Antivirus Makers Are Really Just a Herd of Sheep, Dr.Web Experiment Shows

[Exterminator]

Content source

http://news.softpedia.com/news/antivirus-makers-are-really-just-a-herd-of-sheep-dr-web-experiment-shows-490713.shtml

Two files wrongfully marked as malicious spread to half of all antivirus makers in less than a week
In an interview with Brian Krebs, Boris Sharov, the CEO of Dr.Web, a Russian-based antivirus (AV) company, revealed an incident from 2012 when a misunderstanding in communications led to clean files being marked as threats on multiple AV engines.

This revelation comes on the wake of the Kaspersky Lab scandal, in which the company was accused of intentionally doctoring virus detection results to cause false positives for its rivals.

According to Mr. Sharov's statement for the Krebs on Security blog, his company, Dr.Web, sent two files to antivirus testing laboratories.

A misunderstanding led to false positives across the globe
In their email that accompanied the files, Mr. Sharov said, "We are sending you clean files, but a little bit modified. Could you please check what your system says about that?"

It is possible, but not confirmed, that Mr. Sharov wanted to check if the AV engines of his rivals would be able to detect files altered by his team. To his credit, he mentioned in the email the files were clean.

Unfortunately for everyone involved, someone must have quickly gone over the email without actually reading the text, and after the two files were tested, the results came in and seven antivirus engines detected them as malicious.

But things didn't end here. Since antivirus companies have protocols they use to share their recent findings of malicious files, to Mr. Sharov's astonishment, a week later, almost half of the antivirus products on the market in 2012 were detecting those two samples as being infected.

"At this point, we were very confused, because our explanation was very clear. 'We are sending you clean files. A little bit modified, but clean, harmless files'," said Boris Sharov.

Should the discovery of a malicious file be considered intellectual property?
As Mr. Sharov explains, and as so did Eugene Kaspersky many times in the past, most antivirus engines simply copy each other’s findings without actually having someone go over them.

This is exactly what Kaspersky Labs wanted to prove in 2010, when, in a publicly self-denounced experiment, they showed how many antivirus makers blatantly copied their fake malicious files, without actually doing any investigation on them.

This raises a serious question when it comes to the moral legality some of these antivirus engines work under, and only frustrates hard-working security experts who actually do all the work to keep users safe.

Maybe it's time we saw some lawsuits between some of these antivirus makers, don't you think?

 

[Deleted member 178]

And people still crave and gives their full trust for the "best AV" they can find, as i said and will never stop saying : AV are the past.

 

[Enju]

And people still crave and gives their full trust for the "best AV" they can find, as i said and will never stop saying : AV are the past.

Classical Antivirus has been useless since they have been released, it never was of any real use.
Telling people they are in danger and selling crap to them instead of training their little monkey brains seems to be the way to go tho'.

 

[FleischmannTV]

AV are the past.

For you, me and other educated users perhaps, but for average home users on Microsoft Windows AV is still the best bet, even though it sucks. I can't imagine the typical happy clicker to install and operate NVT ERP, AppGuard, ShadowDefender, Sandboxie and the likes in a beneficial manner.

On my parents' laptops I have AppGuard, HitmanPro.Alert 3 and LUA set up. Google Chrome as a browser updates itself and its plugins automatically, even on a LUA. Yet this is not a good example because I am there every weekend to check on it.

 

[Kate_L]

As Mr. Sharov explains, and as so did Eugene Kaspersky many times in the past, most antivirus engines simply copy each other’s findings without actually having someone go over them.

This is exactly what Kaspersky Labs wanted to prove in 2010, when, in a publicly self-denounced experiment, they showed how many antivirus makers blatantly copied their fake malicious files, without actually doing any investigation on them.

I knew this, it's always fun to read how AV companies copy each others findings.

 

[Enju]

For you, me and other educated users perhaps, but for average home users on Microsoft Windows AV is still the best bet, even though it sucks. I can't imagine the typical happy clicker to install and operate NVT ERP, AppGuard, ShadowDefender, Sandboxie and the likes in a beneficial manner.

On my parents' laptops I have AppGuard, HitmanPro.Alert 3 and LUA set up. Google Chrome as a browser updates itself and its plugins automatically, even on a LUA. Yet this is not a good example because I am there every weekend to check on it.

It's possible to train everyone, it takes some time and patience but it is 100% possible. I trained my grandpa after about one year of using computers to live without any sort of AV. I showed him Sandboxie, installed MBAE and told him every little step to keep his PC up to date and now he surfs the web daily with his humble 85 years...

 

[Deleted member 178]

shadow defender = one click to enter , one click to exit. if people cant do that , better they stop using computers.

 

[FleischmannTV]

shadow defender = one click to enter , one click to exit. if people cant do that , better they stop using computers.

Great.

"Why are all my files gone after each reboot?"

"Why hasn't my bank account been reset after the banking trojan has corrupted my session?"

 

[Deleted member 178]

Great.

"Why are all my files gone after each reboot?"

"Why hasn't my bank account been reset after the banking trojan has corrupted my session?"

Of course you have to inform them how to use it...any virtualization softwares isn't complicated to handle; unlike AVs with cryptic alerts , False Positives , etc...

but the problem isn't there...the problem is that people click everything because they think "i have an AV, im safe" , they download and execute any files they can.

Or even with an AV , they will disable it because "this damn AV stop me to use this file my friend gave me, and i trust my friend"

The problem is that people are not or refuse to be educated...

 

[FleischmannTV]

The problem is that people are not or refuse to be educated...

I agree.

It's possible to train everyone

I agree as well, but no one wants to pay for it and revealing yourself as knowledgeable comes with people asking you to provide free tech support for them around the clock. You have to understand that money is an issue because every cent needs to be saved for that 700 dollar telephone every 12 months.

 

[Deleted member 178]

revealing yourself as knowledgeable comes with people asking you to provide free tech support for them around the clock.

yes very true lol, now i hide to people i'm an IT

 

[Chromatinfish 123]

yes very true lol, now i hide to people i'm an IT

Umbra's a very experienced IT! He will charge nothing for services! Come on in!

 

[Dima007]

Kaspersky and now Dr web
It's like Norton's popups in the 90's

 

[jamescv7]

Corruption at its finest, but still the best way is to inform very well on each security they will use and how to operate. Overall even though classical AV's may go to be obsolete when mere fact is still effective and avoid going to very unusual sites.

Today majority of AV can detect more than perhas 70 percent which acceptable nowadays.