-
Hi,
Human beings live in a hierarchical social system (i.e. there is a pecking order) which is a necessity for the kind of social cooperation (i.e. team work) which is the root of all successful human endeavour.
However, the corollary of having a hierachical social system is that 'when the cats away, the mice will play'. Human beings are iow also born opportunists who will, in the belief that they can get away with it, exploit any crack in the system which works to their advantage. This is called crime (although sometimes it's called working the system).
Interestingly, they will also help anyone cooperatively if it is not to their disadvantage, even if it is not to their apparent advantage. This is called altruism.
The short and the long of it is that given the opportunity and the belief that they will not be caught 85 % of us will commit a crime. 5 % or fewer will actively seek to create the opportunities and there are a few weirdoes who are totally honest (read socially naive and/or dumb).
Apply these stats to hacking and you will see that you will have people who will push the bounds and therefore you need research on pushing the bounds as a contingency. You also need to take that expertise and either build it in or dumb it down sufficiently so that the j03 6paxh can deal too.
Security has to be proactive but it doesn't need amateurs messing up the stats just for kudos. If you want to develop root kits as a hobby fine. Root kit yourself and leave everyone else alone. Or else get someone to pay you to do the research legitimately. Security companies aren't stupid, they know that if someone can do it, then someone else can also do it.
Yurt Ennez
-
With your situational ethics, tenzenryu, I can see where you may think your statistics are valid. However, if they were real, then the entire fabric of social order, rule of law, democracy and repu blics and all that would fail. These, especially democracy/republic as we know it, is based on the belief that man is basically good (Locke). Yes, there are those who will knowingly break the law in the belief that they won't be caught. That is simple risk taking or playing the odds, not any kind of deep ethical analysis. It is strictly a self-centered, selfish and foolish approach to the problem (whatever that problem is).
The main problem with holy_father's approach is that it attracts attention, because it is the hack du jour. Yeah, we know there are rootkits and that there are new ways to make them. For crying out loud, we have multi-national corporations making them (badly) and forcing them down our throats. It ain't like we _need_ a script kiddie circlejerk club member (copyright zencoder, 2005) making things worse.
-
Proactive security is not only impractical, but impossible. The two ways of limiting attacks by viruses are by either detecting code which is malicious, or by hooking specific routines in the operating system / interrupt services to protect against malicious software.
In case A) detection is bound to fail due to the ease of obfuscation of code. As an example, I'll point you to http://aconole.brad-x.com/xmas.c which was my first attempt at obfuscating code. For the curious, it's just ascii art. For the untrusting, go ahead and compile it, then throw nm, ldd, objdump, strings and gdb at it. It's not malicious.
In case B) while this may work, there are again, always ways around specific system calls. To guard every system call is so much work that it's impractical for end users, applications developers, and AV writers. Also, think about what kinds of control mechanisms would need to be in place for 100% effectiveness. Palladium anyone? You'd kill opensource developers in a heartbeat.
As far as I'm concerned, let AV companies be playing the catchup game. In the mean time, I won't be an idiot who runs every binary thrown at me without first investigating it. Even then, I'll make sure to use a chroot jail, on a honey pot / test machine.
-
hmm the main concern for this so called "game of cat and mouse" are the innocent users who have no clue on the seriousness of this threat. Note that Holy_Father CAN sell his product to adware/spyware companies aswell, who have no care on the innocent bystanders who take the blow, as long as they are making profits out of it.
Im all for making AV companies implement pro-active methods, but do the common user "average joe" have to suffer for it? Hacker Defender has been implemented on a number of malicous threats already, i.e. Apropose.
And i dont think companies as such would care about the game or the consequences of unleashing such techology to the common users.
If they wish to play cat and mouse, do it in a controlled environment. less casualties.
And AV/Anti-Spyware companies do have to start implementing or atleast try to implement pro-active methods into their software.
