funsec mailing list archives
Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 29 Dec 2005 14:16:23 +1300
Blue Boar to Randy Abrams:
Success or failure needs to be compared against the alternative. I haven't seen the argument that these files can't be shared in a more secure manner with a 99.9% success rate. If you trade 99.9 for 99 with no good reason, then it is a failure to realize a better result. Complete failure? No.I thought the implied benefit was pretty self evident; More people with access means better, quicker, more complete analysis.
And that benefits who most? Often it most benefits the less-than-clueful-but-still-worrying malware writers. Recall that these days these are NOT skiddies trying to get a "worst mass-mailing virus ever" headline, but folk making dirty money writing nasty, dirty code for the scum of the earth that are the spam lords, spyware and adware pushers, etc. These guys only need a small advantage for a few days to greatly enhance the return they make for the scummy work. Laying bare the details of some clever new malware trick in an openly accessible way as this site does (will?) means that the bad guys can drink from that trough, make our lives tougher, and, WORSE, make the lives of those the better analysis this site is supposed to (eventually) make better (i.e. the security vendors', aka "our", customers) MUCH WORSE.
... You don't have to trust the AV companies, wait for them, etc... You don't have to agree that that will happen, but I see that as the motivation.
History is littered with failures made of the best intentions...
I've been in the "vetted" category before. ...
Do you mind me asking where and when? Was it in AV or some other security niche?
... And still, I would have to wait for responses, be at a competitive disadvantage (I was asking competitors for samples), have to agree to or negotiate a bunch of sharing rules, couldn't re-publish some of my work, couldn't get a lot of critique of my disassembly, and so on...
And I'm sure this still happens, but my experience is that the rest of security _outside of AV_ is MUCH worse at this than AV, despite Gadi's recent tanty to the contrary...
One might argue that Val's site is of greater benefit to the non-AV people, ...
And I do argue that -- in fact, that it is is of most value to malware authors is the greater of my two main concerns (the other being that it will inevitably distribute some amount of self-replicating code).
... and I suspect that is part of the motivation.
So you think Val _wants_ to help the bad guys? 8-) Honestly, I think that is an inevitable consequence of a cluelessly simplistic approach to trying to fix what is a really difficult problem. It is an entirely foreseeable outcome if enough clue and experience is applied, but apparently neither are available in sufficient quantities to Val, so I think it is an unexpected outcome from his/her perspective. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!], (continued)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] val smith (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Drsolly (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Joe Jaroch (Tera Innovations, Inc.) (Dec 29)
- RE: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Randy Abrams (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Aviram Jenik (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Drsolly (Dec 29)
- RE: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Randy Abrams (Dec 28)
- RE: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Randy Abrams (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Blue Boar (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Nick FitzGerald (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Blue Boar (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Nick FitzGerald (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] James Kehl (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Nick FitzGerald (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 29)