> industry deal with on an hourly basis, but that usually seldom > impinge the consciousness of "ordinary systems managers". You speak for them all obviously > Publishing code for exploits seems likely to have the problems fixed. > Publishing code for viruses won't. People will not move to less Why not. The code he published is trivially available. The fact you've gone screaming about the fact he released it shows the release has some vlaue. Bugtraq is a full disclosure list. It has carried detailed dismemberment of other worms before now. The melissa worm is little different to the internet worm, where posting the methods it works and the reconstructed code helped no end to fix the problems. > To be done well though, it requires an element of expertise. The > antivirus industry and those of us closely affiliated with it have > been doing this for years. We might even be considered somewhat > "expert" at it. > First, this is not a security issue in the traditional sense. Yes--I Unauthorised execution of code causing disruption of victims machine. Its not even that much more mechanised than the scanners nowdays which install rootkit, pop onto irc and then fire up themselves. > Second, viruses spread. However, unlike worms which are (usually) > self-spreading exploits, there is no "vulnerability" to be fixed. By definition there is a vulnerability. It got in, it spread, it got out. It mailed your important documents to people. Thats a vulnerability. Its no different to cracker mailing your payroll out. You pedal the same myth "The bad guys are too stupid to work it out" Sorry. The average bad guy can get a copy of the virus binary and mail it as is to victims. Anyone with half a clue can extract a visual basic program. What are you going to do when the virus authors all start mailing source code out to everyone on usenet. Perhaps we should _all_ be getting our house in order so that when they do we can chuckle safely to ourselves. Alan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:40:55 PDT