RE: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]

["Randy Abrams" <abrams () eset com>]

> -----Original Message-----
> From: Gadi Evron [mailto:ge () linuxbox org] 
> Sent: Wednesday, December 28, 2005 3:31 PM
> To: Drsolly
> Cc: Randy Abrams; funsec () linuxbox org; 'Blue Boar'
> Subject: RE: [funsec] Re: Malware sharing? People are full of 
> shit [was: Getyour computer viruses here!]
>
>
> > I am helping him. I'm explaining why it's ethically wrong to run an 
> > unvetted VX, and about the legal hot water he could find himself in.
>
> You are indeed investing time and effort to educate. You are 
> however only critisizing, even if in a good manner. You are 
> not actively helping him.

How can you say that. Add vetting to the site is a specific, constructive
suggestion. If I think of another way to vet people without vetting them
I'll add it and I'm sure Solly will too, but that's the point that needs to
be addressed. 


> What we argue is the enviroment changing, not if it's right 
> or wrong in theory.

Fine, but that doesn't prove that offering every blackhat in the world a
centralized repository is a good thing. Why not just have all of the AV
companies post each sample on their web site? I doubt that most of the
people you want to protect would appreciate that.

> In theory, MALWARE IS WRONG PERIOD. In practicality, it's 
> good if you study it to combat it.

No, the malware is not good. Doing something to combat it is good, but the
malware is still bad and posting it publicly is unlikely to help. To add to
that there has been absolutely zero discussion about even trying to measure
the impact. In other words the argument is to put it out there in order to
help in a manner known to cause problems without any hope of proving that it
does any more good than harm. A completely unscientific exercise in erring
on the side on recklessness.

> Today's enviroment made it impossible for the good guys to 
> get help or help themselves, while the bad guys rule the world.

Yeah, damn it I hate having to ask permission to go to sleep. Ever since the
bad guys started ruling the world I've had to raise my hand to go potty....
Bravo, nice melodramatics.

Hint.. Good guys often get code from the same places bad guys do. That
doesn't mean good guys have to post to places that bad guys can access.
 
> So yeah, I'll say run an open VX, and let everybody use it 0 
> 0 but make sure researchers can reach it as well as just the 
> bad guys with their resources.

That's an idea that's been around for ages. Why do we need another one of
those?

Cheers,

Randy

 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.