http://www.theregister.co.uk/2013/11/05/av_response_state_snooping_challenge/

Of course they do. Now they're going to be on record for doing so.


Security guru Bruce Schneier has joined with the Electronic Frontier Foundation and 23 other privacy and digital rights activists to call on antivirus firms to publicly state they do not turn a blind eye towards state-sponsored malware.

Antivirus vendors have been given until 15 November to go on the record about detection of state-sponsored malware, with early indictions pointing towards a somewhat weary "of course we detect it" response.

Meanwhile neutral observers of the security software market point out there's no need for spy agencies to ask for their malware to be whitelisted by vendors because defences aren't that strong in the first place.

An open letter (PDF) to the industry from Schneier et al follows recent revelations that the NSA uses malware and exploits to track users of the Tor anonymity service or otherwise monitor the communications of surveillance targets.

The existence of the NSA's Tailored Access Operations (TAO) hacking squad unit has been an open secret for years, but recent revelations have fleshed out the details and revealed that NSA hackers have procedures that mean they generally only resort to malware only in cases where it's unlikely their malicious code will be detected.

Effective security scanners might therefore be a factor when the NSA decides whether or not to run malware-based attacks – even though nobody seriously believes antivirus alone can be relied upon to defend against state-sponsored malware.

"As a manufacturer of antivirus software, your company has a vital position in providing security and maintaining the trust of internet users as they engage in sensitive activities such as electronic banking," the privacy activists and security experts wrote in an open letter to antivirus companies. "Consequently, there should be no doubt that your company's software provides the security needed to maintain this trust."

The letter (extract below) challenges antivirus vendors to be clear about their detection of governmental surveillance-ware, requesting a response by 15 November.

...

Story continues on Link above.

I figured this out months ago and abandoned anti-virus programs entirely. My computer runs much more smoothly now, and I have gotten no virus in the meantime and don't expect to.

I don't use ant-virus software either. Haven't ever sice I figured out where most of them were made.

Kaspersky: “We detect and remediate any malware attack,” even by NSA
Firm responds to EFF question about AV cooperation with government surveillance.
http://arstechnica.com/tech-policy/2013/11/kaspersky-we-detect-and-remediate-any-malware-attack-even-by-nsa/

Antivirus provider Kaspersky has designed its products to detect all malware, even if it's sponsored by the National Security Agency or other government entities under programs espoused to target terrorists or other threats.

"We have a very simple and straightforward policy as it relates to the detection of malware: We detect and remediate any malware attack, regardless of its origin or purpose," officials with the Moscow-based company wrote in a statement issued Wednesday. "There is no such thing as 'right' or 'wrong' malware for us."

The officials went on to cite Kaspersky researchers' track record in helping to uncover Flame and Gauss, two pieces of highly advanced, state-sponsored malware that infected thousands of computers, mostly in Iran and other Middle Eastern countries. The officials also recounted their efforts to detect espionage malware that targets human rights advocates and political dissidents.

The statement comes two weeks after the Electronic Frontier Foundation and two-dozen other individuals or groups sent AV companies an open letter urging them to protect their users against malware spawned by groups that carry out government surveillance. The letter came amid recent revelations that the NSA has a wide-ranging menu of software exploits at its disposal that has been used to identify users of the Tor anonymity service, track iPhone users, and monitor the communications of surveillance targets. The senders' concern is that AV companies may voluntarily cooperate with these programs by engineering their programs not to detect state-sponsored malware.

"It's imperative that these surveillance tools do not fall into the wrong hands, and that’s why the IT security industry can make no exceptions when it comes to detecting malware," Kaspersky went on to say.

Wednesday's statement is the only one we know of to be issued in response to last month's open letter. This post will be updated if other responses are discovered. Still, other AV providers have already pledged not to let state-sponsored malware pass through their products. In 2012, for instance, F-Secure Chief Research Officer Mikko Hypponen said his company would detect threats even if they were presumed to target rogue nations such as Iran or Sudan.

"We want to detect malware, regardless of its source or purpose," Hypponen wrote in a blog post. "Politics don't even enter the discussion, nor should they. Any malware, even targeted, can get out of hand and cause 'collateral damage' to machines that aren't the intended victim. Stuxnet, for example, spread around the world via its USB worm functionality and infected more than 100,000 computers while seeking out its real target, computers operating the Natanz uranium enrichment facility in Iran. In short, it's our job as an industry to protect computers against malware. That's it."

-t