The computer security industry, just like many others, has it own share of urban myths. This short article deals with one of the most popular and also most absurd ones.

A few days ago I was talking to a friend and during the conversation he asked me, half jokingly, if antivirus manufacturers also developed their own viruses.  I was quite surprised to learn that this myth, which I thought had long since disappeared, is still very much alive. Actually, at first I completely ruled out the possibility of writing about it, as I found it completely ridiculous and because Panda Security (and every other security software developer) has been laughing off this idea for years now, the last time on our CEO Juan Santana’s blog IT security myths.

So, even though it is sufficient to use your common sense to realize there is absolutely no truth behind this, we will try once again to dismantle this ‘conspiracy theory’.

The security industry has been around for many years now. And surely if this myth were true, it would have been uncovered a long time ago, with the subsequent scandal and damage to all companies in the security sector. Of course, no serious company could possibly take a chance on something like this.

Nevertheless, the most solid, irrefutable argument against this assumption is the fact that antivirus vendors have never needed to develop their own malware creations.

Of course I have first-hand experience with this: My first job at Panda, back in 1997, consisted of analyzing viruses and extracting their ‘signatures’ to add them to our knowledge database. Well, already by then we had more than enough malware samples to catalog, and I personally entered as many as 1,000 specimens in a little over one year. Since then, the number of threats in circulation has grown exponentially up to the point of generating an entire industry which has forced security vendors to come up with new ways to process such huge amounts of malware. In Panda Security’s case, it led us to develop ‘Collective Intelligence’ which has proven to be highly efficient solution.

Therefore: No, the security industry has never needed to develop any malware, not even as a proof-of-concept, as unfortunately for all of us, there is no lack of bad guys out there…