Called "Race to Zero," the contest will invite Defcon hackers to find new ways of beating antivirus software. Contestants will get some sample virus code that they must modify and try to sneak past the antivirus products.

Awards will be given for "Most elegant obfuscation," "Dirtiest hack of an obfuscation," "Comedy value" and "Most deserving of beer," contest organizers said.

The contest was announced Friday. Security vendors began panning it immediately, saying it will simply help the bad guys learn some new tricks.

"It will do more harm than good," said Paul Ferguson, a researcher at antivirus vendor TrendMicro. "Responsible disclosure is one thing, but now actually encouraging people to do this as a contest is a little over the top."

Some compared the contest to a controversial 2006 Consumer Reports review of antivirus software. In that article, the magazine created 5,500 new virus samples based on existing malware, and it was roundly criticized by antivirus vendors for contributing to the rapidly expanding list of known malware.

Security companies are already having difficulty keeping up with the torrent of new malware.

With antivirus vendors already processing some 30,000 samples each day, there's no need for any more samples, said Roger Thompson, chief research officer at AVG Technologies. "It's hard to see an upside for encouraging people to write more viruses," he said via instant message. "It's a dumb idea."

Contest organizers say that they're trying to help computer users understand just how much effort is required to skirt antivirus products. "The point behind the contest is to illustrate that antivirus [technology] alone is not a complete defense against malware," said one of the contest's organizers, who identified himself only as "Rich," in an e-mail message.

The Race to Zero sponsors hope to present the contest results during Defcon, Rich said.

The contest is not organized by Defcon, but is one of the unofficial events that the show's organizers have encouraged attendees to arrange.

Defcon will run Aug. 8 to 10 at the Riviera Hotel & Casino in Las Vegas.

Comment Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Jump to comments

defcon

Additional Resources

WHITE PAPER

EFD vs. HDD - What You Need to Know

Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.

WHITE PAPER

Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009

The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.

WHITE PAPER

Eight Criteria for Server Load Balancing

Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

What People Are Saying

5 comments | Add new

See all comments (5) | Add new

White Papers & Webcasts

The Tangled Web: Silent Threats & Invisible Enemies
Download Now

Data in Action: Making the Planet Smarter
Register Now

Email Archiving: A Business-Critical Application
Get this paper now!

Hosted Security Services: Why it make budget and security sense in today's economy
Watch Now

Gene Kim's Practical Steps to Achieve and Maintain NERC Compliance
Learn seven steps operators can take to meet IT configuration requirements set forth in the NERC-CIP standards.

The Workday User Experience Video
Watch Workday's Creative Director, Scott Lietzke, discuss the business-centered design philosophy at Workday.

Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!

Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!

The New World of eCrime: Targeted Brand Attacks and How to Combat Them
Download This Whitepaper Now!

Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.

All White Papers | All Webcasts