5/31/2007

When vendors get nuts

In a post recently appeared on the McAfee's Avert Labs Blog (posted by Vinoo Thomas) we were quite entertained by reading an astonishing statement in which McAfee curses against a crew of virus researchers who "dared" to send a proof of concept of a virus to McAfee's laboratories.

The concept virus is quite interesting as it is reported on the blog "
virus Bad Bunny a.k.a StarOffice/BadBunny is a multi-platform macro virus written in StarBasic and which executes on Linux, MacOSX and Windows. It is capable of infecting JavaScript, Ruby and Perl script files and also attempts to perform a denial of service attack on antivirus vendor sites by sending large ICMP packets continuously."

Pretty neat! Now, where would it be the value of such PoC? The value consists in the early-alert the antivirus vendor gets about the possible release of a new attacking vector/methodology on which, needless to say, they will base their business. Knowing in advance new attacking vectors/methodologies is crucial for the security business as the security vendors should always try to be a step-ahead of the cyber criminals. You cannot build a decent security strategy without valuing properly the messages coming from your intelligence network, and in such view warnings (or PoCs) coming from researchers are certanly the best kind of intelligence a security agency could ever dream of.

But no, McAfee dismissed the job of those researchers by reporting
Peter Ferrie’s motivating words for such virus authors. “So imagine you’re a virus writer, someone who specialises in one-of-a-kind viruses, and you want to do something that’s really new and different. What should it be? How about quitting?

Take the cue guys. Get a life!"

We have just two questions here:

1 - Assuming all virus writers would quit writing viruses, what would McAfee's shareholders say?
2 - Do McAfee really think that giving the finger to researchers would be the best motivation for them not to sell their research to the criminal market?

Think once. Even better, think twice.