Last month, we – as part of an international coalition of civil rights organizations and academical experts – asked antivirus software vendors about their current position on detecting state-generated malware. Today, the deadline for reaction expired.
Up until this moment, only 30% of the vendors have replied to our questions. ESET, F-Secure, Kaspersky, Panda en Trend Micro took the effort to respond, for which we would like to thank them. The companies confirm the detection of state sponsored malware, but state they have never received a request to not detect malware. And if they were asked to do so in the future, they said they would not comply. All the aforementioned companies believe there is no such thing as harmless malware.
This means that it is only a matter of time before (new) state sponsored malware is detected by the vendors, similarly to FinFisher en R2D2. This also shows that state-sponsored malware will have a very limited effect and it should be yet another reason for governments to refrain from the use of any kind of malware.
A lot of companies have failed to respond. Why? We are curious and will contact them again. We will keep you posted!