Security industry slams virus reward

GateKeeper is irresponsible, say security experts

The antivirus industry lambasted email firewall startup GateKeeper on Monday, after the company announced a reward for any virus writer who can infect a specific computer protected by its product.

"It is probably one of the most irresponsible things that someone could do," said Vincent Gullotto, director of the Antivirus Emergency Response Team for security services company Network Associates.

The challenge will pay $100 to the first person to get a virus past the company's email gateway and infect a computer on the internal network. The company will also pay $9,900 to the person for information about how they created the virus.

While such challenges have been popular as a way to gather hackers from around the world to crack encryption or test a security product, applying them to the virus-writing scene is irresponsible, said Susan Orbuch, spokeswoman for antivirus software company Trend Micro.

"This type of behaviour is incredibly unethical," she said. "It encourages individuals to write viruses. I don't want this company to get publicity. I want them to take [the challenge] down."

Unlike attempts to hack a server, a virus can spread out of control beyond a single computer to the Internet at large, Orbuch said.

GateKeeper's product allows email attachments into the corporate network only if the attachments have been authenticated by the company. Any email containing invalid attachments is quarantined, and the body of the email is sent on to its destination.

Mason Stewart, president of company, said he discussed the publicity campaign with the company's other four members and decided to go ahead. "I guess there is a certain amount of encouragement [to virus writers[," he said. "But there is activity going on regardless."

Instead of criticising his company, he said, the industry would do well to look at how poorly it has protected computer users against viruses.

"There is some complacency in the industry that they have the situation under control," he said. "I don't think we should get slammed."

Regardless of whether the publicity stunt works, the company could find itself in legal trouble if virus writers start claiming that they wrote viruses for the competition, said Joe Wells, the founder of a comprehensive online dictionary of viruses known as The Wildlist.

"It puts them in the role of, for every virus that is created, being held liable," he said. "They could become the scapegoat for virus writers for a long time."

As part of the protest, Wells intends to write an open letter of protest to GateKeeper.

Take me to Hackers

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read what others have said.