funsec mailing list archives
Re: Get your computer viruses here!
From: val smith <mvalsmith () gmail com>
Date: Wed, 28 Dec 2005 14:03:40 -0700
That could be. Maybe nothing good has ever come out of malware except for some good researchers / analysts. Definitly requires more research on my part. The idea of software protections came of of copyright needs sure, however one could argue that advances in that field do sometimes come from malcode authors. I guess I'm not sure of the intentions of the authors of such things as morphine, burneye, etc. And to Randy re biological viruses, no I was making the argument that sometimes good things can come out of something considered to ONLY be bad. Also you'll noticed i put "new" in quotes. I know its not really a new idea although maybe someone could enlighten me as to a previous project that tried to profice a shared analsys experience that wasn't limited to "vetted" researchers. I guess I don't feel like I can make the decision as to who is vetted and who isnt. If I did then perhaps I would be "playing God" in my kingdom as a previous poster suggested. V. On 12/28/05, Jason Geffner <jasongef () microsoft com> wrote:
> We wouldnt have techniques like binary diffing or call graph comparison / analysis if it wasnt for malware. As far as I know, those techniques were developed mainly for patch analysis and vulnerability research, not for malware analysis.Also the idea of software protections (packing and encoding) that comeout of malware are useful for copyright protection and other "binary security" needs. Again, AFAIK, most *modern* packing and encoding techniques stemmed from copyright protection and were then applied to malware, not the other way around. As usual, the thoughts and views expressed in this E-mail are mine, not Microsoft's, etc. - Jason ------------------------------ *From:* funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] *On Behalf Of *val smith *Sent:* Wednesday, December 28, 2005 12:24 PM *To:* Blue Boar *Cc:* funsec () linuxbox org *Subject:* Re: [funsec] Get your computer viruses here! So my slight disagreement there is that its beneficial in the sense that security people can learn from it. We wouldnt have techniques like binary diffing or call graph comparison / analysis if it wasnt for malware. And those methods are useful for much more than malware. Also the idea of software protections (packing and encoding) that come out of malware are useful for copyright protection and other "binary security" needs. Again this is a rather subjective subject (ahah). You could make the analogy that a biological virus has no good uses however we have begun using them for genetic therapies and they have greatly helped us to understand how many other biologic processes work. This whole idea of publically available malware however is a "new" thing and I guess it defies analogy. I do see the difference between malware and a tool (i hope) but the langauge necessary to talk about this subject is hard and any comparison or anallogy that can be drawn will be flawed. Thanks for the perspective though, I will think about it some more. V. On 12/28/05, *Blue Boar* <BlueBoar () thievco com> wrote: val smith wrote:I guess what you haven't convinced me of yet is how "malware" is any different from any other object in existance which can be used for both good or evil. I could stand on the corner selling rocks which people could use to study or to bash someone over the head with. How is that much different?Again, not that I disapprove of your project in general, but I'm a little disappointed that you don't see the differences between "malware" and "tool". -Malware has no good applications. The definition is that it is something you don't want running on your machine. There are no good uses for it. Good guys need to analyze it, so once it exists they need for it to be available to them, but they don't use it for its intended purpose. -Malware isn't like a vulnerability, technique or exploit. Those already existed, and were just waiting to be discovered. Malware isn't a problem and doesn't exist until someone creates it. It's pure new problem. There's no beneficial use for malware, just a need to study it. BB
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Format of embedded graphics, (continued)
- Re: Format of embedded graphics nodialtone (Dec 29)
- Re: Format of embedded graphics Gadi Evron (Dec 29)
- Re: Format of embedded graphics Barrie Dempster (Dec 29)
- Re: Format of embedded graphics David Lodge (Dec 29)
- Re: Format of embedded graphics Florian Weimer (Dec 29)
- RE: Format of embedded graphics Larry Seltzer (Dec 29)
- Re: Format of embedded graphics Florian Weimer (Dec 29)
- Re: Get your computer viruses here! Drsolly (Dec 29)
- Re: Get your computer viruses here! Florian Weimer (Dec 28)
- Re: Get your computer viruses here! val smith (Dec 28)
- RE: Get your computer viruses here! Randy Abrams (Dec 28)
- Re: Get your computer viruses here! Nick FitzGerald (Dec 28)
- RE: Get your computer viruses here! Randy Abrams (Dec 28)
- Re: Get your computer viruses here! Drsolly (Dec 28)
- Re: Get your computer viruses here! C (Dec 28)
- Re: Get your computer viruses here! Drsolly (Dec 29)
- RE: Get your computer viruses here! Drsolly (Dec 29)
- Re: Get your computer viruses here! Gadi Evron (Dec 30)
- Re: Get your computer viruses here! Drsolly (Dec 30)