My oldest readers will remember when I had the audacity to dissect antivirus software for security flaws. From 1997 to 2000 I could gain root on millions of corporate servers and desktop PCs that relied on McAfee, Symantec, Trend Micro, and other antivirus programs. I eventually named it the “ADVEIS” rootkit, short for “antivirus dependent vulnerabilities in email infrastructure security.” I gave a lecture about my findings and then—

—well, no one really cared that I proved antivirus programs reek of security flaws. Not even the hackers. (That surprised me: I expected a dozen copycats to pop up.) But I didn’t care much either, so I shelved it and went on to the next great experiment.

Which brings me to today. This year’s “DEFCON” convention will hold a “Race to Zero” contest. Players will get a batch of viruses to hack on until someone can get a variant past all the antivirus products installed for the contest.

Reporters played up the DEFCON announcement; the antivirus vendors sneered. But to them I say “so what?” If you want to watch someone beat a dead horse, go right ahead, but it’s not news. This DEFCON contest does nothing that we haven’t seen already. Lesser-known hacker shindigs have held the same contests over the years.

DEFCON would impress me if they held a contest to acquire root via the antivirus software. But (sigh) I’m the only one around here who seems interested in thinking outside the box…