Kaspersky Antivirus 2009 source code leaked

Some one in the antivirus industry please clarify something for me. Which is more important/critical for an AV company: the software or regular virus definition updates. My guess is that the virus signature database is where they create maximum value?

More info here:<p><a href="http://news.softpedia.com/news/Former-Kaspersky-Employee-Responsible-for-Leaked-Source-Code-181367.shtml" rel="nofollow">http://news.softpedia.com/news/Former-Kaspersky-Employee-Res...</a><p>It seems it's probably a beta version of AV 2009... Still embarrassing/potentially harmful to the company though - especially following the hacking of their website a few months ago (<a href="http://www.computerworlduk.com/news/security/3244882/kaspersky-website-hacked-in-fake-antivirus-attack/" rel="nofollow">http://www.computerworlduk.com/news/security/3244882/kaspers...</a>)

One thing that amazes me at most of commercial codebases I have seen (leaked or not) is the sheer size of them. How can one spend 1GB of source code on something like anti-virus program?

Once again the human element proves to be the hardest to secure.<p>Three years in jail is a pretty solid sentence, but still, every company with employees handing sensitive data like this is potentially at risk. All it takes is one bad leave and your corporate crown jewels could be on the street.

While the leaked code may ease the work of malware writers, keep in mind that whoever writes malware <i>regularly tests against all popular antivirus software</i>.<p>No point in releasing something only to get caught right away.

The torrent has lots of Chinese leechers.

Very interesting. This should be obvious, but I'd just like to remind everyone that given the source, nature, and intended audience of this file, it is fairly likely that it contains novel malware to catch people from other AV companies, and that you should not open, compile, or run anything from it without the full set of malware-safety precautions. Use only a virtual machine with no network connectivity.

I realise that this is a pretty dubious request, but a part of me would much prefer to see a link to either GitHub or BitBucket than a torrent of a zip file.