RE: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]

[Drsolly <drsollyp () drsolly com>]

On Wed, 28 Dec 2005, Drsolly wrote:
> > If the air is made of anthrax, how does downloading some more hurt?

But the air isn't made of anthrax. If malware were as common as air, then 
there would be no point in setting up a way to distribute it. The fact 
that he wants to make it easier for people to get access to malware, 
demonstrates that it isn't, currently, as free as air.

> You are indeed investing time and effort to educate. You are however 
only
> critisizing, even if in a good manner. You are not actively helping him.

No, I'm helping. I'm explaining how he can improve his scheme, with 
specific suggestions, and also pointing out difficulties that he didn't 
know about, such as the criminality issue that could get him into hot 
water, and the fact that he only has an oral legal opinion and not a 
written one, leaves him on thin ice if a law enforcement authority should 
decide to prosecute.

<<As far as I'm concerned? ALL OF THEM.
It is irrelevant where they get theirs frm as they have dozens of
sources. Let them get it from that site.
Researchers are FAR more limited and NEED this to survive.>>

If malware is so common, why do you think there's a need for another 
distributor?

<<Today's enviroment made it impossible for the good guys to get help or
help themselves, while the bad guys rule the world.>>

But you're argument is that malware is easy to get.

> The moral standards in this case come from where they always come from - 
> they come from your own understanding of right and wrong.

<<It's wrong to carry a gun. It's wrong to shoot people.

If I have to shoot someone to defend my family I don't know if I can do
it, but I hope I will be strong enough to shoot the guy dead instead of
abide by some moral high-ground of dying instead of taking a life.>>

That's not the moral high ground, and I don't know why you say it is, when 
you obviously believe it isn't

<<Sources and binaries are openly available everywhere. The bad guys run
their creations automatically against many engines to see when they stop
getting detected.>>

Again - your argument is that malware is easy to get. This means that 
another malware distribution is not needed.

<<Nope. The Police in most sane countries has guns. Does that mean they
encourage people to carry them? Depends on your point of view.>>

The police in sane countries do not carry guns as a matter of routine, 
only when there's a strong likelihood of firearms being used by criminals.

<<I am not a lawyer, but there is no victim unless you use it to
attack. Some laws are not equal to the task of being technologically
up-todate, even if I interpret this one wrongly.
Now that's a shocker.>>

Actually, most well-written laws don't get out-of-date with hanging 
technology.

> So, here's a question for anyone who is involved in maintaining an ftp 
(or 
> other distribution method) of malware. Would you be willing to publish 
the 
> access details and allow anyone at all to download from it? If not, why 
> not?

<<Let's hear.>>

So far, no-one has answered that one. I don't run a malware distribution, 
so I can't speak on this. I do, from time to time, get send the 
occasionally intersting bit of malware, which I do send to a ouple of 
lists which have been vetted. I certainly wouldn't send it to an unvetted 
list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.