tag:blogger.com,1999:blog-7347279.post3460639205487462190..comments2023-08-26T05:04:33.009-04:00Comments on anti-virus rants: ethical conflict in the anti-malware domainkurt wismerhttp://www.blogger.com/profile/03810635947269551517noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-7347279.post-38011449201894492652011-03-25T07:48:06.254-04:002011-03-25T07:48:06.254-04:00@Harry:
software that facilitates one entity attac...@Harry:<br />software that facilitates one entity attacking another is malware. that is what HBGary created and sold to various branches of government/military. your confusion is down to the fact that you have reason to side with the attacker.<br /><br />if we used the reasoning you're adopting to weasel out of calling these particular examples malware, we wouldn't be able to call commercial malware malware at all. after all, it's not malice, it's just business.<br /><br />as for your inability to discriminate between vulnerability disclosure and malware disclosure, i happen to have written about that topic quite a bit. <a href="http://anti-virus-rants.blogspot.com/2008/01/vulnerability-research-vs-malware.html" rel="nofollow">vulnerability research vs. malware research</a> is just one of posts i've written which might enlighten you as to the differences.kurt wismerhttps://www.blogger.com/profile/03810635947269551517noreply@blogger.comtag:blogger.com,1999:blog-7347279.post-28500492048891548292011-03-24T22:03:51.225-04:002011-03-24T22:03:51.225-04:00I'm not sure there's any evidence of HBGar...I'm not sure there's any evidence of HBGary being commercially involved in writing malware, at least not in the original sense meaning that the softWARE had MALicious intent.<br /><br />Perhaps we need a new term for non-malicious stealth software - weaponware, maybe?<br /><br />As for their connection to rootkit research - well, research into ways of exploiting security vulnerabilities, and public disclosure of the details, often including demonstration code, is by now a well-established and accepted practice. I don't see the public release of rootkit code as fundamentally any different.Harryhttps://www.blogger.com/profile/05164118770972076651noreply@blogger.comtag:blogger.com,1999:blog-7347279.post-393095267541515662011-02-21T09:27:15.012-05:002011-02-21T09:27:15.012-05:00Great post...
What's interesting to me about ...Great post...<br /><br />What's interesting to me about this is the fact that the blackhat community is unquestionably moved ahead by the compromise overall. Even if the compromise didn't give them access to source, it certainly gives them insight into malware ideas and deployment strategies. Not good. <br /><br />You and I have disagreed in the past about the specifics of how to contain this, but it's a good argument for both positions - both the "no malware authorship in the security community" position as well as the "control it and regulate it" position.<br /><br />My hat is off to you.emoylehttps://www.blogger.com/profile/17705465560365990554noreply@blogger.com