Race to Zero: A Golden Opportunity for the Antivirus Industry
A new contest called Race to Zero is being held at Defcon this year. The premise is that you take a modern virus and modify it to evade detection by antivirus companies. The AV industry is officially crying foul, saying that this only encourages bad behavior. The organizers say it will point out the shortcomings of modern AV engines.
I'm going to ruin part of the contest: It's scandalously easy to circumvent any antivirus engine with a trivial amount of work. There has been evidence of this: The Consumer Reports scandal is one of them. The point is that it is not difficult to apply some seemingly minor and trivial modification that completely evades detection. The AV companies know it, the malware authors know it, the only people who don't have a clue are the consumers. Shaking their confidence of spending $60 per year on updates is something that the AV vendors fear. That's why the lawyers are probably going to get involved very quickly.
In lieu of this sure to be scandalous con drama, I propose a secondary contest. Antivirus vendors all race each other to develop signatures for the new variants as quickly as possible. Bring your best analysts to Defcon, or engage the home analysts, and show the true value of a good AV company: its signature development and reverse engineering teams.