×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Online Services Let Virus Writers Check Their Work

ScuttleMonkey posted more than 4 years ago | from the better-faster-stronger dept.

Security 61

An anonymous reader writes "Former Washington Post Security Fix blogger Brian Krebs has launched a new blog at krebsonsecurity.com, and his first story highlights a pair of underground antivirus scanning services that cater to virus writers. Scanning services like virustotal.com scan submitted files against dozens of antivirus products, and share the results with each of the vendors so that all benefit from learning about threats they don't yet detect. But there are number of budding online services that allow customers to pay per scan, and promise that the results will never get reported back to the antivirus companies. One service even tests how well web site 'exploit packs' are detected, while others promise additional layers of protection. 'The service claims that it will soon be rolling out advanced features, such as testing malware against anti-spyware and firewall programs, as well as a test to see whether the malware functions in a virtual machine.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

61 comments

Karma Fail (0, Offtopic)

Keep Six (1697340) | more than 4 years ago | (#30615096)

I came in here to find my karma is bad. I don't know how, or what it even means, but... Fuck this website, fuck karma, and fuck 2010.

Re:Karma Fail (0)

Anonymous Coward | more than 4 years ago | (#30615234)

lol- you suck!

Re:Karma Fail (0)

Anonymous Coward | more than 4 years ago | (#30615242)

Maybe it's a Y2K10 glitch? Who knows. Best to try doing things to get your karma back up and hope this bad luck passes.

Inevitable (4, Informative)

Spad (470073) | more than 4 years ago | (#30615112)

As I've said before on this subject, there's a whole economy around spam, website exploits and malware, you've got people who will QA your malware for you to check for bugs and these services that will run them against common AV software and suggest ways to evade them. Then you can sell your malware to someone who will use the network of compromised sites they bought off someone else to build botnets which they then sell time on to other people who are using them to send spam emails and perform DDOS attacks on behalf of *other* people.

Any Reason... (0, Flamebait)

sycodon (149926) | more than 4 years ago | (#30615258)

...these people should not be hunted down and set to Gitmo for some water boarding then a firing squad?

Re:Any Reason... (4, Insightful)

MrMr (219533) | more than 4 years ago | (#30615376)

But these people may be US citizens. Your procedure only applies to foreigners.

Re:Any Reason... (0, Troll)

sycodon (149926) | more than 4 years ago | (#30615420)

When my machine gets infected, I don't care who they are. Just on principal, they should be shot.

Waste of bullets (0, Offtopic)

RobertLTux (260313) | more than 4 years ago | (#30615452)

Hanging is good swords are good you need to do this in a "green manner"

Re:Waste of bullets (1)

Icarium (1109647) | more than 4 years ago | (#30615488)

Wouldn't execution by robot, virus or worm be more fitting?

Re:Waste of bullets (1)

zill (1690130) | more than 4 years ago | (#30616192)

No, they should instead share a cell with men who have enlarged their penises, taken Viagra and are looking for a new relationship.

Re:Any Reason... (1)

Bert64 (520050) | more than 4 years ago | (#30616960)

Why not just make sure you DONT get infected?
Being infected with malware, like falling for the various scams spread by spam, depends on a high level of stupidity and/or incompetence and i have very little sympathy for such people.

Re:Any Reason... (0)

Anonymous Coward | more than 4 years ago | (#30617036)

Why don't you just STFU?

Re:Any Reason... (1)

GNUALMAFUERTE (697061) | more than 4 years ago | (#30618578)

Why not just make sure you DONT run windows?
Being infected with windows, like falling for the various scams spread by microsoft, depends on a high level of stupidity and/or incompetence and i have very little sympathy for such people.

Re:Any Reason... (0)

Anonymous Coward | more than 4 years ago | (#30621578)

Easier said than done.
I've just got a nasty piece of malware from my flash which got it from my boss's PC which got it from a client's flash which got it from another employee which got it from an internet cafe which probably got it from some random guy downoading porn.

On it's way onto my PC it evaded Avast, AVG, Kaspersky, Malware Bytes, McAfee, Norton, Nod32, Spybot, Spyware Doctor, Windows Antivirus, Windows Firewall and Zone Alarm.

think globally, act locally (0, Flamebait)

spywhere (824072) | more than 4 years ago | (#30616882)

I remove malware for a living. Because I work in strangers' houses in unfamiliar neighborhoods, I also carry a large powerful handgun [glock.com] .

If I met someone who credibly claimed to be an author or distributor of malware, I fear I might "lose" several 80-cent bullets [doubletapammo.com] ...

