Petronella Blog Archive

Visit our New Blog

Follow the Leader: Are Your Files Really Infected?

Blog Post

Two antivirus firms, industry giant Kaspersky Labs and Dr.Web, have found that many antivirus programs don't do their own research, but, instead simply use information provided by other antivirus programs.

Kaspersky was, in fact, accused of faking malware to hurt their rivals.  Former employees said they were instructed to reverse-engineer competitors' software to find out how they could get the rivals to produce false positives.  That is, they say they were trying to figure out how to make good files look bad to other antivirus programs.  False positives can hurt the credibility of an antivirus program.

In 2010, Kaspersky published an experiment wherein a computer magazine created a number of harmless files then reported them to the website virustotal.com, saying that the files had been reported as malicious by Kaspersky.  Within a few weeks, the files were reported as malicious by more than a dozen security companies, despite being completely harmless.  This showed that those companies were blindly following Kaspersky's report and not digging into it themselves.

The CEO of Dr.Web said that they decided to do the same experiment and came to similar conclusions.  In the Dr.Web example though, they sent clean files to antivirus firms, told them they were clean files, and they still came back reported as malicious because they had been reported as such.

The problem lies in the fact that this exposes that many companies are simply following the industry leaders, whereas they should be taking the time to research files to find out whether or not they actually are malicious or clean.  Individuals and companies pay big bucks for antivirus software, but this shows that many of them aren't doing the work that people trust them to do.