News  |  Concept  |  Motivations |  Rules  |  Samples  |  Environment  |  Links  |  FAQ  |  Contact

Frequenty Asked Questions

Q: Won't this simply encourage the creation of new malware?
A: No, we don't believe so. The process that will be undertaken by contestants is already happening 24 hours a day, 7 days a week worldwide and it would be naive to think otherwise. It is because of this that we want to analyse how difficult a suitably motivated attackers' task is to circumvent widely deployed AV defences.

Q: Will the samples generated for the contest be given to AV vendors?
A: We very much hope so, but this is down to each contestant to decide. We are optimistic that contestants will give us permission to pass on their modified samples to the AV vendors that want them, but it is not something we are able to demand of them. All samples, including those submitted to AV vendors will be securely deleted from the Race to Zero systems after the contest analysis is complete.

Q: Is this an attempt to undermine the AV vendors?
A: Certainly not. Part of doing security research is tackling questions that may at first appear highly controversial. We feel that there are legitimate questions for us to investigate about the techniques that could be used by attackers. By researching into these areas we hope to be able to bolster the defences against malware that will be available in addition to AV. We are not saying AV has no value, or that people should turn off their AV protection.

Q. What do you mean by signature-based AV?
A. Almost all AV engines today work at a level higher than just blacklisting samples. They have a heuristic component to them which looks for routines common to a family of malware. They may be able to unpack the sample and analyse the underlying executable so that if you were to repack the sample with a different packer it would still be detected. In the end though they are still looking for particular patterns or signatures.