Re:think globally, act locally (0)

Anonymous Coward | more than 4 years ago | (#30616966)

"I remove malware for a living. [...] If I met someone who credibly claimed to be an author or distributor of malware, I fear I might "lose" several 80-cent bullets." That sounds rather like biting the hand that feeds you.

Windows 7 is devouring that hand (2, Interesting)

spywhere (824072) | more than 4 years ago | (#30617974)

Vista and 7 are much less prone to malware infestation. Since Vista came out, I've seen less than a dozen compromised Vista computers... virtually all of my malware work is on XP.
That market is disappearing.

Re:Windows 7 is devouring that hand (1)

adolf (21054) | more than 4 years ago | (#30619678)

Coincidentally, since Vista came out, I've seen less than a dozen Vista computers -- total.

It either Just Works, or it's really unpopular. I suspect both, though I never had any particular problems with it on my own machines...

Re:Inevitable (0)

Anonymous Coward | more than 4 years ago | (#30615442)

Tapping into the hobbyist malware writer territory at a low cost seems like a good idea, there's only so many malware writers you can hire and still make a good profit.

Re:Inevitable (4, Insightful)

Nikker (749551) | more than 4 years ago | (#30615808)

Black hats are notorious for being paranoid when it comes to "sharing". Why would any of them even bother when they could just as easily set up multiple VM's with different OS's and different anti virus solutions and test them out in close to real time? How can they trust that these sites won't rat them out? How can they trust a similar service isn't set up as a honey pot for this very reason? It might scare Jane and Jon Q Public but in reality it's not going to make much of a difference overall. Why should someone trust the guy on the other end of the Internet that they won't expose them and their little virus baby to the big bad corporate overlords?

Re:Inevitable (1)

jonbryce (703250) | more than 4 years ago | (#30616000)

Indeed. I thought sites like virustotal existed to enable people to test their warez against different virus scanners to get a second opinion as to whether or not they were infected, or safe to install on their machine.

"Capitalism" is descriptive, not normative (2, Insightful)

QuoteMstr (55051) | more than 4 years ago | (#30615924)

Markets happen whether they're intended or not. They're as natural as water flowing downhill, even in ostensibly destructive fields. Capitalism is not more a "choice" than gravity is: what matters is how you deal with it.

Clearly, we don't have enough incentives to either 1) discourage these people from writing malware, or 2) encouraging them to do other things.

HONEYPOT (2, Insightful)

Sleen (73855) | more than 4 years ago | (#30616124)

There is an economy, but the players are all using layers upon layers of aliases. Inevitable is a fresh mask on carnivore and this is merely one of them. How could you possibly trust a service NOT to report a ZDE? Find one, submit and see if it shows up in other scanners or see if there are reports of anyone out there using it. The service could be a front for carnivore, a front for a virus broker, or a front for a majority vendor. The simple rule is this: if there is money to be made and this is the only principle protecting the submission, it is INEVITABLE that someone else will offer more. And if the price per submission is affordable, and the functions advertized then its certainly not underground but engaging in some simple advertizing.

Most hackers have heard of honeypots...

Re:HONEYPOT (1)

AHuxley (892839) | more than 4 years ago | (#30618192)

Your local fence was on a state task force or fed?
Your fellow anti war protester was a local cop or fed.
Your mid ranking dealer was working for a state task force or fed?
Your 'adult' forum had a few adims, one was on a state task force or fed?
Your CC and hacking forum was a total state task force or fed set up?
Your virus all in one test site was was a state task force or fed IP trap.
Same old games, digital age :)

Makes sense (4, Insightful)

WiiVault (1039946) | more than 4 years ago | (#30615114)

The big AV companies have created a market of people who are behind a wall, but one that only exists as based on the guardianship of the AV maker. We know they are untrustworthy, and their very presence and size encourages this type of activity. Having a fairly consolidated market with a few vendors having a major share allows "hackers" to target those programs thus making these services useful to a wannabe testing out his exploit.

Re:Makes sense (1)

leuk_he (194174) | more than 4 years ago | (#30615156)

Since these AV monopolies are untrustworthy, why would they not have proactively created these "scan and burn" sites? Best to to gather signatures is to get them directly from the source in these scan services.

Re:Makes sense (1)

WiiVault (1039946) | more than 4 years ago | (#30615292)

I was actually simply referring to the past nefarious actions on their part and the fact that their software is mostly a bloated joke which slows down most PCs just as much as the adware its meant to remove.

