Oldest AV myth/question answered

Discussion in 'other anti-virus software' started by Inspector Clouseau, Sep 29, 2009.

Thread Status:
Not open for further replies.
  1. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
  2. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    Is the advance coarse in Mac/Linux :argh:

    Wonder how people will react when McAfee is always first in detection for new threats :rolleyes:

    Thanks for the heads-up.
     
  3. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,818
    Location:
    Innsbruck (Austria)
    Reply from McAfee in comment section(http://www.haloscan.com/comments/alexeck/974923028625162068/#421115):

    Gents,

    Let me address your concerns. We are NOT creating new malware nor are we showing others how to create malware. We are allowing our customers to get firsthand experience with existing malware and malware tools to educate them on what it is that is out in the wild hunting them and their users. This will be done in a secure environment with no connectivity. No one will be allowed removable media or storage devices. All malware and associated toolkits that we are using are currently detected and protected against.

    Again, we are not teaching coding or teaching people how to write malware nor would we ever. We are allowing them to interact and experience malware in a controlled environment to get a better understanding of what we are protecting them and their users from.

    Best regards,

    Dave

    Dave Marcus
    Director, Security Research and Communications
    McAfee Avert Labs
     
  4. NoIos

    NoIos Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    607
    With all the respect to Inspector Clouseau, I see nothing wrong here. Do you really believe that the guys who write malware are waiting for McAfee's guidance. Theoretically I could agree with you but honestly I see nothing tragic here.
     
  5. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Yes, sure its nothing tragic, just a bad choice of wording - More likely to be a PR stunt, trying to get people through the door and then showing how amazing McAfee is.

    ... but judging by the advertisement (if it is correct), I think there is a big problem with showing people how to create malware, people start somewhere and climb up from there. Consider the day as a day in nursery?
    Of course the hardcore hackers/malware authors wont care about this, but the n00b will - (and most hackers/authors were n00bs at some point).
     
  6. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    A few good reasons there lol.

    I can understand your initial reservations about such a course, but McAfee certainly are not the only ones doing it, or anywhere near the first to do so, for eg here's just one -

    Ethical Hacking: Penetration Testing and Certified Ethical Hacker - http://www.infosecinstitute.com/courses/ethical_hacking_training.html

    So if it's ok/legal for others, why not McAfee, or any other Anti etc company for that matter ?

    If they are able to teach those who want to learn, maybe to have a career in Anti's etc, what's wrong with that ?

    Also i can't really see script kiddies or the baddies attending these sessions, can you ?

    Of course i fully expect that whatever Malware McAfee have coded, will be detected etc during this " Limited seating available " session !!! So not real world, but i would say a useful exercise, to those who express an interest. If i had the chance to go, i think i would, and report back.
     
  7. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    This is unethical. And it’s the wrong approach to teaching awareness and understanding of malware. This would be like your local police giving a crash-course on how to plan and execute the perfect robbery -- yet to avoid public criticism, they teach it in a ‘safe environment’: your local police station.

    water-tight argument. I do not see how these actions are supposed to help the users.
     
  8. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    I didn't quite get the target group for the course.


    If it's for IT security then I can certainly understand this. Kinda similar like with bookkeeppers and accountants, they need to know how to commit fraud in order to detect it :) similarly, IT security personnel need experiences and insight into how malware works.
     
  9. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    I will never understand why people think that writing malware is required to understand malware. But then, it might be a bit more effective than those people who read a few av blogs and think they are perfect av experts... :rolleyes:
     
  10. simisg

    simisg Registered Member

    Joined:
    Nov 6, 2008
    Posts:
    410
    Location:
    Greece
    mcafee and norton...........no comments these are the story of viruses in pc's:mad: its all about money
     
  11. TrojanHunter

    TrojanHunter Registered Member

    Joined:
    Jul 8, 2007
    Posts:
    151
    Location:
    United Kingdom
    I don't see the harm of it, a deeper understanding is nothing bad.
     
  12. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    This reminds me of Dr Web.The developer of Dr Web has said sometimes they will write some virus to have funo_O .
     
  13. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    You must be coder then?

    I am not, and for me malware is something which I don't properly understand. I can read and observe what it does, but how and why it does that is beyond me.

    What harm is there in deeper understanding that could make more efficient in this particular field (especially if I wish to pursue career path in IT security)?

    I'd be nothing more than glorified script kiddie at present. Using tools others created, without having any deeper understanding of things.
     
    Last edited: Sep 30, 2009
  14. NoIos

    NoIos Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    607
    Well this phrase is a mystery to me too. If you intend that they just copy malware code, modify it a bit and then release it under other names...then ok...but I have never seen a coder write something new without understanding it.
     
  15. I see nothing wrong with what McAfee is doing. They are simply educating the masses, as to what these malware are, and what they are capable of. We all know MALWARE is a big issue, McAfee I applaud them for being leaders and showing people the dangers of malware.
     
  16. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    There are tons of good reverse engineering and analysis tools which you can use to analyse and *fully* understand the function and structure of malware. There is absolutely no need to write malware in order to understand it.
     
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I think, no, I know, that if Stefan and IC are saying so, then it is so. To dispute what they are saying is about as pointless as changing your avatar every day.:cautious:
     
  18. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    You don't need to know how to design an engine to service/repair one either. But i'm sure a lot of mechanics might like to, if given the chance.

    People in the AV/Anti business don't have exclusive rights to info/knowledge, even if some of them might like to think so ! :D
     
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    I have to agree with the inspector on this one. When you are in a business where trust is a huge element, the appearance of wrong doing can be as bad as actually doing it.

    Given at times the maybe unfair fear that av companies are behind virus outbreaks, to sell more products this was not a very smart move on McAfee's part in my opinion. They just cracked the door open a bit on the mistrust issue.
     
  20. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    It looks like it's all to do with a bad choice of words on McAfee's part. Personally I would have thought direct communication with them would have been the way to go rather than having this hornet's nest of a debate going on. The situation would probably have been resolved after a couple of emails or so.

    PS: I note McAfee have changed their wording on the details for this event.
     
    Last edited: Sep 30, 2009
  21. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    I remember PrevX and BBC teamed up to do something similar. They bought a botnet and then used to it to SPAM, DDoS.

    Details and video info at:
    http://blogs.zdnet.com/security/?p=2868

    Here is a now offlined Sophos Blog over the issue:
    http://74.125.155.132/search?q=cach...12/bbc-break-law-botnet-send-spam/&cd=7&hl=en


    If that was not a big deal, then what is the fuss about McAfee Avert ?? They're at least are doing it in a closed environment (and not with real people as bots), plus its at a seminar (and not broadcast on TV/Net).
     
  22. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    they didnt say that. people just thought that since they was the only antivirus to detect a certain rootkit once loaded they created it which is not true. other companies detected it once loaded after that.
     
  23. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I personally don't mind that some people (I guess not everyone is invited) learn more about how to create malware.

    It's not an in-depth course.

    Learning how to create malware by common malware creation tools and a bit more can give one some insight about the threats.

    Seriously, there is a flood of dangerous malware out there, would exposing some people to these tools create a serious threat for the public ?

    Not that different from disclosing a vulnerability that hasn't been patched yet.

    If it were abused the AV vendors would have to deal with more signatures. Just a tiny %.


    Just my 2 cents.
     
  24. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    Fly, you don't understand. Using a construction kit will teach you nothing about how malware does work or how you can protect against it.
    And before writing real, serious malware, you first have to learn about so many things. Of course, everyone is free to do so! All the information is available on the net, all the tools are freely available! You just have to dig a little bit.
    There are tons of malware samples available for everyone, more than you ever will be able to analyse in your entire lifetime.
    AFTER you learned all these things, you will be able to write malware (using a kit is not writing malware), but the creation process will not deepen your knowledge really any further. And what you do with your shiny new malware? Good things, I bet. Yeah sure.

    The AV people are not hiding or blocking any information - we just have way too many new malware samples every day to think it's funny when someone teaches the public to write even more malware. Yes, please learn about how malware works! We need skilled people badly! But it seems that most of those went over to the dark side already.
     
  25. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Stefan, when you say the darkside, where is the profit. I mean so you become a bad guy, where is the monetary incentive. Compared to folks like you, Marcos and the rest here who work for a legit vendor and have a paid salary. Quite good I hear to.;)

    My point is I have seen where it is just the opposite. Some really good malware writers have become the good guys, no names please. I mean if I could do it, and was good at it, I would be sending my resume to Avira, well, maybe Norman. I think most of these dudes do it because they are:
    1. talented
    2. young and have no clue of responsibility in life
    3. Or are just plain screwed up.
     
Loading...
Thread Status:
Not open for further replies.