[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <b7bc1b1f040902230617fb17a0@mail.gmail.com>
From: uberguidoz at gmail.com (Über GuidoZ)
Subject: win2kup2date.exe ?
James Tucker said:
> There is always no need for aggressive statement of suspicion, which
> you are close to here. While I understand aggression due to anger, I
> am concerned that one should not get angry at someone offering them
> a service merely because one is suspicious of them. What if the offer
> of help is entirely genuine?
Amen. Not only that, but was also said, the choice to do so or not is yours.
--
Peace. ~G
On Fri, 3 Sep 2004 02:19:07 +0100, James Tucker <jftucker@...il.com> wrote:
> On Fri, 03 Sep 2004 11:19:41 +1200, Nick FitzGerald
> <nick@...us-l.demon.co.uk> wrote:
> > ?ber GuidoZ wrote:
> >
> > > ... If you want to email me a copy of it, I'll
> > > rip it apart and see what can be seen.
> >
> > And world plus dog should entrust you with such material because???
> ... most viruses, trojans and malware to not store copies of stolen
> data in their executables. Furthermore the file size is very small.
>
> > > P.S. Send it to [...] - it's my "catch all" for
> > > virus/unknown files. Just be sure to ZIP it up or else the web host
> > > won't let it through. Otherwise I have disabled all checks/scan.
> > > Downloads directly to a secured Linux box.
> >
> > That's all very nice, but alone, far from the makings of someone to
> > entrust arbitrary, suspected malware samples to.
>
> "Entrust", just what exactly are you thinking you might be giving away?
>
> > I'm also rather suspicious of your promotion of Virus Total. Hispasec,
> > as far as I can tell (Spanish being something I have to have translated
> > via online services), has no antivirus or similar product of its own,
>
> I do not necessarily trust this company or their service. Having said
> that, if they produced their own Anti-Virus package, to put other
> vendors scanning engines in a publicly available service would either
> be damaging to their business, or considered anti-competitive.
>
> > yet it has set up, and some folk seem to be promoting, what is
> > effectively a sample collection mechanism. I've also heard vague
> > rumblings that Hispasec/Virus Total does not have suitable licenses for
> > at least some of the scanners used in its service (and strongly suspect
> > that several of the AV vendors whose products are currently used would
> > not allow their products to be licensed for use in a service of the
> > kind Virus Total offers anyway because it paints a rather disturbing
> > trust picture -- "You can trust me because I can run a virus
> > scanner...").
>
> Again, you suspect allot of deception here, and while it is of course
> possible you are correct, I have yet to see this ever done in
> practice. Samples of non-data carrying viruses or trojans are of
> little use to anyone other than Anti-Virus firms, as it is easy to
> collect raw source for most if one is so inclined.
> I agree that it is unlikely they have sufficient client licenses to
> provide such a service; however I can see that there are a great deal
> of arguments in law about how their case may be won. They may for
> example only be required to carry one license, they could argue that
> they are simply allowing users to deliberately infect their systems,
> and making portions of the logs publicly available.
>
> If there are viruses which commonly copy target system data, or
> sensitive data into their binaries at the present time (I imagine the
> mention of this deception may well spring at least one such virus)
> then I apologise that I am not aware of it. If the report of the virus
> name in question is accurate (which IIRC it has been now verified by
> someone else) then the binary is not carrying sensitive data.
>
> Having said all of the above, your concern is not mis-placed, and if
> you feel uncomfortable with any such possibility of giving away a
> minor amount of data, then certainly make good your freedom and choose
> not to do so.
>
> There is always no need for aggressive statement of suspicion, which
> you are close to here. While I understand aggression due to anger, I
> am concerned that one should not get angry at someone offering them a
> service merely because one is suspicious of them. What if the offer of
> help is entirely genuine?
Powered by blists - more mailing lists