funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: McAfee really DOES write new Malware! Wholey Moley!

From: chris () blask org
Date: Tue, 29 Sep 2009 19:16:00 -0700 (PDT)
--- On Tue, 9/29/09, Rich Kulawiec <rsk () gsp org> wrote:


To confront the enemy, it's necessary to know the enemy --
and the enemy's strategies and tactics.  Refusing to learn
these guarantees defeat.


I'm with Rich (yes, and very few others) on this one.  This is imho an issue best addressed with a balance of openness 
and paranoia - as Dave suggests in his response, classes should be held in clean labs (no connectivity/removable media) 
- but we lose more than we gain by not expanding understanding of the mechanics involved with malware.

The risk in following this path is directly related to the statistical badness of the people who are exposed to the 
curriculum.  If you believe that a notable percentage of folks would be likely to take the lessons and go write new 
malware then the risk would be high, if you believe the opposite then the risk would be low.

I think those who are seeking this information are finding it already, and those who are not would not misuse it (much 
like the drug abuse issue).

It is also quite possible that a very good argument could be made that teaching programmers how to write malware could 
be the #1 way to get them to write secure applications.

-chris


      

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: