RE: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]

[Drsolly <drsollyp () drsolly com>]

> I can further give a metaphore that will say researchers anthrax is bad,
> for if there is no anthrax, having it is a risk b itself

How about someone sets up a web site for people interested in anthrax, so 
that people can upload and download samples?
 
> contradiciting analogies can be given for days, and we all pick our
> favorite. Fact is it is not very easy for researchers to get data, and
> fact is that branding of people outside the inner circle as blackhats if
> they don't conform to what suits the inner circle best is wrong.
>
> Further, even if I do agree sharing of samples should be done securely and
> in a vetted enviroment, today it is as ridiculous as telling people not to
> watch porn.

No, it's as ridiculous as telling people not to rob banks. Sure, some 
banks will still get robbed, but that doesn't make it right.

> So, being a moral example is great, but does it do any of us any good
> where it is proven things get on when you keep that stand while if yo
> changed it, maybe you could influence those you now call blackhats, and
> see they may even be... wow, good guys?

With this web site, I don't see any attempt to determine who is blackhat 
and who isn't, let alone any attempt to influence the blackhats.
 
> Finally, this guy believes in it. He is going to do it. Help him or name
> him a blackhat, but helping him might get things "safe" while not killing
> his ideas all together.

I am helping him. I'm explaining why it's ethically wrong to run an 
unvetted VX, and about the legal hot water he could find himself in.

> As an example, if some people in the AV industry HELPED the good people at
> ClamAV who had o learn all by themselves without years of traditions,
> ideas and knowledge, instead of just critisizing, Clam would have gottemn
> where it is today a lot sooner, and even far further than that.

I don't know about the ClamAV issue. What did they need to learn that they 
needed help for?
 
> My suggestion to this guy is do his thing, follow his conscience, and let
> history prove him right or wrong.

You can't just say "let history prove". Because we'll never know how 
many blackhats got malware from his Virus Exchange and spread it around.
 
> It is harmful not to share openly. It is harmful not to keep high moral
> standards, but in this case, where did they come from?

The moral standards in this case come from where they always come from - 
they come from your own understanding of right and wrong.

> Why was it initially BAD to share samples? Do these reasons still stand
> oday?

It was intially bad for a number of reasons.

1) The easiest way to make a "new" virus, is to make a small modification 
to an old one such that current detectors no longer recognise it.

2) A lot of people, at the time (and maybe even now) were suggesting that 
the AV people were encouraging the spread of viruses (and maybe even 
writing new ones). A VX certainly does encourage the spread of viruses.

3) There are computer crime laws that make it illegal to distribute 
malicious software without the victim's consent. And there's "criminal 
negligence" laws that make it illegal to distribute something that you 
*know* can be used to cause harm, without any vetting of the recipient. It 
is, for example, illegal to sell knives, alcohol or tobacco to children -
the vetting in that case is age-based.

I don't think that any of those three reasons have changed.

So, here's a question for anyone who is involved in maintaining an ftp (or 
other distribution method) of malware. Would you be willing to publish the 
access details and allow anyone at all to download from it? If not, why 
not?


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.