1. How Antivirus Companies Handle StateSponsored Malware
Government might get its own companies to play along and it would
not be able to influence international companies. So while the NSA
could certainly pressure McAfee or Symantec -- both Silicon Valley
companies -- to ignore NSA malware, it could not similarly pressure
Kaspersky Labs (Russian), F-Secure (Finnish), or AVAST (Czech).
And the governments of Russia, Finland, and the Czech Republic will
have comparable problems.
Bruce Schneier say in one of his articles «I joined a group of security
experts to ask antivirus companies explicitly if they were ignoring
malware at the behest of a government.Understanding that the
companies could certainly lie, this is the response so far: no one has
admitted to doing so.Up until this moment, only a handful of the
vendors have replied ESET, F-Secure, Norman Shark, Kaspersky,
Panda and Trend Micro. All of the responding companies have
confirmed the detection of state sponsored malware, e.g. R2D2 and
FinFisher. Furthermore, they claim they have never received a request
to not detect malware.
And if they were asked by any government to do so in the future, they
said they would not comply. All the aforementioned companies
believe there is no such thing as harmless malware.»
Furthermore, this means that several vendors did not respond to the
letter before the deadline. The letter was sent to: Agnitum, Ahnlab,
Avira operations GmbH & Co. KG, AVG, AVAST software a.s.,
Bullguard Ltd, Bitdefender SRL, F-Secure Corporation, Kaspersky
Lab, McAfee Inc, Norman Shark, Microsoft Corporation, ESET spol.
S r.o., Panda Security S.L., Symantec Corporation and Trend Micro
Incorporated. Mikko Hypponen of F-Secure attenpts to explain why
anti-virus companies didn't catch Stuxnet, DuQu and Flame .Hi say «
Stuxnet, Duqu and Flame are not normal, everyday
malware, of course. All three of them were most likely developed by
a Western intelligence
agency as part of covert operations that weren’t meant to be
2. discovered .
His conclusion is simply that the attackers -- in this case, military
intelligence agencies -- are simply better than
commercial-grade anti-virus programs !!!
Conclusion :
Security technology can stop common attacks, but targeted
attacks fly under the radar. That's
because traditional products, which scan e-mail at the network
gateway or on the desktop,
can't recognize the threat.