binary-iran-170SophosLabs: According to reports, Iran has started making its own anti-virus software.

It is said that experts from Shiraz Computer Emergency Response Team of APA (Academic Protection and Awareness) of Iran have been working on the project to help better protect the country’s digital defenses.

Of course, Iran is no stranger to malware. It found itself thrust into the spotlight in 2010 when the infamous Stuxnet worm was widely reported to have infected industrial plants (including nuclear plants) in the country with the seeming intention to target and sabotage SCADA systems.

This understandably led to some excitable – but not always accurate – headlines.

standard-stuxnet1

According to Mohammad Hossein Sheikhi, assistant professor of the Department of Electrical and Computer Engineering at the University of Shiraz, work on the anti-virus software began in 2010 after the Stuxnet crisis, and has since undergone testing.

According to reports, if the anti-virus software is confirmed to be a success it may be made commercially available at a later date.

It’s unclear how Iran will determine if their home-grown anti-virus has been a true success or not.

Will they submit if for testing by independent tests by the likes of AV-Test.org? Will they send it to the folks at Virus Bulletin in the hope of winning a VB100 award for 100% detection of in-the-wild viruses with no false alarms? Will they test it on a wide variety of operating system versions and measure its impact on performance?

But the real question that springs to my mind is this – would you buy an anti-virus program officially written by your own country? How about a foreign country?

One thing’s for sure – be careful if you are tempted to buy an anti-virus written by the Greek authorities. They do have a history of trojan horses after all..

If Iran *did* make its anti-virus software available, wouldn’t other governments test it? After all, if you know that a country’s infrastructure is partly reliant on a particular anti-virus product wouldn’t any attacker automatically test if its malware and/or vulnerability exploit could bypass it?