Honor among thieves (4, Interesting)

Shoten (260439) | more than 4 years ago | (#30615210)

It would seem to me that, since most malware writers are essentially in competition with each other (as can be seen by past examples of malware that removes other, competing forms) that using a service like this would be against the best wishes of the attacker. I can only imagine that anyone who would provide a service like this would also be diversified enough to have their own stable of malware, and would gain value from having a copy of everything that gets submitted to them.

Re:Honor among thieves (1)

misexistentialist (1537887) | more than 4 years ago | (#30615990)

There is value to the aging script-kiddie (now a daddy) in becoming a productive member of society as a "virus tester". Alternatively, it is not disadvantageous for the community-minded hacker to make his malware get along with others rather than compete.

It is run by the NSA (0)

Anonymous Coward | more than 4 years ago | (#30615246)

This is the only logical conclusion.

Real interesting story here (3, Interesting)

IamTheRealMike (537420) | more than 4 years ago | (#30615304)

Brian Krebs now has a blog. He has written some of the most consistently interesting, unique and accurate coverage of the internet [in]security world in the past few years. Subscribed.

Re:Real interesting story here (1)

oasisbob (460665) | more than 4 years ago | (#30615890)

Indeed. I started crying like an eight year old girl when I heard he was leaving WaPo. His coverage has been excellent, especially on things like banking security, the Heartland breach, etc.

I stopped sobbing when I heard he was going to start blogging instead.

This article needs (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30615324)

a 'windoze' tag.

Windows is not Internet-ready (0, Flamebait)

David Gerard (12369) | more than 4 years ago | (#30615330)

Good Lord. We need to cut to the chase and just ban Windows from the Internet as unsafe at any speed [newstechnica.com] .

Har har, copypasta is so fucking funny (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#30615794)

I'm a really funny guy, too. Just check this shit out, which I totally wrote myself:

If you are stimulated by new ideas and if you can think for yourself rather than simply accept what David Gerard dishes out, I think you will find this letter of interest. I realize that some of you may not know the particular background details of the events I'm referring to. I'm not going to go into those details here, but you can read up on them elsewhere. His strictures are a conduit that funnels uncompromising thoughts into the heads of crafty varmints. We can therefore extrapolate that I fully intend to denounce those who claim that some people deserve to feel safe while others do not. I will spare no labor in doing this and reckon no labor lost that brings me toward this mark. Even so, David wants to commit acts of immorality, dishonesty, and treason. Why he wants that, I don't know, but that's what he wants.

David surely believes that he acts in the name of equality and social justice. Unfortunately for him, that's all in his imagination. David needs to get out of that fictional world and get back to reality, where people can see that what really irks me is that he has presented us with a Hobson's choice. Either we let him needle and wheedle moonstruck voluptuaries into his terrorist organization or he'll cast dissent as treason and criticism as espionage. A small child really couldn't understand that he justifies his plans to spatter my reputation as "preemptive self-defense". But any adult can easily grasp that if you can go more than a minute without hearing him talk about scapegoatism, you're either deaf, dumb, or in a serious case of denial.

And for those reprehensible backstabbers who want to hide behind the argument that David's allies are not obtrusive propagandists but rather unbridled sandbaggers, my question is simply this: What's the difference? All David really wants is to hang onto the perks he's getting from the system. That's all he really cares about.

David hates us with a hatred so steady and deadly that it consumes in him all sense of time and place. There's really no other conclusion you can reach. I guess that my take on this is that every time he gets caught trying to destroy the natural beauty of our parks and forests, he promises he'll never do so again. Subsequently, his subordinates always jump in and explain that he really shouldn't be blamed even if he does because, as they aver, superstition is no less credible than proven scientific principles.

David frequently avers his support of democracy and his love of freedom. But one need only look at what David is doing—as opposed to what he is saying—to understand his true aims. To say merely that he is capable of a large array of negative feelings is a vast understatement. His fusillades manifest themselves in two phases. Phase one: institutionalize fetishism through systematic violence, distorted religion, and dubious science. Phase two: blitz media outlets with faxes and newsletters that highlight the good points of his muddleheaded jeremiads. The end.

