RE: Get your computer viruses here!

[C <chamuco () gmail com>]

On 12/29/05, Drsolly <drsollyp () drsolly com> wrote:

> I do, however, have a choice in who I send malware to, and I *should* be
> held responsible for distributing it with care.


Let me make a distinction.  First of all OC is not "sending" malware to
anyone.  It is offered as a public service for people to download if they
wish.  If someone launches the malware against a network that is a serious
problem.  I would agree that is unethical.



> > The unethical thing to do is limit the spread of resources.
>
> Oh?
>
> Hey, I want several of the resources I see advertised in PC World. Are
> they being unethical in refusing to send it to me unless I fulfil the
> criteria they set?


To follow your analogy, as long as they are paid for then you can have
them.  As for malware this analogy does not hold.  The root of the problem
is that people are writing malware.  It needs to be defended against.  The
distribution mechanism is already in place by the writer of the software.
OC just makes it easy for those trying to defend against it.


There's some nasty people around who would like bombs. Is it unethical to
> make it more difficult for them to get bomb-making material?
>
> There's some nasty people around who want to spread malicious software. Is
> it unethical to make it more difficult for them to do so?


There are some nasty people who would prevent valid researchers from getting
malware.  Is it ethical to do that?

The malware is being provided in a manner for research only.  We saw there
was a problem in the vetting system that was currently in place.  Until
there is an industry-wide method for anyone to be vetted as a "malware
analyst" the free and open model must exist.

C

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.