company if it was revealed they had been releasing new viruses,and it would come out too.You have a vivid imagination,too vivid ;D

igor0 · 2008-02-03T12:33:52.000Z

micky77 post:7:

Can you imagine what it would do to the reputation of an anti virus company if it was revealed they had been releasing new viruses,and it would come out too.

Exactly.
Besides, antivirus companies have a hard time adding (detection of) the samples they get from the wild… why would they create even more work for themselves?

system · 2008-02-03T17:00:36.000Z

igor post:8:

Exactly.
Besides, antivirus companies have a hard time adding (detection of) the samples they get from the wild… why would they create even more work for themselves?

One answer to this would be that the AV company that created it would also create a signature to detect and remove it at the same time. That way it could say that it had the fastest detection for that malware and that it could easily remove it. This seems far fetched though, and i believe what you guys have said makes more sense.

Still though, you can never WIN against malware. It will be a never ending battle.

SpeedyPC · 2008-02-04T03:16:20.000Z

igor post:8:

Exactly.
Besides, antivirus companies have a hard time adding (detection of) the samples they get from the wild… why would they create even more work for themselves?

I’ll tell you why they create even more work for themselves? one word only MONEY! think about about how Norton play their own dirty game

szc · 2008-02-04T13:02:33.000Z

igor post:8:

Exactly.
Besides, antivirus companies have a hard time adding (detection of) the samples they get from the wild… why would they create even more work for themselves?

Well… to keep themselves in business. Money is the key.

system · 2008-02-08T13:38:55.000Z

Hmm i thought AVAST was a for-profit company? In that they are no different from other AV companies

Comodo is a for-profit company but they claim to be different because their ultimate aim is different (they claim to want to make computering safe enough to encourage electronic transactions). They claim AV companies are running a scam, that people pay for protection but when protection fails, the AV companies don’t suffer any monetary loss, so there is no incentive for the AV company to do the best they could.

Personally, I don’t think that antivirus companies are the bad guys in that they create their own malwarebecause enough people do it already for other reasons (for fame in the past, for profit now).

That said some of these companies do hire people with shady pasts , so you could argue that some of the guys in the AV companies used to write malware when they were younger…

polonus · 2008-02-08T15:21:16.000Z

Hi Lusher,

I think that last remark is a misconception, you do not have to be a trained miscreant to become an anti malware expert,

polonus

system · 2008-02-08T23:13:22.000Z

polonus post:13:

Hi Lusher,

I think that last remark is a misconception, you do not have to be a trained miscreant to become an anti malware expert,

polonus

Misconception ? Hardly. i do not say that you have to be a trained “miscreant” to be an anti malware expert,
but rather that AV and other security companies do on occasion hire people who in their youth have dabbled with such things…

Sometimes the companies do it with their eyes open, other times they don’t know about the guy’s shady past… Stuff he did in his youth…when he was experimenting…

polonus · 2008-02-09T00:00:06.000Z

Hi Lusher,

Well I understand that there is a shady grey between a hacker and a pen tester, and that virus writers can be turned into malware experts, as they say it takes a thief to catch a thief. But this is not generally so, I have read a lot about anti-virus experts and they all stressed the point you do not have to write viruses to be a good anti malware expert, I hope the avast team could elaborate on this point, and I think they go for loyalty in the first place. I for one never felt the urge to write harmful code, to analyze it, yes, but that is quite another kettle of fish,

polonus

Dwarden · 2008-02-09T12:28:10.000Z

well most of security companis dont need to do the shady job because there is enough of faulty code and design, insecurity and flaws and ofcourse people who write bad stuff with criminal intent …

system · 2008-02-09T14:27:35.000Z

polonus post:15:

Hi Lusher,

Well I understand that there is a shady grey between a hacker and a pen tester, and that virus writers can be turned into malware experts, as they say it takes a thief to catch a thief.

Think like your enemy. And if one already does more than thinking…

But this is not generally so, I have read a lot about anti-virus experts and they all stressed the point you do not have to write viruses to be a good anti malware expert

Yes, I’m sure you are the only person here who “read a lot”, and the rest of us are ignorant on such matters… I would say one has to not only read (or better yet hear personally what these people say) but also THINK.

Personally I think there is an element of political correctness in all this, and given the current climate even if one has dabbled in such things, you hardly expect them to tell the world they did so. Particularly if doing so gave one an edge , one would hardly be telling their potential rivals/competitors …

I for one never felt the urge to write harmful code, to analyze it, yes, but that is quite another kettle of fish

That probably because you lack the capability of writing code in the first place… lol.

bob3160 · 2008-02-09T14:58:54.000Z

Lusher,
Why are you again trying to start an argument ???
Is it so hard for youto have a sensible discussion ???
Are you again trolling ???
Are you again fishing for a banana ???

polonus · 2008-02-09T15:30:46.000Z

Hi bob3160,

Well all this is going on on assumptions, I am honest that I do not dabble in malicious code, but I do not do that because I cannot write code. You, bob, know from what I did in Flock and Firefox that I can make out some code, and also know how to obfuscate it. But I always did this to enhance security and not to bypass it. Political correctness, and to Lusher I like to say I like to think independantly, and leave others to their independancy. And I do not like these sort of arguments being brought into a web forum discussion. It just is not done, it is not polite, stay on-topic, period,

polonus

RejZoR · 2008-02-09T22:40:09.000Z

That would be almost like accusing pharmaceutical companies of releasing diseases on purpose just so they could sell us the drugs.
It’s just not the case…

system · 2008-02-10T08:52:51.000Z

hmmm…u have a good analogy there rejzor.

system · 2008-02-10T15:58:33.000Z

bob3160 post:18:

Lusher,
Why are you again trying to start an argument ???
Is it so hard for youto have a sensible discussion ???
Are you again trolling ???
Are you again fishing for a banana ???

Bob, no trolling.

To make it clear, I don’t think av companies are writing malware and releasing it cos the advantages of doing so are few. There are already so many threats out there the potential gain of writing a couple and releasing it and having a “cure” faster than the rest is too small to worth the risk.

I do think that some people are extremely naive to believe everything they read, I know for a fact that many “security experts” (real ones not the fake “malware fighters”) started off dabbling with exactly the type of thing they are saying isn’t necessary in their younger days…

Of course if all they say is “doing x isn’t necessary to be an expert”, they probably aren’t lying (though i have a hunch that while it isn’t necessary it might be an advantage), but it does not however imply that they themselves have never done x in the past…

polonus · 2008-02-11T15:28:18.000Z

Hi Lusher,

This is a somewhat older article, but it explains a lot why we are in the situation we are in, where spyware is concerned. They do not want to change the situation really, because it brings enormous amounts of money to those that uphold the status quo. Read it here via this link: http://www.aaxnet.com/editor/edit037.html

polonus

Announcements