According to reports, Iran has started making its own anti-virus software.
It is said that experts from Shiraz Computer Emergency Response Team of APA (Academic Protection and Awareness) of Iran have been working on the project to help better protect the country’s digital defences.
Of course, Iran is no stranger to malware. It found itself thrust into the spotlight in 2010 when the infamous Stuxnet worm was widely reported to have infected industrial plants (including nuclear plants) in the country with the seeming intention to target and sabotage SCADA systems.
This understandably led to some excitable – but not always accurate – headlines.
According to Mohammad Hossein Sheikhi, assistant professor of the Department of Electrical and Computer Engineering at the University of Shiraz, work on the anti-virus software began in 2010 after the Stuxnet crisis, and has since undergone testing.
According to reports, if the anti-virus software is confirmed to be a success it may be made commercially available at a later date.
It’s unclear how Iran will determine if their home-grown anti-virus has been a true success or not.
Will they submit if for testing by independent tests by the likes of AV-Test.org? Will they send it to the folks at Virus Bulletin in the hope of winning a VB100 award for 100% detection of in-the-wild viruses with no false alarms? Will they test it on a wide variety of operating system versions and measure its impact on performance?
But the real question that springs to my mind is this – would you buy an anti-virus program officially written by your own country? How about a foreign country?
One thing’s for sure – be careful if you are tempted to buy an anti-virus written by the Greek authorities. They do have a history of trojan horses after all..
Update: Naked Security reader @luriep makes a good point.
If Iran *did* make its anti-virus software available, wouldn’t other governments test it? After all, if you know that a country’s infrastructure is partly reliant on a particular anti-virus product wouldn’t any attacker automatically test if its malware and/or vulnerability exploit could bypass it?
Iranian flag and binary images, courtesy of Shutterstock.
How do we know that there isn't a backdoor trojan from the CIA/MI5/6 on our own computers spying on us, possibly in cahoots with the AV vendors?
Use Iranian AV software.
This may sound facetious, but AV software written by non-Western people may give us a means of ensuring that our own side's desire to spy on us is actually kept in check.
When Al Jazeera launched in the west, many people thought it would be a propaganda channel, but it, Russia Today and to a lesser extent the Chinese News Network actualy give a different perspective with little bias – no more so than say the BBC or CNN.
So maybe we are seeing the start of the true globalisation of the anti-malware industry?
My sentiments exactly. Many times I thought about the free-of-charge antivirus programs offered by, say, your internet provider. Is there anything else in those programs? Something that spies on you from your own computer? Is it because it is "free"? Knowing the greed of the corporate devil, and the "there's no such thing as free lunch" saying, it makes me wonder.
And yes, I would buy Iranian AV software.
"If Iran *did* make its anti-virus software available, wouldn't other governments test it? After all, if you know that a country's infrastructure is partly reliant on a particular anti-virus product wouldn't any attacker automatically test if its malware and/or vulnerability exploit could bypass it?"
The answer to this question is very simple. The same thing is going to happen with antivirus software today. A game of cat and mouse that will continue forever as the virus writers today test their virus on all known antivirus software out there before releasing the virus to the wild.
But over all it is a good move and should be appreciated. In today's world it would only increase your privacy if you are using an open source code operating system running an Iranian antivirus and use a Russian mail hosting service. Otherwise if you use windows which has like a million back doors built into it and using an antivirus from the microsoft buddy companies and mailing through a US based mail server means that you are putting all your eggs in one basket with lots of holes in it.
Though I would be skeptical about what ever any government offers, how sure can I be of what a commercial company develops? It is a well known fact that many US commercial companies follow what NSA or CIA wants either out of so called patriotism or arm twisting.
Well,yes I would buy it.Why? I tried "American" securitysoftware first McAfee Internet Security suite,and after that Norton 360 4.0/5/0/6.0 and recently my Acer laptop has been hacked,and the hacker was doing things on my pc without a internetconnection,because the lan internet connection cable was removed,the wlan was switched off and still they can do these things on my pc,I think its probabely very advanced hacking method/technology that is only (or should be only) available for the police and secret services and Norton 360 didn't do anything,didn't see anything suspicious,I think this is very strange.And for those who don't believe me I have recorded it with my videocam,there was NO internetconnection (as far as I could see anyway).So yes I would buy the Iranian internet security software,I hope they make it with a firm,intelligent firewall,good antivirus,antispyware,antimalware,rootkitscanner,with virtual keyboard,sandbox,and encryption.I hope the Iranians will succeed.
Hello everybody,
I do not buy it,but this kind of articles about IRAN is a good prove that
you hate this nation and to tell you hate bring just hate.please let us move in a positive direction.
a reader from IRAN
Hey! I don’t hate Iran.
You could replace every occurrence of the word “Iran” with “Belgium” and I would still have posted it (well, I’d have had to take out the stuff about Stuxnet I guess)
Graham,
I'll take you at your word, but your employer appears happy to provide a platform for advocating military action against Iran:
“Hopefully [MI6, CIA and Mossad will] somehow gain physical access to [Iran's sensitive data] network.” – Comments (http://nakedsecurity.sophos.com/2012/04/23/iran-oil-terminal-suffers-malware-attack/#IDComment346147707)
I used the confidential web form to notify Sophos about that comment several days ago, but it wasn't in the intersection of our ideas of inappropriateness.
Dear Saied Amirkashani:
I think you would be surprised to learn just how many people in the west do NOT hate Iran…well, don't hate the people of Iran, at least. To the extent that there is any hatred at all, it has been fueled by the politicians — not only in Iran, but elsewhere.
There is no natural basis for hatred between the people of Iran and the rest of the world. We would prefer to welcome you as free members of the world community. Perhaps one day your idiotic "leaders" (and ours) will get out of the way and let that happen.
The point is not whether people in the West hate Iran. The point is that Iran has oil and that the western governments and corporations want that oil for free. The pressure exercised on Iran by the West actually prevents Iran from getting more democratic. Is that not absurd?
These days i think most westerners would trust the Iranian government rather than our own.
We are constantly being lied to by our governments.
The common people of the west know the truth about Iran and how you are probably the most educated people in the world.
Please don’t assume we are all like our leaders, the majority of us are nothing like them.
They just use the uneducated masses to get elected on a bed of lies.
I'd buy it before I'd buy a Norton product.
If it is good quality and low price why not.
Whether we're talking about an anti-malware product or any other software product, we are all placing blind trust and faith in the developer to NOT infringe on our privacy. Makes no difference if the developer is a foreign or domestic government or in the private sector. Anybody remember the privacy issues with Google and Facebook?