Anti-malware vendors unite to fight cybercriminals
I travel a lot. One day I might be in Australia, next day Japan and then off to the United States. Why such a hectic schedule? It's all about how the antivirus industry cooperates. I've been in meetings. Specifically, I've been in meetings with our competitors.
I've now been working with computer viruses for more than 20 years. During this time I've come to realize that the antivirus industry is quite unique in the way direct competitors help each other. It's not publicly known, but antivirus companies like F-Secure, Symantec, McAfee, Trend Micro and others help each other out all the time.
On the surface, antivirus vendors are direct competitors. And in fact, the competition is fierce on the sales and marketing side. But on the technical side, we're actually very friendly to each other. It seems that everyone knows everyone else. After all, there are only a few hundred antivirus analysts in the whole world.
These analysts meet in face-to-face private meetings, closed workshops and at security conferences. We run encrypted and closed mailing lists. We chat in secure online systems. And in these venues we exchange information on what's happening. What was the latest outbreak? What was the most recent exploit? Who found the newest vulnerability? And we ask for each other's help. Where did that malware come from? Has anybody seen this domain or IP range before? Has any other antivirus lab been able to decode this particular malware?
Antivirus vendors also share all their virus samples. Every day, completely automatically, all the major antivirus labs extract their daily collections of new viruses, encrypt them (typically with PGP) and submit the collections to their competitors. Obviously this really helps the end customers, as it's enough for just one vendor to get their hands on a sample, and all the other vendors will get the sample automatically.
Members of the antivirus industry also cooperate with international authorities and law enforcement. We provide intelligence on the computer underground to the police in various countries regularly. It's a common goal for all antivirus vendors to try to take down virus writers when we find them.
On the surface, this doesn't seem to make sense. Why do we cooperate with our competitors to such a large extent? I believe it's because we have a common enemy.
You see, normal software companies do not have enemies; just competitors. If you're in the business of writing, for example, word processors you don't have enemies. In our business, it's different. Obviously we have competitors, but they are not our main problem. Our main problem are the virus writers, the bot authors, the spammers and the phishers. They hate us. They often attack us directly. And it's our job to try to keep them at bay and do what we can to protect our customers from them.
In this job, all the vendors are in the same boat. This is why we help each other. And this is why I believe we are not losing the war against online criminals