The existence of a malware business as proof of the incapacity of the security industry
Myths live their own, special life. Some of them die, and not having time to really be born. Some of them eke out a miserable existence somewhere on the outskirts of human consciousness. But some seize the minds of the masses so that they outweigh all sorts of reasonable arguments against the myth.
Have you ever heard from your relatives, acquaintances, or simply oncoming people that the firemen themselves set fire to the buildings, which they then fearlessly extinguish? However, every time when people who are very far from the sphere of information security find out that I work in this field, a mandatory question, which I invariably hear, sounds something like this: "Is it true that antivirus companies make viruses themselves?".
')
Why is that? What's the matter? After all, neither firefighters, nor representatives of other professions in such a "sabotage" is not celebrated. Only representatives of the antivirus industry. The answer, I believe, is as follows. The antivirus industry in its current state does not want to deal with the business of malicious software to the extent that is necessary. Of course, we can recall the recent shutdown by Microsoft of the Rustock botnet control centers, as well as Arborâs efforts in the same direction. But do you know precedents when modern wars were won by successful counterattacks? In the authorâs memory there were no such cases ...
Look here - Mr. X has a âgoodâ antivirus Y on his work computer, which the seller of a large store advised him. He already read about this antivirus in his beloved daily newspaper, and this brand was repeatedly mentioned on news forums. Antivirus subscription is paid, the operating system is legal and constantly updated. Mr. X is absolutely sure that nothing will happen to his documents and photos, because they are under the reliable protection of antivirus Y, as he was assured by the seller and the newspaper, etc.
But one day, turning on the computer, Mr. X came to a complete bewilderness, bordering on shock. All important documents and photos turned out to be encrypted, and a little note appeared on the desktop (grammar and punctuation saved). âAll your docks are encrypted. To decipher them does not get. If you want to get everything back, send 1000 WMR to the Rxxxxxxxxxxxxxxxx wallet and I will send you a debriefing agent. â The antivirus burns with a green light and reports that nothing malicious has been found on the computer. "How so! That shouldn't have happened! My documents! Photo! Why did the antivirus keep silent ?! Heâs good, he shouldnât have allowed it !!! â- Mr. X thinksââ means, this virus was written by competitors from another anti-virus laboratory in order to sell me my own product, which, of course, this virus is already catching. This is logical. Yes, Mr. X, that sounds very logical. But this is not true. Do you know why? Because three mistakes have crept into your logic that are not visible to the average man in the street, whom you are.
Error in the logic of Mr. X number of times. And why are you, in fact, sure that antivirus X is reliable? As well as all its competitors in the market? How reliable are modern antiviruses in general? Turn to the facts. Fact: âEurostat: antivirus does not guarantee protection. Eurostat, the official department of the European Union, which collects statistics, published very interesting data. It turns out in 2010, 84% of Europeans (who participated in the survey) used this or that software from the field of computer security.
At the same time, 31% of respondents admitted that they had encountered the fact that the system was infected with a computer virus (or other variants of malicious code). âHowever, you can always argue that a poll is a subjective thing. Fact: a dynamic test from one of the most respected test laboratories, AV â Comparatives href = http: //chart.av-comparatives.org/chart2.php . The best antivirus presented at the time of this writing (June 2011) has a protection rating of 99.3%. It may seem to a simple inhabitant that this is a good result. But any specialist in the field of anti-virus security, it is obvious that this is a complete fiasco. Why?
Let's do some simple calculations. Every day in the world, according to various estimates, approximately from 30 to 70 thousand unique malicious modules are produced per day. Yes, this is true, according to recent information from the Microsoft Security Center, the lifetime of the malicious module is approximately 4 hours, then the cloud components of the antivirus solutions work and this sample loses all meaning from the point of view of the shadow business. We consider the minimum estimates: 30'000 * 0.7% = 210 viruses that penetrate the protective barriers of antiviruses and cause damage to users of personal computers per day. At the same time, given the exponential growth in the number of malicious files, every year that there will be years, in five years, it will not be difficult for every person familiar with the fundamentals of mathematical analysis to calculate.
