Race to Zero aims to stump antivirus scanners
A controversial new competition at DefCon this year will ask researchers to evade current antivirus products.
A new contest to be held at this year's DefCon in Las Vegas in August hopes to prove that signature-based antivirus is dead, a move that one leading antivirus researcher says is "not a good idea."
The goal of the Race to Zero is simple: obfuscate a malicious code so that it evades well-known antivirus engines.
Contestants will be given a sample set of viruses and malicious code that they must modify and then upload through the contest portal. Once accepted, the sample will be sent through a number of leading antivirus engines (perhaps using VirusTotal.com to provide real time test results). The first team or individual who manages to evade all the antivirus engines wins that round. The organizers promise that each round will increase in complexity.
On the contest site, organizers list six reasons for hosting this event:
- Reverse engineering and code analysis is fun.
- Not all antivirus is equal and poorly performing antivirus vendors should be called out.
- Signature-based antivirus products can be easily circumvented.
- It's easier to modify malicious software than it is to write signature protection for it.
- Signature-based antivirus is dead.
- Antivirus is just part of the larger picture, you need patching, firewalling and sound security policies to remain virus free.
But Dave Marcus, security research and communications manager at McAfee Avert Labs, said: "Encouraging research that results in better evasion techniques for malware writers is not a good idea. How many identities will be lost and how much data will be stolen from users as a result of the new techniques and evasions that are created? Security research should center around bettering detection not evasion."
DefCon 16 will be held August 8-10 at the Riviera Hotel in Las Vegas.