The leading cybersecurity provider Comodo has rolled out a new challenge for anti-virus (AV) industry that highlights the lack of quality in current AV practices. Called the Comodo Zero-day Challenge, the initiative is aimed to unmask the AV vendors which mislead customers.
Zero-day is the day when an attack gets discovered but without a fix. The attackers can find the weakness in code and develop malicious code to exploit the vulnerability and unleash a cyberattack. Once the software provider fixes the vulnerability, it’s no longer called a Zero-day Exploit.
Comodo said that AV vendors fool the customers and investors into believing that they provide real protection against thousands of new malware attacks. However, what they do is detect the out-of-date malware attacks in the systems rather than finding the undiscovered ones.
The AV vendors hide behind the terms of VirusTotal program by Google, while the customers keep suffering from data breaches. The VirusTotal leverages antivirus scanners and URL blacklisting services from more than 70 providers to inspect the files and URLs. It is a free tool that allows anyone to upload a file from computer and scan it.
The terms of VirusTotal clearly states that the participants agree not to “use the Service in any way which could infringe the rights or interests of VirusTotal, the Community or any third party, including for example, to prove or disprove a concept or discredit, or bait any actor in the anti-malware space.”
However, the vendors abuse the rights and leverage well-intentioned services to support false practices. Most of these vendors depend upon detection capabilities of others, without acknowledging that dependence. They lack the right capabilities in virus detection, hide the deficiency, and overstate the effectiveness of detection.
Customers get fooled by such services and continuously face data breaches. The services provided by these vendors only detect and remediate the viruses that were encountered already. But thousands of new threats appear every day which slip to the systems without getting detected.
“VirusTotal is the victim, not the villain, and end-users are exposed to massive amounts of malware as a result,” noted Comodo President and CEO Steve Subar.
“Actual protection involves much more than mere detection. Protection is preemptive and comprehensive, stopping all unknown files before they can damage system resources and user assets. Protection renders both known and unknown malware harmless.”
Comodo Cybersecurity is inviting researchers and IT end-users to test Comodo by submitting their chosen new malware to the Valkyrie Verdict engine. Comodo will publicize the submissions in both the cases— whether Valkyrie detects the malware or not.
Image source: Comodo