For at least two years, Flame has been copying documents and recording audio, keystrokes, network traffic, and Skype calls, and taking screenshots from infected computers. That information was passed along to one of several command-and-control servers operated by its creators. In all that time, no security software raised the alarm.
Flame is just the latest in a series of incidents that suggest that conventional antivirus software is an outmoded way of protecting computers against malware. "Flame was a failure for the antivirus industry," Mikko Hypponen, the founder and chief research officer of antivirus firm F-Secure, wrote last week. "We really should have been able to do better. But we didn't. We were out of our league, in our own game."
The programs that are the lynchpin of computer security for businesses, governments, and consumers alike operate like the antivirus software on consumer PCs. Threats are detected by comparing the code of software programs and their activity against a database of "signatures" for known malware. Security companies such as F-Secure and McAfee constantly research reports of new malware and update their lists of signatures accordingly. The result is supposed to be an impenetrable wall that keeps the bad guys out.