7

Are there any known cases where antivirus companies for some reason have choosen to make their product allow/ignore malicious software? The reason could be government coercion or former trustworthy companies/developers turning to cyber-crime.

MaxD
  • 503
  • 4
  • 9
qnyz
  • 211
  • 1
  • 4
  • I don't know of any, but Microsoft has had a suspicious history of numerous vulnerabilities, despite being one of the wealthiest businesses in the world. Also, a backdoor was found in the iPhones that's a bit suspicious, [here's an article](http://rt.com/usa/175088-apple-backdoor-ios-hope/) – JVE999 Jul 24 '14 at 19:52
  • 3
    The closest thing I have found is the report of McAfee contacting the FBI to assure that the bureaus keylogger "Magic Lantern" would not be detected. McAfee denied that such a thing had ever happend. – qnyz Jul 25 '14 at 11:50
  • It depends what you mean by Malicious software: If you mean software that you are not expecting to have on your machine, then YES, they do allow this through all the time. – KingJohnno Mar 11 '15 at 09:51

2 Answers2

5

I think the best and most common example of this is software that has malware (specifically spyware/adware) like practices but operates as a "legitimate" business (particularly if they can get this into some terms and conditions and/or rely on users not selecting options correctly or other dark-patterns e.g. "Tick here to confirm you don't want to not install MySearchWebPartner" etc).

For instance there are thousands of posts from irritated people about OpenCandy / ConduitSearch but while some AV engines have now started warning about it, few will actually flag it as malicious.

A lot of the AV companies won't go near them because they are worried about being sued by these companies for loss of revenue if they start blocking them.

I can't find the link right now, but I remember that was the reason Microsoft stated they weren't willing to outright block some software from software silently changing the default search provider or home screen to known nuisance ones for fear of litigation; so they researched providing a warning instead for us to be "better informed".

Microsoft security products consider adware something that the user should be informed about, and given the choice of whether to remove

http://blogs.technet.com/b/mmpc/archive/2013/06/20/ad-injection-and-you-how-adware-gets-on-your-computer.aspx

See also : http://www.dslreports.com/shownews/58853

Matthew1471
  • 1,124
  • 10
  • 14
3

It's hard to say, because any such official request would come with a non-disclosure agreement.

Fortunately, the marketplace has enough global competition that such an outcome is unlikely at best. If AV-USA agreed not to detect Federal.KeyLogger, and AV-RUS discovered it anyway, AV-USA would quickly be discovered as untrustworthy and would lose international customers.

John Deters
  • 33,650
  • 3
  • 57
  • 110