Yes, antivirus vendors do create their own malware

[thathagat]

well.........read here.....http://sunbeltblog.blogspot.com/2009/09/malware-experience-brought-to-you-by.html

quote from sunbelt blog:

McAfee Avert Labs is advertising its Focus ’09 conference next month in Washington, D.C.. We find one of the 13 sessions offered on the agenda disturbing:

Avert Labs — Malware Experience

Join experts from McAfee Avert Labs and have a chance to create a Trojan horse, commandeer a botnet, install a rootkit and experience first hand how easy it is to modify websites to serve up malware. Of course this will all be done in the safe and closed environment, ensuring that what you create doesn't actually go out onto the Internet.”

This is unethical. And it’s the wrong approach to teaching awareness and understanding of malware. This would be like your local police giving a crash-course on how to plan and execute the perfect robbery -- yet to avoid public criticism, they teach it in a ‘safe environment’: your local police station.

The oldest myth and question in the antivirus business can now be answered thanks to McAfee: ‘Yes, antivirus vendors do create their own malware. At least one of them does it. On top of that they even educate people that are not criminals yet on how to do it!’ Knowing Vesselin Bontchev as a colleague and friend, I’m sure the last word has not been spoken here. Someone has to point out that this is wrong.

[Polkadot]

To code an anti-malware program, you need more than a data base of malwares. You need people who can actually write malware...you need to think inside the head of your enemy. A spyware test about a year ago had Windows Defender at the bottom of the list of programs tested, yet they were the ONLY program tested that detected ONE threat. Makes ME wonder if M$ didn't write that piece of code just to make themselves look better.

[safeguy]

A rather weak argument imo...who says it's wrong???

A good cop needs to know how the criminal thinks and works...only then can the cop stop the crime before it even happens.

On top of that they even educate people that are not criminals yet on how to do it!

What's wrong with that? Just because someone teaches you how to steal doesn't mean you will. Same thing...just because a person is taught

how to create a Trojan horse, commandeer a botnet, install a rootkit

it doesn't mean the person will use that knowledge for bad/harmful purposes.

[dschrader]

I have worked for 3 different av companies and have been in the business since 1995. I have never seen any sign of any reputable av company writing viruses.

McAfee changed the course description to say they would analyze a trojan, not write one.

Long ago all the major av companies also agreed not to hire any known virus writers. Not only would writing viruses be a potential pr nightmare, it is unnecessary. We are getting 15,000 to 20,000 new viruses every day. We have 5 million unique malware programs today - and it will double next year. None of have time to write viruses. We are all stuggling to write better tools for automatically analyzing the malware we are flooded with.

[Ceyfer √]

Related thread from Wilders

[luffy]

McAfee employees have so much free time. They even have time to write their own malware. It makes sense now. Since their AV is like crap.

[rnbv424140]

With that they'll never run out of business...

[212eta]

That's an Old Myth ???

To test AntiMalware Products,
you need Malware ,
and therefore,
you need Malware Writers.

This is also known as the Vicious circle of the In-Security Software Industry.

[saturn]

The best one I heard was an AV company putting viruses on their installation disks!If it did a prescan it would pick it up and make you think that the previous av you was using wasn't that effective This made me laugh

[safeguy]

saturnguy, which AV was that? Do u remember?