Security threats Toolkit

Story: Malware authors mixing a lethal cocktail

• 
• 

Short and simple, Kaspersky is a twit.

"We are against anyone who publishes vulnerabilities because it gives hackers a tool."

This is such a patently ridiculous statement; I don't even know where to begin attacking her. First, the argument that now that virus writers are paid (as though all virii up to this point were solely a labor of love) will make them more motivated is absurd.

Virus writers who were previously not committed to the craft may indeed be "more" motivated by money, but ask any geek, Which gets done faster? The code they are paid for or the code they "want" to write (ala personal projects, community projects that they are heavily committed to, etc)
*(Every coders dream is to get paid for doing the projects they love most, it just doesn't happen that often)

That virus writers are going to beat everyone in the footrace because they now have access to the
same tools for collaboration that they had 10 years ago is a silly notion, the methods for distributing
ideas and working together, be it on a virus, or an OSS Bayesian filter, remain the same. IRC, documentation, email, and more recently Instant Messaging, etc, etc, etc.

Although, I must admit, there is an air of truth in that one statement. "..it will give hackers a tool."
Well, if you look at the traditional (correct) definition of hacker, this is 100% correct.
Once you have properly documented and provided a how and why type of assessment, "hackers" can work together at a very rapid rate to write code that will do everything from detect the presence of the vulnerability to a patch for the system. Sure, virus writers are probably working just as hard, but this is nothing new.

I would imagine that if you told Kaspersky about a tool that allowed the complete novice to craft a
virus using nothing more than a GUI interface and very basic compiler, she would beat the pans, raise the alert, and warn everyone of the impending doom. Of course, those of us with our heads removed from our posterior would laugh heartily, since we all remember (I am sure) a little program called "virus creation laboratory". As I recall, it was a Pascal turbo vision app that generated the appropriate asm code, and all
you need was the old compilation/linking tools provided by Microsoft with MS-DOS 5.0(??) The world did not end, I assure you.

In short, the views presented in this article are extremist and alarmist in nature, and the only apparent source of information has a fairly obvious bias. After all, did you really expect a representative (and to venture a guess, owner) of an Anti-Virus Software
( http://www.kaspersky.com/ )
to present an honest "state of the industry" address without painting a scary picture, casting a few shadows on the wall, and reminding everyone the bogey man lives in the closet?

But we can't blame her solely. No, the next person to blame would be Dan Ilett. After all, was he paid off by Kaspersky Labs to create this advertisement in the guise of news? Where is the alternate opinion? At least round up a few other people who are knowledgeable to put in their opinions, even if they are in agreement. Worst thing that could happen is it would lend you at least some credibility. In fact, did you even write this? Or just
sign your name to the Kaspersky Labs Press release. But it's not all Poor Dans fault either. Apparently his editor was asleep at the wheel when this trash graced his desk.

But alas, I've already put more thought and effort into this rebuttal than was put into the original.
In short, don't believe everything you read, and try to hold your News sources accountable for reliable, accurate, and as un-biased news as possible. Or at least hold out for news that does a better job of at least appearing credible.

• 
• 

• 
• 
• 

Full Talkback thread