funsec mailing list archives
Re: Get your computer viruses here!
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 29 Dec 2005 14:16:22 +1300
Blue Boar wrote:
val smith wrote:I guess what you haven't convinced me of yet is how "malware" is any different from any other object in existance which can be used for both good or evil. I could stand on the corner selling rocks which people could use to study or to bash someone over the head with. How is that much different?Again, not that I disapprove of your project in general, ...
Aside from that, I am in full support of what BB said in his post. The project is morally indefensible, and, as Dr Solly has already said several times, criminally negligent or otherwise illegal in very many legislations.
... but I'm a little disappointed that you don't see the differences between "malware" and "tool".
This is so terribly obvious that I think it is mark of the ethical development of any so-called "security researcher" whether they understand this or not. "skiddie-level" folk certainly do not understand this almost certainly because their ethical development has not progressed to the point where they _can_ (or, if they are well- advanced past the normal age range where they should be able to understand it, they probably have arrested or impaired ethical development). Failure of adults to comprehend this similarly suggests arrested ethical development, so it is actually pointless trying to debate the point with them, as like the skiddies, they are unable to understand that their position is (or even could be) wrong.
-Malware has no good applications. The definition is that it is something you don't want running on your machine. There are no good uses for it. Good guys need to analyze it, so once it exists they need for it to be available to them, but they don't use it for its intended purpose. -Malware isn't like a vulnerability, technique or exploit. Those already existed, and were just waiting to be discovered. Malware isn't a problem and doesn't exist until someone creates it. It's pure new problem. There's no beneficial use for malware, just a need to study it.
The only thing I'd add is that further, in the case of self-replicating malware, the risk of it accidentally being spread further in the hands of those ill-prepared for handling such code is great. Historically the AV industry (and others) has continually faced the utter BS suggestion that it is responsible for, if not writing, at least releasing and distributung, viruses to "drum up business", etc. This has made responsible members of the AV industry _especially_ sensitive to any sample sharing that does not have proper safeguards ensuring to a very high degree of responsibility that shared samples will not get into the hands of those imadequately prepared to handle them equally conscientiously. Schemes such as that under discussion here clearly abjectly fail such "tests", for even if there is a modest argument that such standards are "too high" for most of today's, typically non- replicative, malware this scheme makes no allowance for the replicability of the malware it makes available. When you start to think about what would be involved in "fixing" that, you will quickly recognize that the checks and balances thus needed to avert those problems with replicative malware make the main purpose of this scheme impossible to achieve, as avoiding such problems would require that someone accepted by the community as sufficiently competent to make such decisions would have to fully analyse each sample before only putting the non-replicative ones up for "sharing". So, Val's scheme, and all similarly hare-brained stupidities that have come before it and that will inevitably follow it are doomed to severe ethical castigation and repudiation by genuinely competent researchers. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Get your computer viruses here!, (continued)
- Re: Get your computer viruses here! Roland Dobbins (Dec 28)
- Re: Get your computer viruses here! Drsolly (Dec 28)
- Re: Get your computer viruses here! Roland Dobbins (Dec 28)
- Re: Get your computer viruses here! val smith (Dec 28)
- Re: Get your computer viruses here! Blue Boar (Dec 28)
- Re: Get your computer viruses here! val smith (Dec 28)
- RE: Get your computer viruses here! Randy Abrams (Dec 28)
- RE: Get your computer viruses here! Drsolly (Dec 28)
- Re: Get your computer viruses here! Drsolly (Dec 28)
- Re[2]: Get your computer viruses here! Pierre Vandevenne (Dec 28)
- Re: Get your computer viruses here! Nick FitzGerald (Dec 28)
- Re: Get your computer viruses here! Blue Boar (Dec 28)
- Re: Get your computer viruses here! Nick FitzGerald (Dec 29)
- Re: Get your computer viruses here! Drsolly (Dec 29)
- Re: Get your computer viruses here! Blue Boar (Dec 29)
- Re[2]: Get your computer viruses here! Pierre Vandevenne (Dec 28)
- Re[2]: Get your computer viruses here! Drsolly (Dec 28)
- Re: Re[2]: Get your computer viruses here! val smith (Dec 28)
- Re: Get your computer viruses here! Drsolly (Dec 28)
- Re: Get your computer viruses here! Nick FitzGerald (Dec 29)
- Format of embedded graphics Larry Seltzer (Dec 29)