One of the most pernicious myths we have in the security/antivirus field is that the practitioners are law-abiding, ethical or even sane. It is a very demonstrable myth, and yet society – like the Police and other institutions let themselves be easily led into situations where they look like fools or even complicit. Think I’m joking?
Apart from the cases I have demonstrated lately, I’ll just give you a couple of examples from a very long ago. These two viruses were made by people inside the AV-industry and spread by AV people:
DOS.Guppy and DOS.Zerohunt.
They’re in no way the only ones, and we know a bit more about some of them because they were given to establishment AV-researchers with subtle differences, sort of like the Canary trap that our Police tried so very unsuccessfully to employ in the leak case. The difference was that these things really came with a true one-to-one relationship to a verified receiver. So we know who placed them in the wild.
What we also know is that CARO, the so-called Computer Antivirus Research Organization, is a tool in the hands of a very few, very wealthy founders of the Antivirus industry. When, after an antisemite cabal had taken over Norman ASA, I approached CARO and inquired as to their ethics rules, they told me basically “Oh, relax. CARO is really a drinking club. They send us to hotel bars”. Well, I don’t know exactly how wet the establishment is at all times, but I’ll just take my hint from a tech event. Some loon in the US had published a website that enabled any hobbyist with a knowledge of machining and programming, the right parts and the right tools, to build a homegrown cruise missile. Parts lists, sourcing, costs, tools and all were included.
They were very excited. Not over the threat, but over the chance that someone might finally have a tool to take out the despised Dubya.
Anyway, this is all fairly well known inside the industry, what’s left of the old guard. And ETHICS was the watchword that the established corporations used to guard against any and all competition :).
Nowadays Israeli companies are seeking new connects in the Western security industry. It would behoove them to thread very, very carefully.