Re: Re[2]: Get your computer viruses here!

[val smith <mvalsmith () gmail com>]

> The numbers of "I am", "I respect", "I cut off if", etc... arguments you
> are using tend to suggest at least a weak level of close
> mindedness/egomania. After all, we all do respect people we agree with
> anyway. Besides, playing God, or King Solomon (as in "I kick off
> abusers") is fun.  That sounds "your" project/kingdom and no amount of
> arguing will move you away from it. Arguing about it will stir the
> pot and generate traffic.

All very interesting points. Egomania is not totally out of the question :)

You are correct in that I most often respect people I agree with but briefly
I will explain where my respect comes from. I respect people who do and
publish scientific research such as Halvar and Pedram and HD Moore and
others like them. In fact I'm not exactly sure of their position on the
issue of publically available malware so its possible they disagree, but I
respect their work none the less.

I also respect people who have a diversity of opinion, such as you and
Drsolly. I respect the fact that there is a disagreement and people are
willing to speak they're perspective to me so that I don't get stuck in a
world where there can be no other possibility than what I believe. That is a
worthless place to live.

I sure try to have an open mind. Its not true that no amount of arguing can
change my mind, in fact I used to be of the opposite opinion regarding
malware.  This is why I encourage Drsolly and others of differning opinions
to keep a dialogue open with me. If someone presents me with a logical, well
defined argument (which is better than I am doing now probably) I will
definitly consider it. A futrue posibility for my site that only has
analysis and not samples is not totally out of the question. However so far
I have not been convinced. Could this be do to egomania and close
mindedness? Possibly but I will fight that.

As far as playing God what I really meant was if I detected some abuse such
as automated worms connecting to my site I would stop it to the best of my
abilities which of course are limited because of the nature of what I am
doing.

You may have missed the subtle sarcasm / humor in my "majority" argument.
That isnt so much "everyone else agrees with my, why dont you" argument as a
"why am I not hearing from more people who disagree" question. I know those
people exist and I want to hear their opinions. I am getting lots of traffic
so statistically speaking those people should be there.

Anyway, thanks for offerering your perspective,  I look forward to hearing
from you again.

V.

On 12/28/05, Pierre Vandevenne <pierre () datarescue com> wrote:
> Good Day,
>
> vs> Ill say again, you might as well send google the same emails you are
> sending
> vs> me since Mr. McNasty (related to mcdonald maybe?) can do the same
> thing with
> vs> google.
>
> That's a complex argument to tackle. The same applies, in many ways,
> to the use of reverse engineering for lawful (and probably essential,
> such as malware analysis) purposes and the unlawful ones (such as
> obtaining a zero day exploit to f*** up your enemy's server). One can
> go up as far as one likes. The hex editor. The disassembler. The
> debugger. The compiler used to write a disassembler/debugger. The
> editor used in the process... I have spent a lot of time thinking
> about this, and don't have clear cut answers or nice certainties.
>
> When in doubt, I would advise prudence.
>
> vs> I'm actually getting lots of contributions and feedback from some of
> the
> vs> people I respect most in the security community.
>
> The numbers of "I am", "I respect", "I cut off if", etc... arguments you
> are using tend to suggest at least a weak level of close
> mindedness/egomania. After all, we all do respect people we agree with
> anyway. Besides, playing God, or King Solomon (as in "I kick off
> abusers") is fun.  That sounds "your" project/kingdom and no amount of
> arguing will move you away from it. Arguing about it will stir the
> pot and generate traffic.
>
> vs> is growing in a positive way in spite of its evil possibilities. Ill
> be
> vs> honest I've gotten around 50 - 60 thousand hits, and tons of email and
> yours
> vs> has been the only negative one so far. Maybe the others who feel as
> you do
> vs> have given up already as well?
>
> That's the "majority" argument pushed to the extreme. The "majority"
> isn't always right. If it was, you'd fall off the end of the earth
> walking past the edge.
>
> vs> I guess what you haven't convinced me of yet is how "malware" is any
> vs> different from any other object in existance which can be used for
> both good
> vs> or evil. I could stand on the corner selling rocks which people could
> use to
> vs> study or to bash someone over the head with. How is that much
> different?
>
> Ah, that's an easy one. With a rock you, or I, can break one another's
> skull. Network aware algorithmic things can do incredible amounts of
> damage to untold numbers of people. With increased power comes
> increased accountability. Now, I have to agree that the infrastructure
> is too weak and that the main culprits are either the feature greedy
> users or the features happy sellers. However, we can't plead ignorance
> about the possible consequences of our actions.
>
> vs> Just to be clear, in no way am I trying to "flame" you. I really do
> want a
> vs> diversity of ideas and opinions but I like to keep a bit of humor in
> any
> vs> debate. So please keep the thoughts coming, I'm greatly enjoying the
> vs> discussion.
>
> When Dr Solly had a financial interest in this, I confess I believed
> he was mostly motivated by protecting his own turf. The fact that he
> is somewhat disconnected today gives, at least in my eyes, more weight
> to his opinions.
>
> As far as I am concerned, a world where everyone hacks and attacks
> everyone, and where the paranoid in us feels compelled to investigate
> everything down to the last bit would probably be directly profitable.
>
> However, and against my current direct financial interest, I favour a
> less turbulent cyberspace so that my children and less technically
> aware internet users can benefit, without risks, from the real
> IT/networks benefits.
>
> Now, I realize that by saying this I sound like a benevolent idiot.
> Feel free to shoot.
>
> --
> Best regards,
> Pierre                            mailto:pierre () datarescue com
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.