funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]

From: Drsolly <drsollyp () drsolly com>
Date: Thu, 29 Dec 2005 15:55:02 +0000 (GMT)
On Wed, 28 Dec 2005, Blue Boar wrote:


Nick FitzGerald wrote:

And that benefits who most?


Anyone who doesn't want to be dependent on someone else for their AV needs.

Look, I'll come out and say it.

The AV companies have an ivory tower attitude; they think they can 
decide who deserves to know something and who doesn't.  If I don't have 
a "legitimate" need, if I won't agree to keep secrets, then I'm not 
deserving.


No. 

Each individual has a responsibility to decide who they trust and who they 
don't trust. If someone decides that you're not trustworthy, then that's 
their decision. You have to make the same decisions.
 

Those of us who have grown up in a world of full disclosure when dealing 
with vulnerabilities and exploits are never going to buy into that. 
That attitude carries over into the malware world.  Malware IS 
different, but it's close enough that we are going to see it the same as 
any other "dangeous information."

I used to work at SecurityFocus, which was at best quasi-AV.  We 
published analysis reports, IDS signatures, instructions for manual 
detection & removal, etc...  I was one of the guys who did a lot of the 
malware analysis.  They are Symantec now, but this was prior to that.

I was provided samples by McAfee, Symantec, Kaspersky, Trend, and 
probably a few others I can't recall.

I have also been provided samples since I left, and no longer had even 
that tenuous grasp on officialdom.  These are more recent and more on 
the sly, so that I don't care to name names.  That is based on (I 
assume) part my reputation, and part the fact that the AV guys aren't 
always as stringent as they claim to be, when dealing in private.  In 
those cases, the usual restriction I'm given is to share as I please, 
but to not name sources.


What you're saying here, is that you were considered trustworthy, and 
you're still considered trustworthy. I'm not seeing the problem here.
 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: