Sunday, August 17, 2008

china, disclosure, and malware

not too long ago, amrit williams wrote on his experience traveling in south-east asia and specifically his observation of their attitudes towards malware disclosure:
What I was shown was the most active and open distribution of malware, kits, and exploits I have ever witnessed. I will refrain from the details but considering the perceived insular nature of China and the openness of the US, I can tell you from the sharing of knowledge perspective we are way behind.

I asked some questions about disclosure and was met with puzzled looks and shaking heads.
though it's not completely unambiguous, i get the distinct impression (especially from wording of the statement that we're way behind) that he thinks we should be more like them... but i have to wonder what all that openness with regards to malware disclosure has actually done for china... are they better off than we are? are they better equipped to keep the malware problem in check?

i suppose perhaps if you were only looking at the technological side of the malware problem the easy availability of malware for study should theoretically be of help... but i have to wonder: when most of the population is not involved in the creation of tools to help defend against malware, and when those that are involved have fairly open access to malware even over here in the west, what advantage is china's undifferentiated openness really giving them in practice?...

if we don't just look at the technological side, however, if we include the social component as well (especially as it relates to malware creation) then that openness comes under a different light... what do we know about china and malware in broad terms? well, although finjan's figures suggest china is not the biggest host of malware, according to kaspersky they are the largest producer of malware...

sharing malware materials helps learning about malware, there's no doubt about that, but uncontrolled/undifferentiated sharing (as opposed to the more reserved 'only if i know and trust you' type of sharing) helps the creation of malware more than it does the defense against malware, and china may well be serving as an unrecognized object lesson in that fact... so the next time we look at how other cultures handle issues differently, before concluding that they're doing things better because they're adhering more closely to abstract principles that we value, lets make sure we look at the larger picture and not lose the forest amongst the trees...