Are the good guys actually the bad guys???

system · 2008-02-02T22:28:31.000Z

I have always wondered whether antivirus companies are the ones that actually create some of the new viruses spread throughout the world. Think about it, if antivirus companies were able to completely secure a person’s computer, they would not make profits from their paid products because there would be no need for continuous updates.

Now I don’t believe this applies to avast because they offer a fully functioning free version of their product. On the otherhand, companies that start with Kas and Sym (I think you can figure it out) do not offer free products what-so-ever (yes they offer free online scans, but that does not eliminate my following point). If you think about it, these companies RELY on new viruses and adware to infect computers in order to make a profit. They benefit from computer problems that infect people worldwide. To me, this is like taking advantage of someone in an unlucky situation.

So who is to say that some of these major companies aren’t hiring programmers themselves to create new viruses/worms/adware/keyloggers/rootkit/etc. Sony itself created a rootkit not too long ago if people dont remember. Do major antivirus companies really have the general population’s best interest at mind??

I’d like to hear responses, even if you think i’m crazy. Again, this does not apply to avast since avast offers a free version which is almost as good as the paid version.

polonus · 2008-02-02T23:01:02.000Z

Hi philly12,

Somehow it is attractive thinking, if you are into conspiracy thinking. And I think a lot of Americans and also some at the other side of the Atlantic (although far less in number) share this tendency. But I think when the number of malware thrown into the live arena now runs well into 6 million, this cannot be true. And where is this malware being launched from? Recently the malcreants were known to be driven by cybercriminals mainly. Do you think that the major av-software vendors, that originate mainly from the secret services of their communities, have a hand in this. I throw that far from me. And let us demonstrate that by an analogy from quite another area, the open source browser software. Do you think the Mozilla community is making up all the bugs to be patched, so that Mr. Maone with his code for NoScript can protect us against this vulnerabilities. Not very likely.
If the main line of defense is security through obscurity and the malware we have to-day is inherent to the nature of the way the M$ was built and coded, you are much closer to the truth.
Yes there are people entering into malware every day, but they prey on the ignorance of people that do not know how to keep their computers malware free. I have been here on this forum for quite some time, and apart from an initial tracking cookie I haven’t encountered any malware all that time, and that is not only because I use avast, but because of the education I got here.
If you put people behind a keyboard that know as much about computing as a cardriver that cannot measure his oil properly or knows how to change a wheel around, you are bound for mishaps and mishap will happen, maybe that is what the big av companies fail to do and that is the strong side with avast and our fine forum, we educate,

polonus

system · 2008-02-02T23:03:23.000Z

Are police creating new bad boys?. If there aren’t bad boys, police has got no sense.
PC user info is money, and companies’ info…?
You must think : Credit card numbers, PIN accounts bank…

system · 2008-02-02T23:15:24.000Z

well said polonus. I created this as more of a mixing pot for discussion than actual criticism or conspiracy theory. Hopefully others will add opinions.

bob3160 · 2008-02-02T23:21:57.000Z

Do major antivirus companies really have the general population's best interest at mind??

They have business on their mind and a way to earn a lucrative income. No corporation conducts it's business solely for the best of the general population but for the best interest of their stockholders. Do they perpetuate their own business by introducing their own malware? I highly doubt that scenario.

The ones that actually look for the loopholes do it mainly for profit. Although I do remember many years ago,
that it was considered cool to crash some ones computer. ;D

polonus · 2008-02-02T23:26:41.000Z

Hi philly12,

This is a good theme, and the discussion is valid. It is always better to know the enemy you are up against. And Rafel here makes a good point. It is all about money. If you have a good secret 0-day exploit it can make you or someone else money. Private security firms pay you to get their customers secure against this before others, so they get money. It is information war. You know what the code does, you know your hexes, you know what is the meaning of trust, the meaning of code running unhidden and as system, you knows the ins and outs of the registry, you know what APIS do, you know your weak CGI’s, your traversal exclusion code, etc. etc. It is just like with a hammer, you can build a beautiful statue with it or you can ruin and plunder. It is all out on black and white, the good and the bad. And the most recent malware chapter written now is spelled like G R E E D!

polonus

system · 2008-02-03T11:52:19.000Z

philly12 post:1:

I have always wondered whether antivirus companies are the ones that actually create some of the new viruses spread throughout the world. Think about it, if antivirus companies were able to completely secure a person’s computer, they would not make profits from their paid products because there would be no need for continuous updates.

Now I don’t believe this applies to avast because they offer a fully functioning free version of their product. On the otherhand, companies that start with Kas and Sym (I think you can figure it out) do not offer free products what-so-ever (yes they offer free online scans, but that does not eliminate my following point). If you think about it, these companies RELY on new viruses and adware to infect computers in order to make a profit. They benefit from computer problems that infect people worldwide. To me, this is like taking advantage of someone in an unlucky situation.

So who is to say that some of these major companies aren’t hiring programmers themselves to create new viruses/worms/adware/keyloggers/rootkit/etc. Sony itself created a rootkit not too long ago if people dont remember. Do major antivirus companies really have the general population’s best interest at mind??

I’d like to hear responses, even if you think i’m crazy. Again, this does not apply to avast since avast offers a free version which is almost as good as the paid version.

