(NaturalNews) Has the war against malicious spyware, Trojan horses, and other types of nasty computer viruses been lost? One antivirus expert seems to think so, having recently published an opinion piece at Wired.com that basically admits the antivirus industry he represents has failed to catch some of the worst security threats in recent years, including those spawned by both the U.S. and foreign governments as part of cyber-espionage efforts.
Mikko Hypponen, Chief Research Officer at antivirus company F-Secure, is one of several whose software companies failed to detect the recently discovered "Flame" virus, for instance, which has been dubbed the most sophisticated form of malware ever seen. As NaturalNews reported on recently, Flame is a relative of Stuxnet, another malicious form of malware that slowly wormed its way into Iran's nuclear facility management systems several years ago without detection (http://www.naturalnews.com).
"When we went digging through our archive for related samples of malware, we were surprised to find that we already had samples of Flame, dating back to 2010 and 2011, that we were unaware we possessed" writes Hypponen, claiming also that the Iranian Computer Emergency Response Team was the first to notify his company that Flame had been detected in Iranian computers.
"They had come through automated reporting mechanisms, but had never been flagged by the system as something we should examine closely [...] What this means is that all of us had missed detecting this malware for two years, or more. That's a spectacular failure for our company, and for the antivirus industry in general."
Antivirus industry says it is incapable of stopping sophisticated malware
Hypponen basically implies in his piece that the antivirus industry is incapable of stopping some of the worst and most sophisticated types of malware in existence today because they are simply too advanced and too well cloaked. He adds that Flame, as well as several other similar types of advanced malware including Stuxnet (a relative of Flame) and DuQu, are most likely products of the U.S. government that are being used for "covert operations."
Just days after Hypponen's piece was published at Wired.com, it was revealed that Flame's extensively versatile arsenal of functions, which includes its ability to track users' instant messaging conversations, for instance, and take screenshots of users' computer screens, was being managed by an intricate, global network of fake identities.
According to the report, at least 86 domain names were registered worldwide throughout the past several years by aliases in primarily Germany and Austria. These domains were also linked to IP addresses through Europe, Asia, and elsewhere, which illustrates the unprecedented infrastructure that was put in place to run this state-sponsored, global surveillance program (http://www.wired.com/threatlevel/2012/06/flame-command-and-control/).
With that being said, it is possible that the undercover spying ring, and others like it, are just too stealthy for antivirus experts to spot and eliminate. Hypponen suggests this when he claims that "consumer-grade antivirus products can't protect against targeted malware created by well-resourced nation-states with bulging budgets."
On the other hand, the antivirus approach itself is outdated, say some, as it targets security breaches after they have been identified rather than try to prevent them. If antivirus software programs were reconfigured to deny all code not expressly approved for use on a machine, rather than simply allow everything not expressly denied, it would be much more difficult for malware to infect users' machines.