I'm just going to drop this here (1)

symbolset (646467) | more than 4 years ago | (#30619340)

click [secureworks.com]

Re:I'm just dropping the bomb on you, big talker (0)

Anonymous Coward | more than 4 years ago | (#30622450)

SymbolNOBODY: You said what's quoted below from you, here -> http://slashdot.org/comments.pl?sid=1476008&cid=30428430 [slashdot.org]

"It's tolerated (perhaps encouraged) in part because these annoying actors are otherwised engaged in improving Linux. Major Debian and BSD contributors, for example, use slashdot as a workspace for their human-machine interaction side experiments, of which APK is probably one. In addition many of these trolls post links which, if you follow them, will completely hose a Windows machine. This is part of the game. - by symbolset (646467) on Monday December 14, @01:15AM (#30428430) Journal

I took offense to the BOLDED part... & ALL you EVER seem to have is "ad hominem" based attacks on people, not the points they make. So, "symbolNOBODY": The day you can make something like this (& that got you PAID for it, & that has done as well for others online):

http://www.tcmagazine.com/forums/index.php?s=b861a743aa23c4568b7d73e07ef7ecec&showtopic=2662 [tcmagazine.com]

That's also gone over 250.000 views worldwide in 1++ yrs.' time online, & across 15 forums where that guide for Windows Security has been made either an:

1.) "Sticky/Pinned" thread
2.) An "Essential Guide"
3.) Rates 5/5 stars (etc.)

AND, gets "feedback" like this from users that have applied it:

----

http://www.xtremepccentral.com/forums/showthread.php?t=28430 [xtremepccentral.com]

PERTINENT QUOTE/EXCERPT:

"...recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual. Now I don't recommend this for the average joe, but it if can work for a kids PC it can work for anything! Now, i substituted OpenDNS and activated the Adult Content filter with them for this kids computer. I know its not perfect, but will catch over 99.5% of said sites."

and

http://www.xtremepccentral.com/forums/showthread.php?s=10f9ba9ad5ff990aaae1e7ec91f593a2&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)"

Thronka - forums member @ xtremepccentral.com

----

THEN, when you have done so, on THAT account? THEN, you can talk (and, ESPECIALLY about that which you said about myself which I quoted from you above shows YOU, libelling ME, clearly. It's clearly immaterial & outright b.s. from you, vs. the kind of feedback my guide on securing Windows gets, quoted above from others? It CLEARLY disproved your outright b.s., period...)

Also?

When you have done all of this as I have over time in this Art & Science of computing:

"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."

----

Windows NT Magazine (now Windows IT Pro) April 1997 "BACK OFFICE PERFORMANCE" issue, page 61

(&, for work done for EEC Systems/SuperSpeed.com on PAID CONTRACT (writing portions of their SuperCache program increasing its performance by up to 40% via my work) albeit, for their SuperDisk & HOW TO APPLY IT, took them to a finalist position @ MS Tech Ed, two years in a row).

WINDOWS MAGAZINE, 1997, "Top Freeware & Shareware of the Year" issue page 210, #1/first entry in fact (my work is there)

PC-WELT FEB 1998 - page 84, again, my work is featured there

WINDOWS MAGAZINE, WINTER 1998 - page 92, insert section, MUST HAVE WARES, my work is again, there

PC-WELT FEB 1999 - page 83, again, my work is featured there

CHIP Magazine 7/99 - page 100, my work is there

GERMAN PC BOOK, Data Becker publisher "PC Aufrusten und Repairen" 2000, where my work is contained in it

HOT SHAREWARE Numero 46 issue, pg. 54 (PC ware mag from Spain), 2001 my work is there, first one featured, yet again!

Also, a British PC Mag in 2002 for many utilities I wrote, saw it @ BORDERS BOOKS but didn't buy it... by that point, I had moved onto other areas in this field besides coding only...

Lastly, being paid for an article that made me money over @ PCPitstop in 2008 for writing up a guide that has people showing NO VIRUSES/SPYWARES & other screwups, via following its point, such as THRONKA sees here -> http://www.xtremepccentral.com/forums/showthread.php?s=ee926d913b81bf6d63c3c7372fd2a24c&t=28430&page=3 [xtremepccentral.com]

What do I have to say about that much above? I can't say it any better, than this was stated already (from the greatest book of all time, the "tech manual for life" imo):

"But by the grace of God I am what I am: and his grace which was bestowed upon me was not in vain; but I labored more abundantly than they all: yet not I, but the grace of God which was with me." - Corinthians Chapter 10, Verse 10

----

Then? MAYBE THEN, you can talk like that which I quote from you above!

(I truly DO KNOW, that YOU? You never will... because you are nothing BUT a "big talker", & that's about it...)

