funsec mailing list archives
RE: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]
From: "Randy Abrams" <abrams () eset com>
Date: Wed, 28 Dec 2005 14:12:07 -0800
-----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Blue Boar Sent: Wednesday, December 28, 2005 1:11 PM To: Gadi Evron Cc: funsec () linuxbox org Subject: Re: [funsec] Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron wrote:Then let us agree most Bad Guys won't bother with it as they have better
surces?
I think to be completely fair, there will someday be at least one Bad Guy for whom the site in question will be the most reliable source of the desired malware. I'm not saying he's a smart or successful bad guy, just that he has bad intentions and wants some particular piece of malware for nefarious purposes. Does that constitute failure? I don't think it does. If the userbase is 99% people researching anti-malware, and 1% bad guys, I call that success. if it were reversed, 1% researchers and 99% bad guys, then I would say it was a failure, and should be shut down.
Success or failure needs to be compared against the alternative. I haven't seen the argument that these files can't be shared in a more secure manner with a 99.9% success rate. If you trade 99.9 for 99 with no good reason, then it is a failure to realize a better result. Complete failure? No.
Not a failure in the sense that he has no legal basis nor right to do so, (IMNSHO) but in the practical sense that it is effectively doing more harm than good.
But perhaps it is doing more harm than good given the alternative of vetting people.
You can also factor in a percentage of stupid people if you like, those with the proper intentions, but lack the skill or care, and infect themselves and others. Many consider them as bad or worse than Bad Guys.
Yeah, there is also the angle of protecting people from themselves, as well as protecting others from their ignorance. For non-replicating malware you might have a bit of an argument that the incompetent can learn from their errors, but with replicating malware the incompetent inflict their errors on others. Even with non-replicating malware the result may be that information on a shared computer is inappropriately compromised for another user.
To lump a lot of the (current and ex) AV guys into one small bucket, it has been my experience that they consider the one bumbling bad guy or incompetent good guy to constitute a total failure. AV guys, feel free to defend yourselves against my mischaracterization, if appropriate. To pick on someone in particular, I've seen Nick take some very extreme positions on this kind of thing, for example.
I've been working with AV for about 8 years or so now, so I'll respond from an AV point of view. There are definitely AV radicals who accept nothing less than perfection, except in the performance of AV products :) I'm not one of those. I do think that there are good reasons to limit access to some things. I think for malware it is a more responsible and socially considerate thing to make attempts to ensure that you only provide access to people you have reason to believe will not abuse the code. I don't think there is absolute failure or success, but that only 1 in 99 do bad things in an open system where you might have a record of 1 in 999 or better does recommend that latter system. I'm just not seeing where people intelligent enough to research these things are not able to find resources and build a trust relationship.
In short, I think Val should continue, and we all see what happens. BB
I think providing unvetted access is unwarranted. Cheers, Randy _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!], (continued)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Dude VanWinkle (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Drsolly (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Dude VanWinkle (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] val smith (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Drsolly (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Joe Jaroch (Tera Innovations, Inc.) (Dec 29)
- RE: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Randy Abrams (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Aviram Jenik (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Drsolly (Dec 29)
- RE: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Randy Abrams (Dec 28)
- RE: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Randy Abrams (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Blue Boar (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Nick FitzGerald (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Blue Boar (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Nick FitzGerald (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] James Kehl (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Nick FitzGerald (Dec 30)