RE: Consumer Reports Slammed for Creating 'Test' Viruses

[Drsolly <drsollyp () drsolly com>]

On Sat, 19 Aug 2006, Larry Seltzer wrote:

> > > People think they write the viruses, people think they deliberately
> hype the problem, people think that AV products should be made so they
> don't need updates. 
>
> I first heard this rumour back in 1989. Vendors back then were
> explicitly competing based on the number of viruses they protected
> against, and there were rumors of shady consultants who did "black ops"
> for the vendors. I'm sure Dr. Solly knows all about this. 

Actually, I don't. This is the first time I've heard a rumour about shady
consultants who did "black ops" for the vendors. The rumours I've always 
heard are much simpler "I bet the AV companies write a lot of these 
viruses, or pay to have them written."

I'd get asked that at just about any conference. So often, that I
developed a standard answer. "A) If I do that and get caught, then I get
put in prison, and B) why the hell (heck for delicate USA audiences) would
I pay someone to do what dozens of kids are doing for free?, and C) I'm
not going to use the "it's unethical" argument becuase a dishonest person
would claim to be honest."
 
> The rumors had a lot more logic to them back then than they do now.
> What's the competitive value of protecting against the marginal Bagle
> variant?

They had no logic then. All the AV folks I knew, were at full stretch just
keeping up with the freebie viruses, why would we waste our programming
time writing more? Plus the "if you're caught you go to jail" argument,
means that using a consultant to do this would be *really* stupid.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.