home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
cud
/
cud521f.txt
< prev
next >
Wrap
Text File
|
1995-01-03
|
5KB
|
122 lines
Date: 10 Mar 93 14:27:01 EST
From: Crypt_Newsletter <70743.1711@COMPUSERVE.COM>
Subject: File 6--Response: virus-writing contest
What is the danger of Mark Ludwig's international
virus-writing contest?
Well, according to contest rules, the winning virus code is
destined
for publication in the second installment of "The Little Black
Book"
series.
"Oh, terrible, terrible!," wail anti-virus software developers
throughout the land.
"More virus code in the hands of anyone who wants it!
These miscreants and electronic sociopaths are
already making computing untrustworthy enough!"
Bunk. Publishing any or all of the code collected in Mark Ludwig's
contest won't make any difference. Why? Because there already
exists
more well-commented virus source code in general circulation than
any
one person has time to analyze. Taxpayers can download it by the
megabyte from the Bureau of Public Dept.'s bulletin board system 24
hours-a-day, no strings attached. Or if you feel the need to be
more
"elyte," more "politically correct," it can be had from the
favorite
whipping boy of the anti-virus community - shhshhh - your
friendly,
neighborhood virus exchange sysop.
Beating on Mark Ludwig for his virus-writing contest, then, strikes
me
as stupid. It's hypocritical, too, because as some involved in
virus
research know, a great many of the working samples of viruses found
on
virus exchange BBS's come attached to "sacrificial goat" files
bearing
the trademark of a number of anti-virus vendors. You can find
extremely detailed virus disassemblies on virus exchanges, too. Not
so
surprisingly, some of these are composed by the same anti-virus
researchers who whine in electronic publications like Virus-L
Digest
about the unrestricted flow of viruses and their source code.
So if the virus-writing contest is dangerous because it subverts
the
control of "sensitive" information, the anti-virus community lost
that
battle a while ago, soundly beaten by a large number from its own
rank.
Next, do security specialists have something to learn from virus
programmers or sponsors of virus-writing contests? Yes, indeed.
For example, about a year ago I wrote a couple of stories on the
Michelangelo phenomenon for a daily newspaper. In the course of my
research I tried to dig up a few books to recommend to
sophisticated
readers.
Mark Ludwig's "Little Black Book" was the only one I could find
that
wasn't either horribly wooden or written for someone with the
attention span of a very small child. I endorsed it in the pages of
a
daily newspaper. The sky did not fall. The region's computers
weren't
besieged by a horde of Ludwig viruses.
In addition, a number of computer security workers within different
arms of the U.S. government already consult virus programmers on
various security problems. When I asked one of them why, he
replied
that he didn't want to be backed into relying on the anti-virus
community for advice, advice he saw as too self-serving.
That leaves the question of how to distinguish between "benign" and
"malevolent" virus programmers.
Hmmmmm. That's a tough one, because the picture's more complex
than
that. Unless you buy the idea that virus programmers either write
disk-corruptors set to go off with a bang on weird holidays or make
them for courses like Patrick Toulme's "Virus 101," you're stuck
coming up with an answer.
You might decide to go with the popular stereotypes of young men
with
too much pent up hostility or unemployed programmers from
politically
and economically uncool locales like Russia, Bulgaria and China.
But
that dog won't hunt if you think of Fred Cohen.
Or you can try to describe them as "groups" like NuKe, TridenT or
Phalcon/Skism. And THAT leaves out a great many loners who collect
viruses like stamps and occasionally need to come up with a fresh
one
as barter for that new, rare "tunnelling, polymorphic full stealth"
beauty from Outer Slobovia.
These guys could care less whether any virus they have gets into
the
wild. In fact, they probably would like to see less of that -
keeps
the collection more unique, more "valuable," you see.
Clearly none of these are an answer. So try asking a better
question.
George Smith edits the Crypt Newsletter which has published virus
source code.
Downloaded From P-80 International Information Systems 304-744-2253