[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40290322.30845.20CADC5C@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: DoomJuice.A, Mydoom.A source code
"Riad S. Wahby" <rsw@....edu> wrote:
> According to most reports on the matter, DoomJuice delivers the source
> of Mydoom.A to infected computers. I'm running an informal seminar on
> malware and this could be an invaluable teaching aid. ...
In what way would it be "an invaluable teaching aid"?
I can see how it could be used as an invaluable _publicity_ aid for
attracting folk to the class. However, as a teaching aid, it is highly
unlikely to be of much more or less value than the source of any of
dozens upon dozens of other malwares, and and that value would be very
low...
Unless you are planning on teaching malware _writing_?
For folk interested in work in the antivirus and related security
fields, source code is all but worthless. We rarely have the source
code of the malware we have to analyse -- at least, we rarely have it
in advance of, or concurrent with, having do such analyses. Reverse
engineering is the name of this game and source code is then useless
-- if you have source you need not reverse and if you must reverse you
would not have the source...
Also, from a purely pedagogical perspective (I majored in Psychology
and Education), I find your claim that having the source of this
malware "could be an invaluable teaching aid" deeply suspicious.
Teaching from the specific is generally superficial, less long-lasting
and generalizes much less well than providing a good theoretical
grounding in the subject matter. Could you expound the theoretical
applications that presenting this specific malware's source code to
your class would illustrate especially well?
Finally, whether you obtain this code or not, what aspects of the
ethics of possessing, handling, distributing, etc such code will be you
be teaching? Personally, I doubt they will be substantial (or even
present) as your initial approach to obtaining the code shows a serious
lack of concern for some significant ethical issues straight off...
> ... Thus, if anyone
> has the source, I'd greatly appreciate if you'd mail it to me off-list
> or point me towards an appropriate URL.
And what controls will you be placing on your students obtaining,
copying, etc the code? Given your brazenly open and "uncaring" request
here, why should we expect that you will take any special care with the
code and its further distribution to and among those taking your class
and their room-mates, buddies and other contacts?
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists