The cyber security implications of Iran's government-backed antivirus software

According to independent industry reports, Iran has banned the import of foreign security software, and has been secretly working on its own antivirus solution since 2010.
Written by Dancho Danchev, Contributor

According to independent media reports, Iran has banned the import of foreign security software, and has been secretly working on its own antivirus solution since 2010.

Developed by Iranian experts from Shiraz Computer Emergency Response Team of APA (Academic Protection and Awareness), the software has undergone active testing and is ready to be used on government and military installations.

Key points to consider:

  • The U.S, Russia and China are developing offensive cyber warfare weapons -- weaponized malware -- successfully bypassing the most popular antivirus solutions. Will Iran undermine the effectiveness of these cyber weapons? - not necessarily. What Iran's decision to rely on a government-backed antivirus software will do, is increase the interest of foreign governments into obtaining and analyzing the software on their way to exploit vulnerabilities in its design for the purpose of successfully bypassing it in the long  term. Until access to the software is obtained, it will definitely undermine QA (quality assurance) practices aiming to ensure that the weaponized malware is not detected by popular antivirus vendors.
  • Reliance on largely untested in-house built software in comparison to outsourcing to vendors with decades of experience is a flawed strategic approach - Iran's adversaries should be thankful for Iran's largely flawed approach to secure the nation's infrastructure from malicious code. Instead of importing innovative solutions, and embedding multiple antivirus solutions to protect endpoints, the country's nationalist sentiments seems to be prevailing, potentially exposing the country's infrastructure to malicious attacks.
  • Basing your entire strategy on a single endpoint solution, undermines the concept of defense in-depth - Iran doesn't seem to be aware of the defense in-depth concept, ensuring multi-layered approaches to securing a network or an endpoint system. The country's ban on foreign security products, mean it will have to build firewalls, intrusion prevention/detection systems from scratch, in complete isolation from the rest of the industry. This will result in major flaws in the design and actual applicability of these in-house built products.
  • From an Information Warfare perspective, by banning foreign imports of security products, Iran might be setting the foundations for a successful self-mobilizing cyber militia campaign - Antivirus tools don't just detect viruses, they detect malicious code in general such as DoS (denial of service) attack and DDoS (distributed denial of service attack) tools. In case of a cyber conflict, relying on the basis of Information Warfare, Iran could distribute software agents to civilians in order to use their bandwidth or Internet connectivity in general for waging Information Warfare. We've seen this happen on numerous occasions in the past.  In event of a cyber conflict, Iran's antivirus software could on purposely skip the detection for these malicious tools that would otherwise be detected by foreign antivirus software in an attempt to ensure that the Iranian population will participate in the cyber conflict. See: Attack of the Opt-in Botnets

Moreover, Iran's antivirus doesn't participate in any of the industry comparative reviews performed on a periodic basis evaluating the effectiveness of antivirus software, it doesn't participate in chapters of such organizations such as the Honeynet Project, it doesn't share samples with competing vendors, and it doesn't require them to share samples in the same way. This self-serving mentality typical for communist regimes, will ultimately allow foreign adversaries easy access to Iran's infrastructure, and in particular to hosts running the largely untested antivirus software.

Diversification may results in complexities which on the other hand result in insecurities, but basing the protection of endpoints on a single, largely untested product, results in monocultural insecurities posed by the use of a single, potentially 'buggy' product.

Iran isn't the first country to start developing its own hardened security products, however it's among the few to ban imports of foreign security software on the local market. China with its Red Flag Linux and Kylin OS, the European Union with its secure OS Minix, and Russia which also expressed interest in the concept, are among the countries that are considering to migrate from using U.S developed Operating Systems in order to migrate from the monocultural insecurities posed by the world's most popular Operating System - Microsoft's Windows.

What do you think? Is Iran's move putting the U.S, Russian or China at a strategic disadvantage, of is the move largely exposing Iran's infrastructure to amateur malware authors who will inevitably start bypassing Iran's proprietary antivirus software?


Find out more about Dancho Danchev at his LinkedIn profile, or follow him on Twitter.

Editorial standards