14 DAY TRIAL // In an interview with Brian Krebs, Boris Sharov, the CEO of Dr.Web, a Russian-based antivirus (AV) company, revealed an incident from 2012 when a misunderstanding in communications led to clean files being marked as threats on multiple AV engines.
This revelation comes on the wake of the Kaspersky Lab scandal, in which the company was accused of intentionally doctoring virus detection results to cause false positives for its rivals.
According to Mr. Sharov's statement for the Krebs on Security blog, his company, Dr.Web, sent two files to antivirus testing laboratories.
A misunderstanding led to false positives across the globe
In their email that accompanied the files, Mr. Sharov said, "We are sending you clean files, but a little bit modified. Could you please check what your system says about that?"
It is possible, but not confirmed, that Mr. Sharov wanted to check if the AV engines of his rivals would be able to detect files altered by his team. To his credit, he mentioned in the email the files were clean.
Unfortunately for everyone involved, someone must have quickly gone over the email without actually reading the text, and after the two files were tested, the results came in and seven antivirus engines detected them as malicious.
But things didn't end here. Since antivirus companies have protocols they use to share their recent findings of malicious files, to Mr. Sharov's astonishment, a week later, almost half of the antivirus products on the market in 2012 were detecting those two samples as being infected.
"At this point, we were very confused, because our explanation was very clear. 'We are sending you clean files. A little bit modified, but clean, harmless files'," said Boris Sharov.
Should the discovery of a malicious file be considered intellectual property?
As Mr. Sharov explains, and as so did Eugene Kaspersky many times in the past, most antivirus engines simply copy each other’s findings without actually having someone go over them.
This is exactly what Kaspersky Labs wanted to prove in 2010, when, in a publicly self-denounced experiment, they showed how many antivirus makers blatantly copied their fake malicious files, without actually doing any investigation on them.
This raises a serious question when it comes to the moral legality some of these antivirus engines work under, and only frustrates hard-working security experts who actually do all the work to keep users safe.
Maybe it's time we saw some lawsuits between some of these antivirus makers, don't you think?