funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: write viruses? it's controversy time of the month

From: Drsolly <drsollyp () drsolly com>
Date: Wed, 30 Aug 2006 01:29:20 +0100 (BST)
On Tue, 29 Aug 2006 Valdis.Kletnieks () vt edu wrote:


On Tue, 29 Aug 2006 16:13:49 CDT, Gadi Evron said:

http://www.heise-security.co.uk/articles/77440

Okay, so, who wants to shout writing viruses is bad, first?


Releasing viruses is bad.

Keeping a stockpile of viruses under conditions that they may escape
is bad - and it doesn't matter if you wrote them or collected them.
You may have collected a rare virus that hasn't been seen yet by A/V
signature writers - or you may write viruses that intentionally are
detected by current scanners.  So the moral injunction is to not release
undetectable viruses, no matter what source.

Writing a non-released virus?  That's a black box by definition, and
morally neutral.

 
We still don't know that they wrote any viruses. Since they created 5,500 
files, they must have used some automated program, and I really doubt that 
they tested each of these 5,500 files to check that they really were 
viruses.

In order to assess their test, we have to get a copy of those 5,500 files.

So, here's a question - are they willing to release them? If yes, then the 
"black box" isn't black any more. If no, then no-one can tell whether they 
did a valid test or not.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: