Re: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)

[".MetsyS." <stf () xtra co nz>]

Hey all, 

Well a very interesting discussion indeed, but I don't want to fill up
vuln-dev'ers mailboxes with polical debate, thx to BB for letting us thrash
it out for a bit longer.

I shall try and be brief.

I agree, I think I was too hasty to say "lets let this loose becuase it's
cool" LOL, defintly not a good enough reason, however AVV in my book
definetly has a future and much thought needs to be given to any release.

1. I very much respect Der HexXer and Markus Kern for their effort and
talent for coding, somebody was bound to have releaseed something like this
to the public and I am very fortunate to have the opprotunity to read thier
code and thank them.

IF the law were to go after them I am exessivly dissapointed, software like
this is like a tool as far as i'm concerned, if somebody throws a hammer
through my window do I chase the person who threw it, or chase the
manufacturer of the hammer ?

(I feel sorry for Dmitry Sklyarov, down with DMCA and cyber-treaty.)

This does not have malicious intenet and is a great solution to a pain in
the ass problem which is still filling up my logs and as Ron DuFresne
points out contacting admins is sometimes as useless as the tits on a bull.

2. I do not like the idea of M$ or Symantec doing something like this.. not
sure why, just gut intinct does not trust large corps, especially if the
worm is closed source.

I admit a worm like this (any worm) is dangerous and may have unforseen
affects, though I must say I like passive infection as it does not consume
exessive bandwidth.

I am curious to see the impact of the relase in the wild of code green.

Here is my outline for the release of AVV (Anti Virus Virri).

1. There must be a certain amount of time for a malicious worm to be out in
the wild to allow those with a clue to patch their boxes, I suggest 1-2
months depending on the severity of the worm/virus.

2. AVV MUST be open source.

3. AVV MUST use passive/retalitory infection.

4. The code should be a community effort.

5. AVV MUST have an expiry date (suggest 3 months from release).

6. Due to laws in place obviously the worm should be released in a country
that does not have hacking laws.

.MetsyS.