A start-up offers a $10,000 reward to any programmer who can get malicious code past its product--and the antivirus community at large isn't pleased.
"It is probably one of the most irresponsible things that someone could do," said Vincent Gullotto, director of the Antivirus Emergency Response Team for security services company Network Associates.
The challenge will pay $100 to the first person to get a virus past the company's e-mail gateway and infect a computer on the internal network. The company will also pay $9,900 to the person for information about how they created the virus.
While such challenges have been popular as a way to gather hackers from around the world to crack encryption or test a security product, applying them to the virus-writing scene is irresponsible, said Susan Orbuch, spokeswoman for antivirus software company Trend Micro.
"This type of behavior is incredibly unethical," she said. "It encourages individuals to write viruses. I don't want this company to get publicity. I want them to take (the challenge) down."
Unlike attempts to hack a server, a virus can spread out of control beyond a single computer to the Internet at large, Orbuch said.
GateKeeper's product allows e-mail attachments into the corporate network only if the attachments have been authenticated by the company. Any e-mail containing invalid attachments is quarantined, and the body of the e-mail is sent on to its destination.
Mason Stewart, president of the Leesburg, Va., company, said he discussed the publicity campaign with the company's other four members and decided to go ahead. "I guess there is a certain amount of encouragement" to virus writers, he said. "But there is activity going on regardless."
Instead of criticizing his company, he said, the industry would do well to look at how poorly it has protected computer users against viruses.
"There is some complacency in the industry that they have the situation under control," he said. "I don't think we should get slammed."
Regardless of whether the publicity stunt works, the company could find itself in legal trouble if virus writers start claiming that they wrote viruses for the competition, said Joe Wells, the founder of a comprehensive online dictionary of viruses known as The Wildlist.
"It puts them in the role of, for every virus that is created, being held liable," he said. "They could become the scapegoat for virus writers for a long time."
As part of the protest, Wells intends to write an open letter of protest to GateKeeper.