APK

P.S.=> Prove otherwise, show us that YOU have done things such as the list of MY appearances in publications of note in this field (as I have done as far back as 12++ yrs. ago no less & straight up into 2002 when I was "into that" type of thing) OR, that YOU have done a guide that's done as well as mine has for securing folks on Windows machines (&, one that also got you PAID for writing it as mine did over at PCPitstop.com)?

Again - Then, maybe ONLY then, can you talk "symbolNOBODY"... until then, "symbolNOBODY"? Stew in your lack of accomplishment & ILLOGICALLY constructed arguments & ad hominem attacks on others along with the other forms of b.s. you always spout... apk

It's a dog-eat-dog world (1)

insufflate10mg (1711356) | more than 4 years ago | (#30615346)

Would it be possible to legally hold the company to their agreement? Having built up a few botnets several years ago (just for the sake of doing it, no spam/DDoS), I wouldn't trust them. It makes sense that the authors of malicious code wouldn't risk their creation on what could be a sting by AV companies without some sort of legal ramifications... Also, I couldn't imagine it would be *too* difficult to create your own antivirus sand beach for newly-created viruses to test themselves in. A lot of the aforementioned AV's are cheap or free for the sake of the advantages they would give and the edge one's malware could have.

Re:It's a dog-eat-dog world (1)

Bert64 (520050) | more than 4 years ago | (#30617050)

If you're doing something as illegal as creating a botnet for the purposes of spam/ddos, then the additional illegality of pirating a bunch of av products isn't a huge stretch...
As for a sting, most malware authors these days continually make new changes to their malware, often very simple changes can render something undetectable and extend the lifetime of a particular codebase.

Hmm (1)

ShooterNeo (555040) | more than 4 years ago | (#30615368)

I'm no malware writer : but I have to ask...how hard would it be to make self-modifying undetectable code? Essentially you'd have your malware executable, however many bytes of assembled code that do stuff. Then you'd insert various dummy instructions that are randomly chosen but cancel each other out throughout the code. (so you might have an add instruction followed by a subtract instruction, etc). Every time the malware installs itself on a new PC, it randomly creates a new set of dummy instructions.

So the malware would still have a constant codebase that is doing the work, but wouldn't the dummy instructions prevent anti-virus/anti-malware software from being able to "see" the executable? In a similar manner, any registry entries that the malware needs would be randomly chosen character strings. The server address that the malware uses to communicate with would be scrambled via a randomly chosen encryption key as well.

What I'm describing isn't hard at all : a basic project that a junior or senior cs student could easily complete.

Re:Hmm (1)

insufflate10mg (1711356) | more than 4 years ago | (#30615398)

It is possible, look up polymorphic code. I've seen it implemented personally by my mentor though I've never worked with it myself. Neat stuff.

Re:Hmm (1, Interesting)

Anonymous Coward | more than 4 years ago | (#30615896)

The main problem is: if a virus infects the same PC over and over, possibly 1000s of times, it slows down too much, limiting the chance of infecting other victims or simply crashing the target completely . This means your malware should have a way to detect its own self, and stop deploying. This, in turn, means you need a signature or something very much like it.

Re:Hmm (1)

Josef Meixner (1020161) | more than 4 years ago | (#30616134)

You have one little problem, the program has to know, which instructions cancel out. So you probably have a list of pairs in there somewhere. As soon as that is known, the program can be normalized back to the "core code". The other problem is, that you would have to be very careful to remove the canceling instructions in the virus before you rescramble it or the size would quickly get prohibitively large.

The randomly chosen registry keys won't help you, you have to get the thing to be executed, so you have to write something in a fixed number of keys. That should be enough to detect it.

The "scrambled" server key is a tactic Conficker is using. It generates and queries a large number of domains, but obviously the sequence has to be in the code somewhere so a server can be setup which has the right name at the time the thing tries to connect to it. Just scrambling the address in the "client" is useless, if there is no server.

Re:Hmm (1)

Bert64 (520050) | more than 4 years ago | (#30617064)

When it connects to a server in its pseudo-random sequence, does it do anything to verify the server or does it connect blindly?
I wonder if they used public/private rsa keys to verify that the host it connects to is really a genuine one or not...

Re:Hmm (1)

Spad (470073) | more than 4 years ago | (#30617368)

Polymorphic malware is getting increasingly sophisticated, to the point that can be impossible to detect the malware except at run time by virtue of what it attempts to do to the system it's infecting. I thought that this little trick [sophos.com] was a pretty neat one, the code only decrypts itself correctly at certain times on certain days, so AV vendors can't easily analyse the code and write detection signatures.

