Get Smart about Business Spending
A new contest to be held at this year's DefCon in Las Vegas in August hopes to prove that signature-based antivirus is dead, a move that one leading antivirus researcher says is "not a good idea."
The goal of the Race to Zero is simple: obfuscate a malicious code so that it evades well-known antivirus engines.
Contestants will be given a sample set of viruses and malicious code that they must modify and then upload through the contest portal. Once accepted, the sample will be sent through a number of leading antivirus engines (perhaps using VirusTotal.com to provide real time test results). The first team or individual who manages to evade all the antivirus engines wins that round. The organizers promise that each round will increase in complexity.
On the contest site, organizers list six reasons for hosting this event:
- Reverse engineering and code analysis is fun.
- Not all antivirus is equal and poorly performing antivirus vendors should be called out.
- Signature-based antivirus products can be easily circumvented.
- It's easier to modify malicious software than it is to write signature protection for it.
- Signature-based antivirus is dead.
- Antivirus is just part of the larger picture, you need patching, firewalling and sound security policies to remain virus free.
But Dave Marcus, security research and communications manager at McAfee Avert Labs, said: "Encouraging research that results in better evasion techniques for malware writers is not a good idea. How many identities will be lost and how much data will be stolen from users as a result of the new techniques and evasions that are created? Security research should center around bettering detection not evasion."
DefCon 16 will be held August 8-10 at the Riviera Hotel in Las Vegas.
Corrected at 6:50 a.m. PDT March 26: The last paragraph has been revised to correctly describe a second antivirus partnership.
The Anti-Malware Test Lab and AV-Comparatives.org announced on Tuesday an alliance designed to create one of the most respected sources of objective, independent information about antivirus products.
Together, the pair said, they intend by year's end to create a unique system of integrated tests for determining the effectiveness of commercial antivirus software.
Andrea Clementi, founder of AV-Comparatives, said in a statement that "the partnership with Anti-Malware Test Lab will allow us to evaluate more aspects of antivirus software and to offer users a more comprehensive independent view of various security products."
Clementi further hinted that if this alliance works out, there may be additional alliances of independent antivirus software-testing labs.
"I'm sure that our partnership will act as a driving force for the development of the industry as a whole," said Sergey Ilyin, founder of Anti-Malware Test Lab. Anti-Malware Test Lab is an independent Russian test laboratory, a subsidiary of Anti-Malware.ru. The laboratory is best known for testing active infection treatments, antivirus heuristics, and anti-rootkit protection.
This is the second partnership of antivirus-testing organizations in recent months.
In January, various antivirus vendors, independent testing labs, and media outlets gathered in Spain to work toward creating the Anti-Malware Testing Standards Organization (AMTSO). That group includes vendors F-Secure, Kaspersky Lab, McAfee, Panda Software, and Symantec, and independent testing labs AV-Test.org and AV-Comparatives. The alliance announced on Tuesday is different, said Clementi, because it allows Anti-Malware.ru to share AV-Comparatives' test results.
In a statement issued Tuesday, Macintosh security company Intego accused Symantec of infringing on its copyright. At issue is the new box copy for Norton Antivirus for Macintosh. In the upper right corner, Symantec has prominently placed the words "Dual Protection," a reference to the product's use on both the Mac OS X and Windows operating systems when using Apple Boot Camp.
The Austin, Texas-based Intego said in a press release, "Intego is the owner of a trademark registration for the mark DP DUAL PROTECTION in France (registered on January 17, 2007) and an international trademark registration for that mark (registered on July 2, 2007) in the United States, the European Community (27 countries), Switzerland, Monaco, Australia, and Japan. In the United States, Intego has applied to the Patent and Trademark Office to register the DP DUAL PROTECTION mark; Intego claims rights to this mark in the United States. Intego also owns the domain name dualprotection.com, which it registered on January 15, 2007."
A Symantec spokesperson said the company is aware of the issue and is looking into the matter, adding, "We have no further information to share at this time."
- prev
- 1
- next
