Should we do a security competition?

The key issue is the sharing of malware outside the professional community. Wilders Security Forums is a member of that community, in the same way that all those AV/AM guys are who post here using the yellow member accounts. In this case, (i.e. this thread), the sharing of malware is entirely being coordinated from here.

No matter the delivery method, it all started and is being coordinated from here. Hungry Man sending people PM is no different than him sending them emails. He proposed the testing here. He contacted the participates here. The participants "signed up" to do the testing here. Taking the actual malware delivery off forum does not change the fact that members here asked for malware and are being given access to it.

The forum is an entity that is not allowed to share malware outside the professional AV community, and that includes encouraging and/or facilitating it in any way. Since the forum doesn't actually make posts itself, it's the members using the forum to coordinate malware sharing that is the issue.

Say I go to a list of judges - all the AV Experts and ask if I'm actually "sharing malware". First I say, I uploaded it here and people downloaded it. Opps, that's defnitely me giving people access to malware samples. I broke the rule. So, instead I upload the malware to rapidshare and post a link to it. No, I still provided malware samples to people I should not have. Next, I ask Hungry Man to registered an anon email account and ask people here on the forum to send him their email addresses to receive links to the malware. Hungry Man sends the email linking them to the malware... Nope, I still provided the malware, but, I used intermediaries to do it. I can put as many layers of separation I want to in there, it's still the same result in the end.

Well, in place of me, put the forum itself. There is absolutely no way for "malware to be distributed to members here" without breaking the ethic Paul agreed to years ago. No matter how many private layers are incorporated in the process, the malware testing idea started here, the list of participants was assembled here, and someone here used that list to send the malware out. Long and short - the forum was used to distribute malware.

And no, this is entirely different than just discussing testing in general. "This test involves finding a way to distribute malware samples to people doing the testing." That is the very thing that breaks the ethical rule. It's not a matter of us not wanting to get caught. It's that we must and will abide by the malware sharing rule.

No, totally different. Diiscussing malware is not the same as distributing it. This thread by its very concept requires distributing malware to the participants. Doing it here or linking it off site makes no difference. This thread is still the original source of malware sharing.

Still the same thing if this thread is the source of the coordination. As I said, we can't just link to "Bob's Forum" and tell people the malware will be distributed from there. The very link to Bob's Forum becomes the method of distributing the malware. That's still about "not getting caught" distributing malware. You can not coordinate a malware test from here and simply distribute the malware elsewhere to remove the accountability.

 

The test you were referring to was testing real malware and it encouraged, as it always does, people requesting the samples so they can test to. That's why that was closed, among a couple other reasons not related to this threads topic, when the other test at that time, where someone tested commercial keyloggers, was left open.

I still suggest using legal keyloggers, simulators, or one of those test sute tools used in all the HIPS testing. Both Matousec and MRG have done those, haven't they? And frankly, that is the only way this can continue here. If this is ultimately going to be about using real malware to test with, this thread will have to end. We can't be a party to it.

 

I guess I'm going to give up. I don't know how many other ways to explain it. You started the idea here. You got people to sign up to do the testing here. You are going to get them to give you some method of sending them malware samples, by asking them to give you that information here. Then you simply go to another forum, an email service, or an upload site and use that to actually send the malware. (By the way, I'll bet you that every one of those services has rules against distributing malware, too. such as this - see note about malware) But, you still coordinated from it here. Malware was requested, signed up for, and sent to people by what they typed in here.

It's not possible to explain it any better than that. You are using our forum, our server, our bandwidth, our membership rolls, our google indexing, our popularity and high level of posting activity, to assemble a group of testers to whom you'll then distribute malware. How does that not put us smack in the middle of being a conduit for distributing malware samples?

I'm done. Thread closed.