Race to Zero is the contest name. Anti-Virus vendors are outraged over the announcement of the contest, which is to be held at this year’s annual DefCon convention in Las Vegas. The object of the contest is to modify virus samples with the goal of avoiding anti-Virus detection.
AV Vendors panic over new contest at DefCon 16 (IMG:J.Anderson)
The contest is a legit one, and you would think vendors would be thrilled to prove their products offer exactly what they tell you they do, advanced protection and defense from new threats. Instead, several vendors, including Trend Micro and AVG, are upset over the contest proposal, making charges that it will do more harm than good or calling it a dumb idea. (Disclosure: AVG is currently in Tech Herald’s AV test lab and doing quite well. The odds that AVG would catch some of the modified samples are high. Yet, AVG is against the contest.)
The press jumped all over the contest announcement last week, and now the FUD is spreading. “It will do more harm than good,” said Paul Ferguson of TrendMicro to PC World. “Responsible disclosure is one thing, but now actually encouraging people to do this as a contest is a little over the top.”
Paul assumes that those who enter the contest are malicious, something he is not alone in doing. Several news reports and AV vendors are accusing DefCon of promoting Malware creation; falsely accusing it should be added. DefCon is getting a negative spin because of this contest, where in fact for over sixteen years it has been a positive gathering. Unless you are a Dateline reporter, then no one likes you.
Those who would likely enter this contest are employed by AV companies, or would have no interest in releasing any passing code. “We are not creating new viruses and modified samples will not be released into the wild, contrary to the belief of some media organizations,” the Race to Zero site states.
Take this quote from Sophos written by Gareth Catterall, “It seems odd that the focus be on building awareness (that is already present) that signature-based detection is not enough by itself; it has been dead since the early 1990’s when utilization of polymorphic engines became widespread.”
“DefCon appears to be promoting the development of malicious software, the same set of nasties that infect computers, steal bank details, and propagate spam e-mail etc. Is it not enough that malefactors of the world are writing and distributing new Malware every day? Or that identity and credit fraud are becoming more popular criminal endeavors? Now, pseudo-benevolent coders are being challenged to add to the quagmire of nasties under the guise of promoting more widespread and generic detection,” he adds.
Catterall seems to state exactly why anti-Vendors should welcome this contest. Signature based detection is old, and rarely used as a single point of defense. Most, if not all, AV vendors brag about their proactive protection. Sophos does it, AVG does it, and Symantec does it.
Instead of using older AV products, as Catterall suggests in his post, to test proactive Malware defense, you need to use the latest and greatest of these programs to see if they really do have what they offer.
The contest is open to anyone who attends DefCon this year. (Aug 8-10 Las Vegas – www.defcon.org) Visit www.racetozero.netfor more information.
There are currently no comments for this article. Be the first to comment! (no registration required)
Advertising
There are currently no comments for this article. Be the first to comment! (no registration required)