Could The Antivirus Industry Be Writing The Viruses That Cause Us To Buy Their Products?

That the antivirus industry could be boosting their profits by creating the threats that they offer a solution to is an interesting question.


I’d not given it much thought previously until “Anon” left the following comment on my post about Trojan.Killfiles.904

Though it probably sounds like idle speculation and paranoia, a very reasonable and viable explanation for the amount of time and effort placed into such seemingly pointless creations is that it is for the benefit of the anti-virus industry.

The more dangerous the virus the more paranoia it can instill, encouraging profit and thus active development within the AV industry.

One could go so far as to suspect that a larger portion of new viruses come from anti-virus companies themselves than from tech-savvy teens with nothing to gain.

Aside from that, there have been many cases in the past of proficient and notorious virus writers being hired by large software firms, including some specializing in digital security no doubt.

Paranoia perhaps, but paranoia based in logic.

The anonymous commentator’s observation that virus writers have been employed by AV firms is especially interesting if true.

I think I’ve read before that it is but may be mistaken, though I do remember reading a lot of comments on Twitter that blamed Confiker on the security industry.

Do you think that internet security firms could be behind at least some of the threats that are causing web users to invest in their products?

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. Bill Baskett says:

    I didn’t bother to read the content. having written “wrappers” in dos days of pc’s (verifying match of floppy to machine for honeywell to manage software license), i recognized then the failings of the operating system which was then “wrapped” with windows. i made a joke back when windows was released that “you can put stained glass windows on an outhouse, but it’s still a shithole inside”.

    it wasn’t long after that such wrappers showed up erasing disc after a period elapsed, or on a particular day, such as jan 1. “ironically” companies such as mcafee sprouted up amongst the infections.

    who profits most from a virus? the sociopath or the antivirus corp?

    clearly the sociopath.

  2. Elephant and Castle says:

    The industry stooge writes: “One always hears rumors that the government is using former hackers etc, but frankly I find this hard to believe.”

    hard to believe?! is this guy serious?!

    every government around the world has hackers on its payroll, not least the US and UK governments.

    Electronic warfare is perhaps the single biggest growth industry in the military-intelligence sector. Whenever you hear an overseas “rogue” government, such as Iran’s, shrieking that its vital infrastructure has been attacked by foreign hackers, that will undoubtedly be the handiwork of electronic warfare operatives in some three letter agency of your own government.

    The rest of this stooge’s blathering about antivirus software houses being holier than thou is unmitigated rubbish.

    The AV industry is a $10bn global market, and the so-called “good guys”, that is the anti-virus software developers, are very much in bed with the malware coders. In many cases, they are on the same corporate payroll.

  3. Its amazing isn’t it how the best defence is common sense and yet so few internet users ever deploy any!

    As for research with regard to retailers I would definitely second the gathering of opinions from people you trust.

    I would, however, urge a little caution where forums and blogs are concerned as some have their own agendas as I know well from my own travels across the web.

    As far as antivirus is concerned there are many fine products out there and avast certainly do offer a free version so anyone reading this has no excuse for not getting a copy now!

  4. Hi Lee,

    One always hears rumors that the government is using “former” hackers etc, but frankly I find this hard to believe. A decent “ethical hacker” course teaches more about hacking than *most* so-called hackers know. It’s also possible to study virus-writing and antivirus techniques on many computer science courses these days too, so I don’t think that there is a lack of skills in either direction (malware/antimalware).

    When I say most malware is criminal in intent, I cited two examples (botnets for spam and DDoS); but identity theft is the next big one, along with simple “one at a time” credit-card details theft, all the way up to really getting into someone’s life and literally stealing their identity, to gain mortgages, lines of credit. A compromised system is good for many things, and it is why malware is mostly coming out of organized crime these days.

    Much computer security, however, is common sense: make sure your system is patched; make sure you are not giving out details (of any description) to people you don’t trust; never make transactions with retailers you don’t know, or if you have never heard of the site, do some research first — rip-off report, forums and related websites are a good starting point; better yet, get recommendations from people you trust.

    Of course, I recommend a good antivirus — we (and others) have one available for free, so it needn’t cost a thing. Also run a firewall.

    The most secure computer is turned off, and not connected to the internet – not so practical, but with every additional risk one adds (always on internet, for instance), take extra precautions.

    I am sure some people will always look at security vendors with a bit of suspicion, because people wonder where the viruses, trojans, spyware, rootkits and other forms of malware come from. Well, all I can add is: it isn’t us. To my knowledge, it never has been, and I would certainly be happy to blow the whistle is it was.

    Hope that helps some more.

    All the best,


  5. “Disclosure: I run worldwide operations for ALWIL Software, makers of avast! antivirus.”

    Cool… after my hard drive crashes I need a new av product 😉

    Seriously though, thanks for taking the time to write such a detailed response Justin, much appreciated.

    I totally agree with your comments about the negative publicity that would ensue if an antivirus vendor got caught writing malicious code.

    Heck, even employing someone who had connections with such activity in the past could generate quite a negative reaction I reckon.

    You do, though, hear about governments employing (ex) hackers in order to give them a different perspective so that they can improve their security measures.

    Could a company in the security industry not follow suit or are you saying that the bad guys have evolved into the sort of criminals who would never contemplate such a partnership?

    Lastly, for now, when you say that viruses, etc are written with criminal intent what do you mean exactly? Sure, they are disruptive and botnets can be used to DDoS large sites into a corner where they may pay a ‘ransom’ to stop the attack but isn’t it the case that most attacks still ultimately lead to individual cases of id theft and the promotion of spam?

  6. Are you talking about antivirus products or politicians Col? 😀

  7. See Justin’s comment below to see what a high-profile security industry guy thinks on the issue.

  8. If true, yes, it most certainly would be good for their bottom line.

  9. Those who promise to keep us safe are normally the first ones to watch out for 😉

  10. Disclosure: I run worldwide operations for ALWIL Software, makers of avast! antivirus.

    This has been a common accusation towards the antivirus industry for some years, though, knowing many, many players in the industry personally, I can vouch that it’s simply not true.

    It IS true that in the early days of the industry, some antivirus vendors DID employ former (and I stress former) virus writers. One reason being that, on the whole, in the early days, many viruses were written for fun and were actually pretty benign, both in intent and underlying motives (most being educational), and the knowledge these early virus writers had was invaluable in beating future virus writers.

    I can’t think of one vendor who would risk it now-a-days, or at least certainly not without full public disclosure. The risks to a company’s reputation are just far too large — and you only need to screw that up once to see your company fail.

    As the industry has started to mature, however, most of the viruses (and more often trojans and spyware) written today are more criminal in intent. The intent being to harness computers as part of botnets, many aimed at spamming or DDoS attacks which can make those that control them a lot of money.

    The days of the lone hacker writing a virus for “fun” are mostly behind us — though, of course, one can never say never.

    The vast resources, expense and risk of running an antivirus (or more typically anti-malware) software company really don’t add up, for most vendors, if they were the one’s supplying the malware.

    For instance, if one were caught out – the legal, punitive damage downside and risk of imprisonment are far too great to make it worthwhile.

    Also, most anti-malware vendors are receiving something like 7000 – 9000 variant samples per day (not all in the wild), and, as such, just to keep up with that kind of volume is costing a fortune and making the job much, much harder.

    Therefore, to suggest that there are the spare resources to push out additional threats in order to drive business is simply ludicrous.

    Is it possible to say there has NEVER been a bad apple in the industry. Probably not. Can I say with hand-on-heart that the industry is not putting out malware to increase revenues? Yes.

    The job is hard enough as it is, without adding to the problem.

    The talented and hardworking guys and girls in our industry really want to beat the malware makers. It’s a challenge that is both interesting and hard, and that hardworking talent works long hours, under amazingly tight deadlines and oftentimes these aren’t the best paid jobs in the industry.

    Were someone to create a wonderful detection engine that did not require signatures and worked 100%, trust me, we’d all go off and find other wonderful ways to change the world. That software has not made it to the world yet, but our fight has always been with malware makers, and that fight continues every day.

    Do we all make money doing that? Absolutely. But I think I can say without caveat that we could all make money elsewhere if we could beat malware forever; so the simple truth is, we don’t need to write malware to drive revenue. The bad guys are doing enough of that already.

    Sorry to disappoint that there is no conspiracy. I, for one, would blow it wide open if that were the case.

    All the best,


    Worldwide Operations Manager
    ALWIL Software a.s.

  11. I too heard that Confiker was written by the security industry to boost sales of their products during the recession. Not sure how true that is though.

  12. I think it is quite possible, seems like a great profit motive.

Speak Your Mind