They aren't poor to begin with (1)

Ilgaz (86384) | more than 4 years ago | (#30615708)

If you buy all those packages (besides pirating) at the virustotal.com, it will cost far less than $6000 which a Rolex costs.

That mob leader wears Rolex watch you know, it is not like he won't be able to buy dozens of antivirus, virtual machine solution.

The days of "hacking for a bottle of Vodka" is really over, if ever existed.

Virustotal should be a security organization's free service with costs shared by AV vendors rather than being a "underground" (???) service. It does nothing rather than doing a real life check of current antiviruses. If I was a AV vendor who trusts their solution, I would even donate a blade to them. Being the only vendor finding a virus in suspected file can't be more decision making than anything including 1000s of white papers.

PS: If a black hat trusts to that file scanner, he is more than dumb since the virustotal or any offline file checker (including clam or stuff OS X users keep buying) doesn't have heuristics which can be only performed on a up and running windows OS.

Isn't this easily solved? (0)

mysidia (191772) | more than 4 years ago | (#30615860)

AV makers should include a clause in the EULA, that: the software may not be used to provide a virus scanning service for more than one third party. You may not scan a file for another person without purchasing an additional license to be permanently assigned to each person.

And then they can send their army of lawyers at any "paid AV scanning website" that doesn't have an agreement with them.

Re:Isn't this easily solved? (1)

selven (1556643) | more than 4 years ago | (#30616656)

Software freedom is more important than software safety, just like everywhere else.

Re:Isn't this easily solved? (1)

mysidia (191772) | more than 4 years ago | (#30616818)

On a proprietary OS platform, it's only appropriate that the antivirus programs contain license restrictions against using them for evil, or using them to circumvent other users' need to buy their own copy and update subscriptions.

These programs already contain very restrictive EULAs. It's logical for them to contain a restriction against this type of abuse.

Otherwise... someone could just write a free "stub AV" everyone installs on their desktop, that uses an outsourced, online scanner to actually do all the file checking.

Then the manufacturer of the AV scanner loses all their business to the "outsourced AV programs"...

This is proprietary software. They profit by selling copies of the software, not by enabling as much freedom as possible.

Don't fool yourself into thinking you have software freedom, or software freedom principles, somehow apply to someone else's closed source, "pay for use, but restricted" software product.

All commercial AVs are in that category... in general, basically all AVs are in that category (except the likes of ClamAV)

Re:Isn't this easily solved? (1)

hughperkins (705005) | more than 4 years ago | (#30618698)

Yes, because an anti-virus scanner running on a single computer uses negligible resources, and a service that scanned people's computers remotely would scale wonderfully and make a huge zero-cost profit :-P

Re:Isn't this easily solved? (1)

selven (1556643) | more than 4 years ago | (#30619110)

Wait, so you're saying that freedom is useless unless I have full freedom? I disagree, every small bit of freedom is a good thing. I don't think my software principles apply to proprietary AVs, I think an AV that respects them even slightly more is better than an equivalent one that doesn't.

Re:Isn't this easily solved? (1)

Bert64 (520050) | more than 4 years ago | (#30617084)

Do you think underground vendors who are already doing questionable things like selling malware and selling infected machines, will really care about using an unlicensed av product?
Most likely all the av they use are pirated anyway...

Re:Isn't this easily solved? (1)

mysidia (191772) | more than 4 years ago | (#30617790)

I have no doubt underground vendors are willing to do questionable things.

But it would at least help to force them to actually go underground, rather than use a public exposed website for anonymous scanning (without sample sharing), make their service harder for novices to access, increase the price.

And reduce the "legitimacy" or "credibility" of the service designed to facilitate malware authors.

The DMCA and various DMCA-inspired laws passed by various countries and the notion of 'takedown letters' really sucks, but maybe it can be put to one good use ...

|Z| (0)

Anonymous Coward | more than 4 years ago | (#30621196)

Is it really so dangerous to send new malwares to virustotal? I don't think so.
Here are two scans results of the same malware:

http://www.virustotal.com/analisis/8997c271747fbb83d870ffe9f6ad034d
http://www.virustotal.com/analisis/a5b12389a3f23687c787eeb0a2ab12bf

The first was scanned on 2008.11.11 with detection rate of 6/36, the second scan was performed on 2009.03.18 with detection rate 9/39. One of the 3 new AV vendors detecting it were new in virustotal at all, and two of them detect it because they have already found what the malware is about. Although this is only one case, I bet everybody can find such examples in a very short time.

It is said that the samples are sent real-time to AV vendors. But it looks like they do nothing with the samples for months...

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...