Free antivirus and paid malware: the real Internet revolution!

We often imagine that there are antivirus publishers whose sole aim is to make a profit, and virus creators who do it for the pleasure of doing harm, and do it for free. Those days are gone.

There’s no need to point out how much the Internet has improved access to various applications, whether freeware, GPL-licensed or otherwise, without financial compensation. The participatory development characteristic of open source projects has grown considerably thanks to the Net. When it comes to antivirus, ClamAV is a fine example: this antivirus for mail servers is free and accessible to everyone.

Free antivirus software is not limited to the Linux or open source worlds. Thanks to capitalism and free enterprise, some companies offer free antivirus software to demonstrate their know-how, a sort of Proof of Concept. Avast, for example, offers a personal license of its antivirus for private users. There are sometimes lively debates about the supposed comparative value of free and paid antivirus software, so it’s up to you to experiment and come to your own conclusions.

The real originality lies in the reverse movement of malware creators. What was once an activity designed primarily to please oneself or to flatter an ego in search of recognition is now being transformed into a highly lucrative commercial activity. As soon as the first viruses and worms appeared, virus creation kits began to appear. In the 90s, they required an experienced user and were offered free of charge, source code included. In the early 2000s, these kits were enhanced with new features such as rootkits, remote control and worm propagation libraries, most of which are still free.

It was around 2005 that the tipping point began: kits now featured encrypted control devices, Web services, proxies designed to hijack browsers or scan hard drives for juicy information such as credit card numbers or e-mail addresses. The use of these kits is no longer limited to nuisance; they can also be used to fraudulently extract money. The “publishers” of the kits then demanded their share of the cake, and made their products chargeable.

In a fine example of mimicry, we began to see different teams competing with each other, offering extremely competitive services: guarantees, SLAs (guaranteed service levels), sales by subscription, by use or by batch, with online license registration and purchase, 24/7 after-sales service. Pricing? As in any online business, counterfeiting and piracy are also plagues, so much so that some teams have created their own protection systems!

Ironic: at a time when free antivirus software is readily available, and free and open source antivirus projects are trying to make a place for themselves in the sun, “rogues” are selling techniques designed to counter heuristic and behavioral detectors (e.g., by giving malware the ability to create several hundred pre-prepared variants), or by offering malware injection platforms (e.g., a network of sites) for buyers who can’t afford to buy one, and will go so far as to pay per infected click. Paid services range from phishing libraries to captcha breaking ($1 per captcha broken, for example, for a Russian group).

We therefore find ourselves in a situation where two rival economic sectors (antivirus and malware) start from opposing models (paid antivirus and free malware kits) and end up with an ever-growing range of free antivirus products on the one hand, and virus, worm and other malware kits on the other.