Background
As CEO of an anti-virus company my friends and associates often ask me “Who writes all these viruses?” and hidden behind this question is the sometimes serious accusation that “You write them yourself, just to drum up business!”.
If it was only so simple… The reality is however very different. Apart from the fact that this would be morally reprehensible and also illegal, it is actually pretty easy to prove that it is technically impossible for the anti-virus companies to manufacture the sheer volume of viruses produced.
Cost/Benefit calculation
The currently produced Viruses, Trojans and Bots are the result of an enormous amount of programming work. Intentionally and unintentionally released source code only allows a rough estimate of the original effort required but one can easily assume that every new genus of Malware is the result of at least 1-3 months of programming work. New variants that are further developments of old Malware are of course easier to produce.
At Emsisoft, we add around 20,000 new Malware signatures (fingerprints) to our detection database every day, i.e. roughly half a million each month. Historical developments indicate that the number of new threats doubles each year. Emsisoft Anti-Malware currently has 5.5 million signatures in its database. This also includes many signatures that detect variants of the same Malware using generic detection, so the total number of signatures is less than the actual number of Malware programs.
If I was the CEO of an evil anti-virus company I would first need a new employee to write a Virus in the first place. I would also need someone for further development and maintenance to protect my investment by ensuring that the Virus will still run on future operating systems. Once the Virus is finally finished it would then released into the wild and entered into the detection database of our own Antivirus software.
Great! In only one month we have managed to build one new Virus – one single Virus among 500,000 others in this month.
By now, it should be clear to everyone that it simply makes no commercial sense for us to write the Viruses ourselves. The advantages obtained through detection of one extra piece of Malware against the sheer unbelievable volume released each month are simply too small. Even when the cost of hiring programmers in dumping-wage countries is very low, it is absolutely certain that no Antivirus manufacturer can afford to do this. Even all the Antivirus manufacturers in the world together would not be able to generate the current volume of new Malware.
Read more
