Antivirus Makers Are Really Just a Herd of Sheep, Dr.Web Experiment Shows

[JMH]

In an interview with Brian Krebs, Boris Sharov, the CEO of Dr.Web, a Russian-based antivirus (AV) company, revealed an incident from 2012 when a misunderstanding in communications led to clean files being marked as threats on multiple AV engines.
This revelation comes on the wake of the Kaspersky Lab scandal, in which the company was accused of intentionally doctoring virus detection results to cause false positives for its rivals.
According to Mr. Sharov's statement for the Krebs on Security blog, his company, Dr.Web, sent two files to antivirus testing laboratories.

[h=3]A misunderstanding led to false positives across the globe[/h] In their email that accompanied the files, Mr. Sharov said, "We are sending you clean files, but a little bit modified. Could you please check what your system says about that?"
It is possible, but not confirmed, that Mr. Sharov wanted to check if the AV engines of his rivals would be able to detect files altered by his team. To his credit, he mentioned in the email the files were clean.

Antivirus Makers Are Really Just a Herd of Sheep, Dr.Web Experiment Shows - Softpedia

 

[Digerati]

This raises a serious question when it comes to the moral legality some of these antivirus engines work under, and only frustrates hard-working security experts who actually do all the work to keep users safe.

Maybe it's time we saw some lawsuits between some of these antivirus makers, don't you think?

I have very mixed feelings and opinions when it comes to the anti-malware industry. As I have noted in many rants before, the anti-malware industry has absolutely zero incentive to rid the world of malware. To rid the world of malware would put them out of business. So these companies need and depend on malware thriving in order for them to survive, let alone grow. It is important to remember the reason Microsoft did not include anti-virus code in XP was because Norton, McAfee, and the others whined and cried to Congress and the EU claiming Microsoft was trying to rule and monopolize the world. They were, but not the point. The anti-malware industry claimed it was their job to thwart malware and they failed miserably! But who got blamed? Microsoft - even though it was the badguys who perpetrated the offenses and the anti-malware industry who failed to stop, or even hinder their proliferation. IMO, this is why MS has been allowed to include anti-malware code in W8.x and W10 without any threats from Congress or the EU.

I do believe there is some truth to this "herd of sheep" (I though it was "flock"?) mentality but I think the author is wrong and ignorant to suggest lawsuits in this circumstance. We need good, timely protection from malicious threats.

We must remember too that the user is always the weakest link in security and too many users fail to "practice safe computing" or maintain good "security awareness and discipline". Malware traverses the Internet with, literally, light speed. According to Panda Labs there are 225,000 to 500,000 new malware strains detected per day!!! There is no way each anti-malware company can detect and protect us from those numbers (even if they are greatly exaggerated). Sharing information is the only way. We (consumers) need the anti-malware industry to work together in a cooperative effort to ensure malware definition/signature files are updated to detect the newly discovered malware in the most expeditious manner.

Getting lawyers in the middle will only slow down the process and make things worse by hindering, or eliminating that cooperative effort. Many smaller companies just don't have the resources and will be forced to shut down. That will mean fewer eyes looking out for us.

"The first thing we do, let's kill all the lawyers."

--William Shakespeare, Henry VI, Part 2​

But we do need these anti-malware companies to verify the information received and not blindly copy it without any followup validation. False positives an entire week later are not acceptable. But suing a company over false positives is not the answer either. Consumers need to rise up and demand better accuracy. False positives are inevitable, but they can be minimized too. If a product gets too many false positives and/or fails to act on those false positives in a timely manner, it is time to change to a different anti-malware solution and make our reason for changing known. Let the consumers speak - not the lawyers and the courts.