Copy Link
Add to Bookmark
Report
40Hex Issue 08 File 010
40Hex Number 8 Volume 2 Issue 4 File 010
Letters to the editor! Well, as you can imagine when I got this
message I was quite startled. Sorry Paul, no top billing this time :-).
Although it is at this point, that I would like to say a couple things.
For instance, the virus community seems to think that their actions go
unnoticed. As you might imagine, this is not quite true. C'mon,
security people get their hands on 40Hex shortly after our boards get
it. Just letting you know that big brother is watching :).
----------------------------------------------------------------------------
40-Hex Response:
As a Security Analyst I find 40-Hex an incredibly interesting magazine.
The magazine presents entirely different viewpoints then what is in the
industry magazines such as Virus Bulletin, Virus News International and
Virus News and Reviews. Although all three of these publications are good
and very useful to me in my job, 40-Hex does indeed keep my mind open. It
discusses viruses in depth, including commented source code, and has been a
real learning tool for me. There is just not anywhere that you can get the
detailed analysis of a virus except in a magazine like 40-Hex. I can't help
but be torn between my thirst for knowledge about virii and how they work,
and the fear that the more knowledge about virus writing becomes available to
the public, the greater chance that there is going to be more and more garbage
out there and more and more irresponsible people releasing this garbage on
their "friends and neighbors".
I do want to thank 40-Hex for what I consider a very favorable review. I
had to laugh about the comments, because frankly I agreed with them. I guess
that I do get a little melodramatic sometimes. But I do honestly believe
that the knowledge exists out there to create a program/virus that will
be able to escape detection by any method in use today. Whether it will
ever be written and whether it will have destructive capabilities I don't
really know. I don't know of any virus writers that make profits off
their work. While all the anti-virus developers, although they complain
about the work that they have to do to keep up with the virus writers,
certainly make a nice profit on something like a Michelangelo scare. So
the only motivation for the virus writer is the challenge of creating a
nearly undetectable virus.
I am very curious myself to see if the NCSA's prediction of 40,000 virii
by 1994 comes true. I certainly agree with 40-Hex that most of
these virii will be hacks of some of the existing code out there now. The
anti-virus industry itself can't decide on how to count different strains of
viruses, so anyone will be able to make whatever claim they want anyway.
Finally, Dr. Solomon said it best informally at the First International
Virus Prevention Conference. He was talking about how America was founded
on freedom and the rights of the individual. He said that Americans seem
far too willing, in his opinion, to voluntarily give up those rights. Right
now, virus writing is not illegal. And hopefully it never will be, because
what you or I do with our own personal computers is no one else's business
but our own. But when we interfer with someone else's computer or data or
life, that I believe that is where the line is drawn. Its going to be a
very long and hard process to determine responsibility for damages caused by
a virus. Passing a law to make virus writing itself illegal will not solve
the problem. Something, though, has to be done to protect an individual's
or a corporation's rights to have a virus-free working environment. There
are enough problems with buggy commercial software, without having to worry
about virii hitting your computers too. But until that time comes part of
my job will continue to be warning people about the dangers of viruses and
helping them protect their data.
Paul Melka
Response to a Response to a Response:
+------------------------------------
As the head of the -=PHALCON/SKISM=-, I find your letter a very
interesting response. I thank you for your raving reviews on 40Hex. We
try to make it a magazine that everyone can learn from. Well, I still
debate the undetectable virus issue. Regarding the virus writer/anti-virus
issue, I definately agree, that the anti-virus people are motivated by greed
more then anything else. I am glad to see that you agreed with my oh so
witty comments, they weren't meant to be abusive, just a little comic relief.
I agree with you on the issues regarding a virus-free working
environment. But, as you already know, writing a virus isn't
illegal, it is the spreading that is illegal. Unfortunately, it is too
late to start working on anti-virus writing legislation now. The damage
has been done. The virus issue is fairly similiar to the AIDS issue.
You have to use protection, no matter what. There will never be an end
to virii. Even if everyone stopped writing virii, the infection rate
wouldn't decrease. I don't know of many people that get hit by the
newer strains that have been coming out. Most people still get hit by
Jerusalem, Stoned, and other 'classics'.
I would be very interested in what solutions you may have come up with
to protect the rights of individuals and corporations. I hadn't heard about
Dr. Solomon's comments, until I recieved your letter. Quite frankly, I agree
with what he is saying. Another major problem with making virus writing
illegal is the definition of a virus, or trojan for that matter. It is
very difficult to come up with a concrete definition.
I appreciate your response, and definately encourage other people, either
pro- or anti- virus to respond!
-)GHeap