What a load of poppycock,I can think of lots of companies,who might want to create malware,and criminals too.Can you imagine what it would do to the reputation of an anti virus company if it was revealed they had been releasing new viruses,and it would come out too.You have a vivid imagination,too vivid ;D

igor0 · 2008-02-03T12:33:52.000Z

micky77 post:7:

Can you imagine what it would do to the reputation of an anti virus company if it was revealed they had been releasing new viruses,and it would come out too.

Exactly.
Besides, antivirus companies have a hard time adding (detection of) the samples they get from the wild… why would they create even more work for themselves?

system · 2008-02-03T17:00:36.000Z

igor post:8:

Exactly.
Besides, antivirus companies have a hard time adding (detection of) the samples they get from the wild… why would they create even more work for themselves?

One answer to this would be that the AV company that created it would also create a signature to detect and remove it at the same time. That way it could say that it had the fastest detection for that malware and that it could easily remove it. This seems far fetched though, and i believe what you guys have said makes more sense.

Still though, you can never WIN against malware. It will be a never ending battle.

SpeedyPC · 2008-02-04T03:16:20.000Z

igor post:8:

Exactly.
Besides, antivirus companies have a hard time adding (detection of) the samples they get from the wild… why would they create even more work for themselves?

I’ll tell you why they create even more work for themselves? one word only MONEY! think about about how Norton play their own dirty game

szc · 2008-02-04T13:02:33.000Z

igor post:8:

Exactly.
Besides, antivirus companies have a hard time adding (detection of) the samples they get from the wild… why would they create even more work for themselves?

Well… to keep themselves in business. Money is the key.

system · 2008-02-08T13:38:55.000Z

Hmm i thought AVAST was a for-profit company? In that they are no different from other AV companies

Comodo is a for-profit company but they claim to be different because their ultimate aim is different (they claim to want to make computering safe enough to encourage electronic transactions). They claim AV companies are running a scam, that people pay for protection but when protection fails, the AV companies don’t suffer any monetary loss, so there is no incentive for the AV company to do the best they could.

Personally, I don’t think that antivirus companies are the bad guys in that they create their own malwarebecause enough people do it already for other reasons (for fame in the past, for profit now).

That said some of these companies do hire people with shady pasts , so you could argue that some of the guys in the AV companies used to write malware when they were younger…

polonus · 2008-02-08T15:21:16.000Z

Hi Lusher,

I think that last remark is a misconception, you do not have to be a trained miscreant to become an anti malware expert,

polonus

system · 2008-02-08T23:13:22.000Z

polonus post:13:

Hi Lusher,

I think that last remark is a misconception, you do not have to be a trained miscreant to become an anti malware expert,

polonus

Misconception ? Hardly. i do not say that you have to be a trained “miscreant” to be an anti malware expert,
but rather that AV and other security companies do on occasion hire people who in their youth have dabbled with such things…

Sometimes the companies do it with their eyes open, other times they don’t know about the guy’s shady past… Stuff he did in his youth…when he was experimenting…

polonus · 2008-02-09T00:00:06.000Z

Hi Lusher,

Well I understand that there is a shady grey between a hacker and a pen tester, and that virus writers can be turned into malware experts, as they say it takes a thief to catch a thief. But this is not generally so, I have read a lot about anti-virus experts and they all stressed the point you do not have to write viruses to be a good anti malware expert, I hope the avast team could elaborate on this point, and I think they go for loyalty in the first place. I for one never felt the urge to write harmful code, to analyze it, yes, but that is quite another kettle of fish,

polonus

Dwarden · 2008-02-09T12:28:10.000Z

well most of security companis dont need to do the shady job because there is enough of faulty code and design, insecurity and flaws and ofcourse people who write bad stuff with criminal intent …

system · 2008-02-09T14:27:35.000Z

polonus post:15:

Hi Lusher,

Well I understand that there is a shady grey between a hacker and a pen tester, and that virus writers can be turned into malware experts, as they say it takes a thief to catch a thief.

Think like your enemy. And if one already does more than thinking…

But this is not generally so, I have read a lot about anti-virus experts and they all stressed the point you do not have to write viruses to be a good anti malware expert

Yes, I’m sure you are the only person here who “read a lot”, and the rest of us are ignorant on such matters… I would say one has to not only read (or better yet hear personally what these people say) but also THINK.

Personally I think there is an element of political correctness in all this, and given the current climate even if one has dabbled in such things, you hardly expect them to tell the world they did so. Particularly if doing so gave one an edge , one would hardly be telling their potential rivals/competitors …

I for one never felt the urge to write harmful code, to analyze it, yes, but that is quite another kettle of fish

That probably because you lack the capability of writing code in the first place… lol.

bob3160 · 2008-02-09T14:58:54.000Z

Lusher,
Why are you again trying to start an argument ???
Is it so hard for youto have a sensible discussion ???
Are you again trolling ???
Are you again fishing for a banana ???

polonus · 2008-02-09T15:30:46.000Z

Hi bob3160,

Well all this is going on on assumptions, I am honest that I do not dabble in malicious code, but I do not do that because I cannot write code. You, bob, know from what I did in Flock and Firefox that I can make out some code, and also know how to obfuscate it. But I always did this to enhance security and not to bypass it. Political correctness, and to Lusher I like to say I like to think independantly, and leave others to their independancy. And I do not like these sort of arguments being brought into a web forum discussion. It just is not done, it is not polite, stay on-topic, period,

polonus

RejZoR · 2008-02-09T22:40:09.000Z

That would be almost like accusing pharmaceutical companies of releasing diseases on purpose just so they could sell us the drugs.
It’s just not the case…

Announcements