funsec mailing list archives

RE: Get your computer viruses here!

From: "Randy Abrams" <abrams () eset com>
Date: Wed, 28 Dec 2005 17:38:34 -0800

I gotta go for a while. It's Nick's shift now :)

-----Original Message-----
From: funsec-bounces () linuxbox org 
[mailto:funsec-bounces () linuxbox org] On Behalf Of Nick FitzGerald
Sent: Wednesday, December 28, 2005 5:16 PM
To: funsec () linuxbox org
Subject: Re: [funsec] Get your computer viruses here!

val smith (top-posting to Jason Geffner):

Maybe nothing good has ever come out of malware except for

some good

researchers / analysts. Definitly requires more  research

on my part.

Many/most/all of whom would have ended up doing something 
similar anyway as its largely a mindset thing...

The idea of software protections came of of copyright needs sure, 
however one could argue that advances in that field do

sometimes come

from malcode authors.  ...


Which is a "good thing" why?

Competent copy-protection system developers would devise 
their own ever more difficult to crack protections on their 
own (at least as long as the money made their spending their 
time on it worthwhile).  That's the way things work.  That 
they could rip ideas from essentially public domain, 
initially malware-specific code is just a bonus to them 
(though potentially exposes them to patent and other 
liabilities if they don't do the appropriate due-diligence on 
the code/idea they're ripping).

Suggesting that you making samples available might improve 
the work of the anti-piracy/DRM/etc folk is hardly going to 
win plaudits for your project either...

And to Randy re biological viruses, no I was making the

argument that

sometimes good things can come out of something considered

to ONLY be bad.

Yes, a well-understood point, _in the NATURAL realm_.  I'd 
have thought the point here though is that although some 
"good stuff" has come from, and it seems likely we'll 
continue to see more such "advances", have you ever seen a 
free-for-all biological virus "analysis and experimentation" 
lab?  Nope -- because of the risks of allowing the 
less-than-highly-capable access to such material, it is kept 
in extremely strictly controlled environments and locations.  
Computer viruses and other malware are not as dangerous as 
their bilogical counterparts, but responsible access should 
still be practiced.

Also you'll noticed i put "new" in quotes. I know its not

really a new

idea although maybe someone could enlighten me as to a previous 
project that tried to profice a shared analsys experience

that wasn't limited to "vetted"

researchers.  ...


Investigate the history of VX in general -- you'll find that 
many such operations have "justified" themselves on the basis 
that they are "strictly for educational purposes" and the 
like.  All nonsense of course, just as yours is.

...  I guess I don't feel like I can make the decision as to who is 
vetted and who isnt. If I did then perhaps I would be

"playing God" in

my kingdom as a previous poster suggested.


So it's better that you just let all and sundry in to do 
whatever they want, benefit however they can and so on?

In short, you are admitting that you have no scruples for, 
faced with what you clearly recognize as a moral dilemma, you 
decide to solve it by ignoring it.  The ethically principled 
solution to your dilemma -- should I do this reposnibly or 
not?, the responsible approach means playing God, I don't 
want to play God -- is, of course, to NOT proceed with the 
project, but that's not the approach you took, so we know you 
are not ethically principled.

Your bio says you have over ten years compsec experience, yet 
you display the ethics of a "normal" 10-12 year old.  I'm 
glad I'm not one of your former customers or employers...


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

__________ NOD32 1.1343 (20051228) Information __________

This message was checked by NOD32 antivirus system.
http://www.eset.com


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: Format of embedded graphics, (continued)
- - - Re: Format of embedded graphics David Lodge (Dec 29)
    - Re: Format of embedded graphics Florian Weimer (Dec 29)
    - RE: Format of embedded graphics Larry Seltzer (Dec 29)
    - Re: Format of embedded graphics Florian Weimer (Dec 29)
    - Re: Get your computer viruses here! Drsolly (Dec 29)
    - Re: Get your computer viruses here! Florian Weimer (Dec 28)
- RE: Get your computer viruses here! Jason Geffner (Dec 28)
  - Re: Get your computer viruses here! val smith (Dec 28)
    - RE: Get your computer viruses here! Randy Abrams (Dec 28)
    - Re: Get your computer viruses here! Nick FitzGerald (Dec 28)
    - RE: Get your computer viruses here! Randy Abrams (Dec 28)
    - Re: Get your computer viruses here! Drsolly (Dec 28)
    - Re: Get your computer viruses here! C (Dec 28)
    - Re: Get your computer viruses here! Drsolly (Dec 29)
- RE: Get your computer viruses here! C (Dec 29)
  - RE: Get your computer viruses here! Drsolly (Dec 29)
    - Re: Get your computer viruses here! Gadi Evron (Dec 30)
    - Re: Get your computer viruses here! Drsolly (Dec 30)
    - Re: Get your computer viruses here! C (Dec 30)
    - Re: Get your computer viruses here! Drsolly (Dec 30)
    - Re: Get your computer viruses here! Nick FitzGerald (Dec 30)