summary of the "sharing samples" thread from my view-point

[Gadi Evron <ge () linuxbox org>]

> _AND_ you look dirty by making it available.
>
> It is hypocritical to say "Internet as a whole, please trust me, my 
> intentions are good" and then make bad stuff, and "good stuff" that 
> will further help the makers of more bad stuff, freely available.
>
> Now, call me odd, but I (and, very many others) find it _really_ 
> difficult to trust abject hypocrites...

Looking dirty is one thing.. doing the right thing quite another.

What was it Pierre said?
"
That's the "majority" argument pushed to the extreme. The "majority"
isn't always right. If it was, you'd fall off the end of the earth
walking past the edge.
"

Making MOST samples openly available in an organized manner will only 
help get things better and help kill or bring under control most of the 
"trafficking" and "uncontrolled sharing". If we do not agree by this 
point in time, we will have to agree to disagree. You guys seem to 
follow the hichhiker's balrog way of hiding from danger - if you can't 
see it, it can't see you.

Not giving most of the Good Guys help because some Bad Guys might get 
better? They have hundreds of ways of getting better even if samples 
were not as common as they are. Good Guys need to defend against THIS, NOW.

So, of all people, I believed as you do and will continue to follow that 
for a while. But, unlike you, I am willing to *consider* I was wrong or 
that I was right in the past - but times change.

In a few years, we will know who is right, as people like us keep 
"holding back" information when it is virtually hammering at our doors 
with 400 infections attempts per minute for a common DSL line. It's not 
far off.

I suppose this argument was moot the moment we picked it up again, but 
something did change --
We now know that there is a reason for silly people like me to exist. I 
call it as I see it and damn the consequences. :)

That puts "it" out there whether I am right or wrong. In this case I 
agree that it would have been best to leave the world at large in 
ignorance for its own so-called protection, it just isn't the case 
anymore. Not in these last couple of years.

My arguments repeat themselves: malware is everywhere - fact. Good Guys 
have a hard time - fact. Etc.

Arguments from your side have the moral side, which is a difficulty as 
ethics are always both bully and underdog, and often not considered 
wrong in your lifetime, even if it is about one type of human, being 
less than another (not making a comparison to this argument, just a 
minor point to this paragraph).

Arguments from your side, however, have no base in reality for the year 
2006. Do we keep hiding samples for the sake of such "vetted clubs" 
(all-white, all-Christian all-rich 50th clubs metaphor often used in the 
AV world - no offense to any religious or white guys around) to exist? 
Maybe it is time to face the music, and create new clubs or change the 
current ones' purpose.

Maybe it's tradition.
Doing something just because it has somehow become tradition is fine -- 
until it becomes harmful. It's time for some new traditions.

No one can claim I am against vetted "clubs", I am very PRO on them - 
when they are needed. Otherwise public knowledge does a lot more good.

For each Bad Guy you teach (when he had other sources), you also teach a 
Good Guy. How many Bad Guys are out there in comparison to Good Guys?

Unless I can get you to acknowledge it is marginal to barely possible 
that the Bad Guys will benefit from your stuff rather than many other 
sources is silly we waste our time. If we were to pursue this argument I 
would say that you may help the unskilled one a bit, who can help 
him/herself quite easily anyway. And so on with other arguments - on 
both sides.

That's pointless at this point as we obviously won't agree.

What does bug me though, is that you refuse to see that the problem 
today, in Heinlein's memory, is:
"It's simple, numbers -- they have more."

You can keep your absolute morality of not helping the Bad Guys in any 
way. Don't even teach them assembly without a background check... but 
try to see that Good is not always without some Evil. That evil is what 
needs to be measured in comparison to to the better Good.

"The truth is probably somewhere in the middle"
"Life is not black and white"

Now I sound like a bad fantasy novel.

I believe this thread should come to a close. Thank you everybody for 
your opinions and participation, as well as proving once more that most 
arguments and debates exist solely for the purpose of proving the other 
guy wrong or to bring him to your point of view while ignoring his.

Not many are "enlightened", but if no one concedes even one point to the 
other side or willing to discuss it while presuming to agree for a while 
to "get" the other side, the debate is pointless as no opinions will be 
changed.

Still, it was interesting. Again.

I'd appreciate it if this post is looked at as a summary of my point of 
view for someone who did read this discussion rather than come to it at 
this point. I'd rather people did their own rather than start debating 
this post and starting it all over again, but hey - this is funsec, do 
what's fun for you. :) I'm game.

Thanks, and a happy new year!

        Gadi.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.