Join us!

Why would the antivirus industry, which encompasses over forty companies world-wide, keep selling "protection" that is inadequate at best and useless at worst?

Contrary to what the security software industry would have you believe, new malware bypasses all commercial protection! This is because new malware has no signature (akin to a fingerprint) to be matched against databases of signatures. So while recent malware, such as Conficker and SilentBanker, continue to rage there is still no protection from older malware that is altered (since it would no longer match any known signature). For this reason malware authors generally do not regard applications meant to stop them as a significant barrier.

Even with AV installed, millions of computers get infected every year. Users are told to install a patch, update their anti-malware, be vigilant and (of course) keep their AV service contract payments current. A whole industry whose business plan depends on the continuing proliferation of the very noxious software it's meant to protect against! A business plan that has its roots in fear and benefits from the existence of what is never meant to be acknowledged: a silent symbiotic relationship betwixt anti-virus companies and malware authors. It's don't ask, don't tell on an international scale.

That malware writers enjoy the protection of misguided legislation, such as the DMCA, salts the wound. It also explains why AV labs are found in countries beyond the reach of these laws. Disassembling and decompiling (also known as reverse engineering) viruses, worms, and trojans shouldn't be illegal, but unfortunately it is. This chilling effect extends well beyond the industry, and provides a compelling rationale for universities to avoid involvement. If my students and I cannot study the source code, how can we hope to hypothesize antidotes? A similar approach prohibiting the study of biological viruses would have disastrous effects as no vaccine or treatment could be developed! Yet this is exactly what we're seeing in the field of computing.

That's not to say malware isn't a difficult problem that simply lacks proper effort or legislation. Perhaps the best we will be able to do is to keep the problem at some tolerable, minimal level. Judging by how many AV companies have branched out into compliance and regulatory areas (away from the complications of malware), theirs is a tacit acknowledgment that malware is a tough assignment.

To be clear: I am not the AV industry's enemy. I welcome their participation in a universal, cooperative, open source approach involving students and faculty from many universities. Such an effort can produce real results, as shown with the Linux operating system. If you read this far and are interested in my effort, please let me know.

This summer some of my students and I are starting an open source effort to develop a menu of anti-worm counter-measures (with botnet breaking capabilities as the ultimate goal). We intend to recruit students from universities all over the world to help program, review, and test the anti-worm code as a global collaborative effort. It's time to give everyone the tools to fight Conficker's successors. Our system administrator and I are currently busy setting up a server mini-farm here at Sonoma State University to kick-start the process. Won't you join us?

To participate in our effort, tell us about yourself: antimal@cs.sonoma.edu