We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,131 News Articles

Security vendors team up against fake antivirus

Whitelist of legitimate software established

Security software vendors hope to tackle the growing number of fake antivirus products circulating on the internet by creating a public list of legitimate vendors and programs.

Run from the website of the Common Computing Security Standards Forum (CCSS), an organisation set up in March of this year by Comodo CEO and chief security architect, Melih Abdulhayoglu, the purpose is to give ordinary internet users something with which to check programs and publishers before buying software from the internet.

In recent times, the phenomenon of scareware anti-malware programs - which dupe users into believing that their PCs are infected with malware when they are not - has grown into a significant sector in the online crime world. Typically, the bogus programs ask for a licence fee to ‘clean' malware, and in the worst cases even install real malware on a victim's PC.

A wide range of vendors are named on the provisional list, including the big names, Microsoft, Symantec, Trend Micro and McAfee , with smaller vendors such as Kaspersky Lab, Check Point, Panda, Sunbelt Software, Fortinet, and Webroot, also prominent. The CCSS was confident that it had involved "95 percent" of legitimate software security vendors, Abdulhayoglu said.

Rogue antivirus app posts fake online reviews

Microsoft removes fake antivirus software

"Whether they pay for their security software or they use a free version, internet users have a right to know that their software is protecting them, not exposing them to danger or adware," he added.
According to Abdulhayoglu, normal security software could not protect users against such programs because they did not necessarily perform any non-legitimate actions. The CCSS's remit was wider than just tacking scareware but this would be one of its main priorities while it established itself as a legal entity in the coming months.

"There hasn't been an organisation that gets the industry together to solve problems," said Abdulhayoglu. "There is no unifying voice from the AV industry to the operating system vendors."

To stop bogus companies getting their products credited, new membership applications were voted on in a peer review fashion by established members. As to analysing what was and was not legitimate, "It is the intent that matters".

What about the possibility that scareware writers would launch DDoS attacks on the company's website or even block potential victims from visiting its domain to check whether a program was legitimate? The best defence against this was to distribute the list of legitimate companies to other organisations on the Internet, said Abdulhayoglu.

Download FREE whitepapers:

Ten tips on security

Make sure your network is secure

PC security advice

Techworld


IDG UK Sites

OnePlus Two release date rumours: Something's happening on 22 July

IDG UK Sites

13in MacBook Air review, Apple's MacBook Air 2014 reviewed

IDG UK Sites

5 reasons to buy an electric car and 5 reasons not to

IDG UK Sites

Evernote Skitch: the best way for creatives to doodle feedback