ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #185 [Re: Disassembled virus?] (1 message, 1757 bytes)
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
From: Theodore Ts'o <tytso@ATHENA.MIT.EDU>
Date: Wed 00:40:40 09/11/1988 EST
Subject: Re: Disassembled virus?
References: [Thread Prev: 183] [Thread Next: 194] [Message Prev: 188] [Message Next: 190]
Date: Tue, 8 Nov 88 23:19:45 EST From: rick@seismo.CSS.GOV (Rick Adams) The part that really surprises me is that you think the typical grad student is too stupid to turn algorithms into code. (After all, you're willing to publicize the algorithms...) No, I'm saying that there's a significant energy barrier which exists between "actually sitting down and writing the code" and "pulling it off the net and compiling it". Any twit can do the second. I'm hoping that people who is intelligent to turn algorithms into code will know better. The typical freshman twit won't be able to turn algorithms into code. Your "parallel" is quite poor and doesn't seem at all relevant. A reasonable parallel to the plutonium in your story would be an undiscovered security hole, NOT the code itself. (Also, I'm not convinced that a 5 megaton explosion in NYC would be a bad thing, but thats another topic). Are you worried that university physics depts are teaching students enough knowledge for them to make bombs? I'm not. To use your analogy, a university should teach physics students how to make atom bombs. However, we should _not_ hand anyone a preassembled bomb; and that's exactly what source code to the worm/virus would be. (Actually, it hasn't been compiled yet :-) but you know what I mean.) I think you've said it all without realizing it. You say "The virus source code won't tell you anything that's been published on the list". Presuming that you meant to type "that hasn't been published on the list", that is the PERFECT argument for publishing it. You said yourself that there was no new information to be gained from it. So whats the problem? See above; the information is there, so people who want to protect against worms and viruses know what to do. In that case, the only thing the code is good for is for someone who wants to make another virus. What else would you do with the code? Read it? You could read the algorithm, and probably get a lot more out of it. Using your analogy, again, it's a lot more instructive to look at the plans of a bomb (the algorithm) than giving the students a bomb and asking them to look at it. Even if you do trust the students not to set the thing off, they would get a lot more out of the plans and descriptions. Don't delude people into thinking that your safeguarding of the code makes them more secure. It doesn't. It won't stop wizards like you and me and countless others on this list who could easily write a better virus/worm than the one that attacked us last week. The only thing that stops us is our sense of honor and ethics. However, I hope to stop a freshman twit who has neither the wizardliness nor the ethics. Note that this is an argument against general publication of the source code. Giving the source code to trusted individuals is an entirely different matter. It has different problems, however. How do you decide who is trusted? And how do you know if it won't get redistributed to half the world after you give it to a few "trusted" people? It might become as good as generally published, in which case the problem is reduced the above case. - Ted
END OF DOCUMENT
|ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved.|