“Crossover” Virus Causes Security Industry Dust-Up

By Michael Santo
Contributing Writer, RealTechNews

Hard to believe a virus can cause enmity between security companies but this one has. This week, the Mobile Antivirus Research Association, a collection of professors, authors and security professionals, announced it had discovered the first virus that can jump from PC to PDA. Normally, such virus samples are sent by the creator to the major antivirus firms and shared among virus experts. But in this case, MARA has refused to share the code unless companies join its membership.

“You have to go a long way back to find an analogous situation, where an antivirus group finds a virus and sits on the sample,” said Mikko Hyppönen, chief research officer for antivirus firm F-Secure. “We didn’t want to join their organization just to get a sample.”

The debate over the virus sample has highlighted a rift between the more the conservative antivirus industry and a group of security researchers that do not adhere to the industry’s stance against publishing virus code and associating with virus writers. Many security researchers believe that open disclosure of security vulnerabilities leads to better security. As those researchers begin to study viruses, worms and bot software, they argue that the same logic means the open discussion of threatening vectors for worms.

“We work with people on a trust basis, people who have been in the industry and are known to us,” said Joe Telafici, director of operations for the antivirus emergency response team (AVERT) at security firm McAfee. “We simply don’t know any of these guys. Right now we have to say, ‘Give (the virus) to people who are going to protect people from it.’” Source: Security Focus

We Say: MARA is a pretty new organization, and antivirus organizations need this sample in order to protect their customers — us. I really don’t agree with their stance, and it’s unsettling that many of us cannot be protected because of a disagreement between groups.