On a bit of a roll here on the survival-of-the-fittest-in-IT theme. Wasn’t planning a trilogy… it just kinda happened. Sort of…
…Sort of, as, well, the specific problem of parasites in the IT Security world I’ll be writing about today has been at the back of my mind for a long time already. This Darwinism talk seemed the perfect opportunity to finally let rip. You’ll see what I mean…
Today folks: parasites. But not those we’re fighting against (the ‘very’ bad guys); those who claim are also fighting the very bad guys (philosophical question: who’s worse?).
The IT industry today is developing at a galloping pace. Just 10-15 years ago its main themes were desktop antiviruses, firewalls and backups; today there’s a mass of new different security solutions, approaches and ideas. Sometimes we manage to stay ahead of the curve; sometimes we have some catch-up to do. And there are other times we fall into a stupor from astonishment – not from new technologies, innovations or fresh ideas, but from the barefaced brazenness and utter unscrupulousness of our colleagues in the security industry.
But first, let me explain how events have been developing.
There’s a very useful service called the VirusTotal multiscanner. It aggregates around 60 antivirus engines, which it uses to scan files and URLs folks send it for malware checking, and then it returns the verdict.
Example: Joe Bloggs finds a suspicious application or office document on a hard drive/USB stick/the Internet. Joe’s own antivirus software doesn’t flag it as containing a malware, but Joe is the paranoid type; he wants to make really sure it’s not infected. So he heads over to the VirusTotal site, which doesn’t have just one antivirus solution like he does, but ~60. It’s free too, so it’s a no brainer. So Joe uploads the file to VirusTotal and gets instant info on what all the different AVs think about it.
First of all, to clarify: both the folks at VirusTotal and those at VirusTotal’s owners Google are firmly on the ‘good guys’ side. They have no connection with parasites whatsoever. VirusTotal is run by a very professional team, which has for years been fulfilling the task at hand extremely effectively. (Still need convincing? How about VirusTotal winning the MVP award last year at the Security Analyst Summit (SAS)?) Today VirusTotal is one of the most important sources of new malware samples and malicious URLs; and also a very cool archeological tool for researching targeted attacks.
— J. A. Guerrero-Saade (@juanandres_gs) February 16, 2015
The problem lies with a handful of shady users of the multiscanner who, alas, are becoming more and more unblushingly unabashed in how they conduct themselves.