In the year we have 76,650 viruses that cause harm. At maximum estimates, the figure doubles to 178,850 threats per year. Thus, even the best representatives of anti-virus software can hardly be recognized as reliable in modern realities. For me personally, the test run of samples of ransomware viruses that were caught just a few minutes after their publication against anti-virus protection was especially revealing: http://malwareresearchgroup.com/2011/07/26/mrg-flash-test -26072011 /
Error in the logic of Mr. X number two. In order to circumvent any antivirus, you do not need to be a professional in programming and features of the implementation of the operating system. It is quite enough to be a good student and not sleep in lectures and practical classes. There is nothing beyond this complicated. Only practice and debugger.
Error in the logic of Mr. X number three. Spreading malicious software (also known as computer viruses) is a highly profitable business. And it was built the same way as any other business in the field of information technology - office, investors, developers, managers, distributors, affiliates, partner programs. Only this is an illegal matter. What is the point of doing such things as a âwhiteâ anti-virus company, risking your reputation if the profitability of antivirus sales is no less, or even more profitable business on malicious software, while everything legally will not knock on the door with a search warrant?
An absurd situation arises on the part of the detached observer. A simple user is sure that viruses are developed by antivirus companies, while continuing to use their products and pay for it, directly or indirectly, giving, in parallel, a âtributeâ to money and computing resources to the shadow business on computer viruses from which antiviruses are unable to protect. Sur, pure sur, isn't it?
The very fact of the existence of a business with malicious software under the conditions of almost total penetration of antivirus solutions on the market proves their incapacity. However, the marketing departments of antivirus companies continue to sing hosannu their products. It would be very strange if they did not do it, everyone would like to eat. And, as long as Mr. X continues to buy antiviruses, nothing will change for him. Maybe he even migrates from antivirus Y to a competing product Z, only after some time the story of computer infection will repeat.
Anti-virus tools are already 25 years old, they are morally obsolete. But why should antivirus companies drastically change something if the old methods and tools fly away from the store shelves like hot cakes? New approaches to protecting against malicious software are already knocking on the door, showing unattainable for antivirus (and so desired by users) results.
For example, the MRG Effitas 0-day malware infection prevention test ( http://malwareresearchgroup.com/malware-tests/flash-test-results/ ) clearly shows that the only sandbox participating in this test easily bypassed all other defenses. This suggests that the inclusion of a constant, default sandbox in the composition of Internet Security class solutions can dramatically reduce the profit rate for âbusinessmen on malwareâ to a level when a bank deposit is more profitable than investing money in the development and promotion of computer viruses.
Have you ever heard from your relatives, acquaintances, or simply oncoming people that the firemen themselves set fire to the buildings, which they then fearlessly extinguish? However, every time when people who are very far from the sphere of information security find out that I work in this field, a mandatory question, which I invariably hear, sounds something like this: "Is it true that antivirus companies make viruses themselves?".
')
Why is that? What's the matter? After all, neither firefighters, nor representatives of other professions in such a "sabotage" is not celebrated. Only representatives of the antivirus industry. The answer, I believe, is as follows. The antivirus industry in its current state does not want to deal with the business of malicious software to the extent that is necessary. Of course, we can recall the recent shutdown by Microsoft of the Rustock botnet control centers, as well as Arborâs efforts in the same direction. But do you know precedents when modern wars were won by successful counterattacks? In the authorâs memory there were no such cases ...
Look here - Mr. X has a âgoodâ antivirus Y on his work computer, which the seller of a large store advised him. He already read about this antivirus in his beloved daily newspaper, and this brand was repeatedly mentioned on news forums. Antivirus subscription is paid, the operating system is legal and constantly updated. Mr. X is absolutely sure that nothing will happen to his documents and photos, because they are under the reliable protection of antivirus Y, as he was assured by the seller and the newspaper, etc.
But one day, turning on the computer, Mr. X came to a complete bewilderness, bordering on shock. All important documents and photos turned out to be encrypted, and a little note appeared on the desktop (grammar and punctuation saved). âAll your docks are encrypted. To decipher them does not get. If you want to get everything back, send 1000 WMR to the Rxxxxxxxxxxxxxxxx wallet and I will send you a debriefing agent. â The antivirus burns with a green light and reports that nothing malicious has been found on the computer. "How so! That shouldn't have happened! My documents! Photo! Why did the antivirus keep silent ?! Heâs good, he shouldnât have allowed it !!! â- Mr. X thinksââ means, this virus was written by competitors from another anti-virus laboratory in order to sell me my own product, which, of course, this virus is already catching. This is logical. Yes, Mr. X, that sounds very logical. But this is not true. Do you know why? Because three mistakes have crept into your logic that are not visible to the average man in the street, whom you are.
