Monday, May 21, 2007

mcafee's allysa myers on the wildlist

ok, not literally listed on the wildlist (though, as a wildlist reporter i suppose technically she is), but rather discussing the wildlist and making a good point that i haven't seen made before...

i've mentioned the wildlist before, and once i even mentioned some of it's limitations (such as not focusing on non-viral malware or the under-reporting of malware that is trivially removed by anti-virus software)... the limitations i mentioned before were pretty damning on their own, and should have been enough to make one question the relevance of the wildlist, but the point allysa myers made last week takes the cake...

the long and the short of it is that in the world of commercial malware the distinction between in-the-wild and zoo malware has been pretty much lost... unlike viruses back in the day, commercial malware doesn't get shelved once it's completed... it doesn't just get held up and studied like some intellectual novelty, or worn like a badge of honour amongst virus writers, commercial malware almost invariably gets deployed... that means people are going to encounter it in-the-wild (even if it never becomes widespread enough to make it to the wildlist)...

additionally, while myself and many others engaged in a protracted campaign to influence the vx community away from virus spreading and other behaviours that tended to lead to viruses finding their way into the wild, there is no real opening to do the same with the malware profiteers of today as there is no way (no work-around, no compromise that makes everyone happy) for them to achieve their goals without releasing the malware... so not only do they almost always release the malware now, they will continue to do so in the future...

so the question then becomes: if almost all malware is now going into the wild, what's the point of having a list of the malware in the wild? why bother continuing to make the distinction for such a subset if it's complement is so insignificant? maybe commercial malware hasn't completely overwhelmed the non-commercial variety (yet) but when it does (and i believe it must) i suspect the wildlist will have finally outlived it's usefulness...

0 comments: