Scary hacker idea of fun
Among the attractions at Defcon 16, to be held in Las Vegas next 8-10 August, is a competition called Race to Zero, in which contestants will be given a standard set of viruses and malcode to modify. The winner will be the one who most quickly defeats leading anti-virus suites.
Defcon 16 is touted as an opportunity for ‘real time social networking for ninjas.’ The blog calls it a ‘Mecca for the underground . . . a mind-blowing orgy of information exchange, viewpoints, speeches, education, enlightenment and most of all sheer, unchecked partying.’
Didn't 'real time social networking' used to be called 'going out'? And as for the 'sheer, unchecked partying'...well, let's see.
Anyway, the organisers say Race to Zero is designed to show that reverse engineering and code analysis is fun, as if that was ever in doubt. ‘We are not creating new viruses and modified samples will not be released into the wild,’ they state. On a more serious note, the event is intended to underline the following:
1. Not all antivirus is equal, some products are far easier to circumvent than others. Poorly performing antivirus vendors should be called out.
2. The majority of the signature-based antivirus products can be easily circumvented with a minimal amount of effort.
3. The time taken to modify a piece of known malware to circumvent a good proportion of scanners is disproportionate to the costs of antivirus protection and the losses resulting from the trust placed in it.
4. Signature-based antivirus is dead, people need to look to heuristic, statistical and behaviour based techniques to identify emerging threats.
5. Antivirus is just part of the larger picture, you need to look at controlling your endpoint devices with patching, firewalling and sound security policies to remain virus free.
Leading anti-virus suite producers are understandably sniffy about the competition; they would be very well advised to attend the event, notebooks and blank employment contracts in hand.