Compiler with built-in AV = No virus development?

Question

Is it possible to produce compilers that heuristically check for malware behaviour? If it is possible why has not it been implemented? Wouldn't that strongly help preventing the production of such viruses, I mean why wait to stop them once they are out there?

Even if these people use a compiler that does not use the "proposed" built in AV, personal AV could detect that and grade the file as risky (sort of like SSL Certificates)

Answer 1

You're making a lot of assumptions:

• That the virus writers couldn't disable the built-in AV of any open-source (or even closed-source) compilers. Given how DRM is consistently and quickly broken, this seems unlikely.
• That the virus writers couldn't simply use an existing pre-AV compiler.
• That the virus writers couldn't create their own non-AV compiler.
• That there are no legitimate programs that would trigger the compiler's AV heuristics.
• That today's compiler writers can accurately predict and model all current and future AV behavior in order to produce a heuristic that is even remotely effective.

Seems to me like it's a non-starter.

Your comment about using non-AV compilers is essentially "code signing", and has been a common practice for years (decades?). The barrier there, however, is distribution of certificates, and coming up with a reasonable list of trusted signers. They're big enough problems that noone's found a way to solve them yet without severely limiting the usefulness of computers.

For even more information closely related to this subject, see this paper by Ken Thompson.