Looking at the code (https://github.com/botherder/detekt), it's just looking for patterns of known malware. Isn't this just a subset of what anti-virus software does?
Microsoft AV, Norton, McAfee, etc. We know this, how? Because we can look at Google's virustotal and see when a sample was first submitted and when it was "detected." With typical malware there is a fairly short window between A and B, with US G malware there is a HUGE window (months, sometimes years).
Either the US G just gets very lucky that their samples aren't ever looked at deeper or more likely they have national security agreements with most of the large US based anti-virus firms to hush hush.
This is a very interesting claim, and I want to check for myself. Could you give more details? Name of usg malware? How to check time of submission and detection?
If Microsoft AV looks the other way for one set and Kaspersky looks the other way for another set, is it possible that there is a value of using a union of the two?
I assume Microsoft AV isn't going to look the other way for Russian exploits, unless the US is also using them, and vice versa.
> Isn't this just a subset of what anti-virus software does?
Yes. The signatures are written more generically to detect the samples though. AV software can (or at least shouldn't) write signatures so generically because the potential for false positives. Since the scanner is scanning a non-enterprise environment the signatures can be a little more generic.
That makes no sense to me. Isn't it important for this to be useful in an enterprise environment too? Gov't may be spying on any number of entities, including businesses.