Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Contest slammed for encouraging hackers

Challenge to sneak viruses past AV packages.

By Robert McMillan, IDG News Service | Published: 10:42, 28 April 2008

Anti-virus companies are angry at a planned new event at a major security conference in the US.

Called Race-to-Zero, the contest will invite visitors to the Defcon hacker conference to find new ways of beating anti-virus software.

Contestants will get some sample virus code that they must modify and try to sneak past the anti-virus products.

Awards will be given for "Most elegant obfuscation," "Dirtiest hack of an obfuscation," "Comedy value" and "Most deserving of beer," contest organisers say.

The contest was announced Friday. Security vendors began panning it immediately, saying it will simply help the bad guys learn some new tricks.

"It will do more harm than good," said Paul Ferguson, a researcher with anti-virus vendor TrendMicro. "Responsible disclosure is one thing, but now actually encouraging people to do this as a contest is a little over the top."

Some compared the contest to a controversial 2006 Consumer Reports review of anti-virus software. In that article, the magazine created 5,500 new virus samples, based on existing malware, and was roundly criticised by anti-virus vendors for contributing to the rapidly expanding list of known malware.

Security companies are already having a hard time keeping up with the torrent of new malware.

With anti-virus vendors already processing some 30,000 samples each day, there's no need for any more samples, said Roger Thompson, chief research officer with anti-virus vendor AVG Technologies.

"It's hard to see an upside for encouraging people to write more viruses," he said via instant message. "It's a dumb idea." Contest organisers say that they're trying to help computer users understand just how much effort is required to skirt anti-virus products.

"The point behind the contest is to illustrate that anti-virus alone is not a complete defence against malware," said one of the contest's organisers, who identified himself only as "Rich," in an email message.

The Race-to-Zero sponsors hope to present the contest results during Defcon, Rich said.

The contest is not organised by Defcon, but is one of the unofficial events that the show's organisers have encouraged attendees to arrange.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.