[funsec] Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]

Drsolly drsollyp at drsolly.com
Thu Dec 29 10:26:33 CST 2005

> Dude -- don't confuse who someone works for with who someone is.  If 
> you think AV _companies_ control sample sharing in the AV industry you 
> have very little grasp on how things really work.  That's not to say 
> that the occasional company does not have very strict policies about 
> who gets to decide what is shared with whom, even within the industry, 
> but in general the relationships are person to person, for the simple 
> reason that people can trust other people (or not) but a person cannot 
> trust a "company" and a company, being inanimate, has no such thing as 
> a sense of trust.

Absolutely right.

> For sure, and I agree that the difference is essentially doctrinal, but 
> when it comes to self-replicating malware there is a significant hard-
> core in the AV domain that will not budge and that may raise a huge 
> problem (in terms of continuing relationships with those in AV) for 
> those outside AV that find simplistic schemes such as Val's acceptable.

Again, that's right. Val's "let everyone have everything they want" site
is no different from the VX bulletin board set up in 1989 in Bulgaria, and
will be perceived by many people as placing Val in the list of people who
shouldn't be trusted.

> That's OK, no names needed.  Those folk presumably have some degree of 
> trust _in you_, at least sufficient to entrust samples of whatever 
> based on their evaluation of the risk presented.  If I knew you 
> professionally I may well do the same thing too, and if a few of the 
> folk I already really trust in such matters said "he's a good guy" I 
> would extend my trust in their judgement.

But would you entrust someone with samples, knowing that these will wind 
up on a VX web site? I know a *lot* of people who would not.

More information about the funsec mailing list