Paranoia drives Iran to develop homegrown antvirus program

Iran has developed its own antivirus software, sources in the country have revealed.

According to unconfirmed reports quoting Mohammad Hossein Sheikhi, Assistant Professor at the University of Shiraz Electrical and Computer Engineering department, the institution’s CERT was now testing the program after a development programme going back to 2010.

The news isn’t a huge surprise. The country recently claimed that it no longer wanted to use foreign-developed programs, preferring to use only local software developers.

The motivation behind such an approach is obvious, starting with the major Stuxnet attack uncovered in 2010 which is believed to have caused severe disruption to the country’s nuclear enrichment plans.

Foreign software could ‘not be trusted’ the country’s ministers have repeatedly indicated.

The country also has a longer history of doing software ‘its own way’, reportedly developing its own ‘operating system’ for uses in certain parts of its infrastructure.

Akin to bespoke development of the type undertaken by many large organisations, in other areas Iran is as dependant on mainstream software as everyone else – the country is believed to still have sizable installations of Windows 2000 in embedded systems for instance.

These take time to overhaul because the underlying hardware is non-Iranian.

Mohammad Hossein Sheikhi was quoted as saying that the antivirus programme might be put on sale on a commercial basis.

An obvious flaw in this plan was immediately pointed out by Graham Cluley of security firm Sophos.

“If Iran did make its anti-virus software available, wouldn’t other governments test it? After all, if you know that a country’s infrastructure is partly reliant on a particular anti-virus product wouldn’t any attacker automatically test if its malware and/or vulnerability exploit could bypass it?”