Error in the logic of Mr. X number of times. And why are you, in fact, sure that antivirus X is reliable? As well as all its competitors in the market? How reliable are modern antiviruses in general? Turn to the facts. Fact: âEurostat: antivirus does not guarantee protection. Eurostat, the official department of the European Union, which collects statistics, published very interesting data. It turns out in 2010, 84% of Europeans (who participated in the survey) used this or that software from the field of computer security.
At the same time, 31% of respondents admitted that they had encountered the fact that the system was infected with a computer virus (or other variants of malicious code). âHowever, you can always argue that a poll is a subjective thing. Fact: a dynamic test from one of the most respected test laboratories, AV â Comparatives href = http: //chart.av-comparatives.org/chart2.php . The best antivirus presented at the time of this writing (June 2011) has a protection rating of 99.3%. It may seem to a simple inhabitant that this is a good result. But any specialist in the field of anti-virus security, it is obvious that this is a complete fiasco. Why?
Let's do some simple calculations. Every day in the world, according to various estimates, approximately from 30 to 70 thousand unique malicious modules are produced per day. Yes, this is true, according to recent information from the Microsoft Security Center, the lifetime of the malicious module is approximately 4 hours, then the cloud components of the antivirus solutions work and this sample loses all meaning from the point of view of the shadow business. We consider the minimum estimates: 30'000 * 0.7% = 210 viruses that penetrate the protective barriers of antiviruses and cause damage to users of personal computers per day. At the same time, given the exponential growth in the number of malicious files, every year that there will be years, in five years, it will not be difficult for every person familiar with the fundamentals of mathematical analysis to calculate.
In the year we have 76,650 viruses that cause harm. At maximum estimates, the figure doubles to 178,850 threats per year. Thus, even the best representatives of anti-virus software can hardly be recognized as reliable in modern realities. For me personally, the test run of samples of ransomware viruses that were caught just a few minutes after their publication against anti-virus protection was especially revealing: http://malwareresearchgroup.com/2011/07/26/mrg-flash-test -26072011 /
Error in the logic of Mr. X number two. In order to circumvent any antivirus, you do not need to be a professional in programming and features of the implementation of the operating system. It is quite enough to be a good student and not sleep in lectures and practical classes. There is nothing beyond this complicated. Only practice and debugger.
Error in the logic of Mr. X number three. Spreading malicious software (also known as computer viruses) is a highly profitable business. And it was built the same way as any other business in the field of information technology - office, investors, developers, managers, distributors, affiliates, partner programs. Only this is an illegal matter. What is the point of doing such things as a âwhiteâ anti-virus company, risking your reputation if the profitability of antivirus sales is no less, or even more profitable business on malicious software, while everything legally will not knock on the door with a search warrant?
An absurd situation arises on the part of the detached observer. A simple user is sure that viruses are developed by antivirus companies, while continuing to use their products and pay for it, directly or indirectly, giving, in parallel, a âtributeâ to money and computing resources to the shadow business on computer viruses from which antiviruses are unable to protect. Sur, pure sur, isn't it?
The very fact of the existence of a business with malicious software under the conditions of almost total penetration of antivirus solutions on the market proves their incapacity. However, the marketing departments of antivirus companies continue to sing hosannu their products. It would be very strange if they did not do it, everyone would like to eat. And, as long as Mr. X continues to buy antiviruses, nothing will change for him. Maybe he even migrates from antivirus Y to a competing product Z, only after some time the story of computer infection will repeat.
Anti-virus tools are already 25 years old, they are morally obsolete. But why should antivirus companies drastically change something if the old methods and tools fly away from the store shelves like hot cakes? New approaches to protecting against malicious software are already knocking on the door, showing unattainable for antivirus (and so desired by users) results.
For example, the MRG Effitas 0-day malware infection prevention test ( http://malwareresearchgroup.com/malware-tests/flash-test-results/ ) clearly shows that the only sandbox participating in this test easily bypassed all other defenses. This suggests that the inclusion of a constant, default sandbox in the composition of Internet Security class solutions can dramatically reduce the profit rate for âbusinessmen on malwareâ to a level when a bank deposit is more profitable than investing money in the development and promotion of computer viruses.
Source: https://habr.com/ru/post/129024/
All Articles