Hitler is alive in South America. Jim Morrison is alive and living in seclusion on a mountain somewhere. Conspiracy theories never die and tend to live forever in the minds of the irrational. I recently received the following question:
“Some people say that the AV company itself (ESET, Kaspersky, Symantec ..) also writes viruses! How can we reply to them with rational evidences?”
Well, rational evidence never killed a conspiracy theory, but I’ll provide some information anyway. Most AV companies refuse to even hire a known virus writer. It is entirely possible that at some point in history an individual who worked for an AV company wrote a virus. No company is immune from hiring a bad apple here and there, but writing viruses is not the kind of thing a legitimate antivirus company condones.
Before I go on, let’s change the word virus to malware so we are talking about malicious programs in general. Most of the malware we see today is not a virus at all.
There are several good reasons for an antivirus company not to write malware. If an antivirus company wrote malware then they would jeopardize their business. If they got caught doing this they would be out of business and face criminal charges in many countries. This isn’t a very smart business strategy.
Right now there is too much malware to keep up with. Antivirus companies struggle with the sheer volume of threats, there isn’t a need for more. I’m sure the labs at the AV companies could keep busy for a long time processing the samples that haven’t yet been added for detection.
It is a really stupid business model for an antivirus company to pay someone to write malware when there are so many people who already do it. If people come over and keep your house immaculately landscaped for free are you going to hire someone to do that as well?
Writing viruses is not that hard a thing to do. It doesn’t take much more skill than a novice programmer has to write a virus, it isn’t rocket science. While I am sure there are still some of the old school virus writers who write viruses for fun or out of malice, the bulk of the malware we see today is used to steal money, online game credentials (for money), and personal identities (for money). We see malware written and used for corporate espionage, and probably for government espionage as well. Sometimes malware is used for retaliation, however it isn’t the antivirus companies writing all of this crap.
Most antivirus companies were started by a person who encountered a virus and wanted to try to get rid of it. These people started with the intent of creating a very useful program and never lost that desire.
Now a days there are rogue antivirus products, but these are written by criminals who have no ability to write a decent antivirus product and are hiding so as not to get caught. Writing malware is what these people do for a living.
There have been some malware authors who were caught and convicted, but none of them were in the employ of an antivirus company.
Now you can show an irrational person the information, but you can’t make them think rationally. You might ask them if they believe the firemen start the fires to keep their jobs, if doctors try to make people sick to keep their jobs, if garbage collectors make all the trash to keep their jobs, and so on.
It is a ridiculous and illogical accusation that doesn’t stand up to logical scrutiny, but such is the case when you deal with paranoid conspiracy theorists.
Director of Technical Education
Author ESET Research, We Live Security