funsec mailing list archives
Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!]
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 31 Dec 2005 14:17:27 +1300
Blue Boar wrote:
Apologies to those for whom this is getting old, ...
Hey -- some of us have been pondering/debating/arguing/fighting about this stuff for around 15 (or more in Alan's case) years...
... but I think I'm learning something new here...
I'm pleased to hear that, as among all the heat this topic tends to raise (and yes, I know I generate a lot of that myself) I'd hate it if the light went unseen...
Addressed mostly to Nick and Solly. So, one part of the concern is that mr. amateur malware author will get ahold of binaries and hexedit them into something new.
That's a _part_, but only a part. For some, it is all but a show- stopper, but they tend to be at the really extreme end of this (and you guys thought _I_ was at that end of this spectrum, eh?? 8-) ). For me, that's not a terribly big threat and probably falls close to "technically acceptable" (I'll skip the standard, expected lecture about moral acceptability here) given the rate at which it already happens _AND_ how we deal with it now (improved heuristic and/or generic detection capabilities in scanners, etc).
But, I'm hearing that the real concern is that if binaries, source, detailed analyses, etc... are posted, then the malware authors will learn to write better malware? Is that the real problem?
For me that is a _major_ issue with this, for not only are samples made freely available, but "good quality" analysis is also available (or "hoped to be"). Samples are readily available to the both the good and bad guys many other places, and while the presence of such other sources in no way justifies deliberately adding another "open VX" site, in practical terms it makes very little difference. Equally though, the "thoussands of good guys" Gadi and Val seem to think are starved of samples could just go to those other sources and slake their thirst for samples from them... Another serious issue is that to be seen to be good as is important as to be seen to be doing good and it is hypocritical in the extreme to stand up saying "we genuinely want to make the Internet a better place" and then to make many of the tools and much of the information necessary for the bad guys to make it even worse freely and openly available to all and sundry. As Dr Solly siad, there are _many_ issues with such a project and to do such a project well you have to address them. To arbitrarily decide "it's all too hard" (or perhaps just "I'm too lazy to bother even trying") is not a responsible approach and will not be supported by responsible folk. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!], (continued)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Nick FitzGerald (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Dude VanWinkle (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Drsolly (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Blue Boar (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Dude VanWinkle (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Drsolly (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Nick FitzGerald (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Blue Boar (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Drsolly (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Blue Boar (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Nick FitzGerald (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Gadi Evron (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Drsolly (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Blue Boar (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Gadi Evron (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Dude VanWinkle (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Drsolly (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Dude VanWinkle (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Drsolly (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Dude VanWinkle (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] val smith (Dec 28)