Competition in the detection stakes and the welfare model

Members of the Anti-Virus software vendor community regularly exchange malware samples (secure PGP, of course) with each other. This fact is difficult for several visitors, eg customers, partners, etc, to SophosLabs to fathom.

In a “dog-eat-dog” capitalist global economy why would SophosLabs want to aid its main competitors by sharing its malware samples with them, thereby allowing them to improve their detection rates?

It is important to bear in mind that the process does involve a quid pro quo. Ergo SophosLabs receives samples of malware from other members of the AV software community with whom it shares its own samples. Hence the description “sample exchange”.

Different AV vendors may have different customer bases and different sources of malware samples. The sample exchange gives each AV vendor the opportunity to increase its coverage, thereby providing a more robust protection for its respective customer base.

The underlying rationale for the sample exchange is hardly altruistic. Notwithstanding, the end result is a higher general detection rate for the industry as a whole; an enhancement of the protection levels for the global public over and above what they might have been in the absence of the sample exchange system. Therefore the sample exchange system is a social good. QED.

In the persistent battle against the criminal organisations who write, distribute and profit from malware and spam it is perhaps imperative for the members of the security community to collaborate with each other. This is somewhat akin to the exchange of information which occurs between various intelligence organisations in the global fight against terrorism. After all, as the age old adage goes, in the end good must prevail over evil!

  • Credits: The image is courtesy of