Slashdot Mirror
Inside the Mind of a Virus Writer
sebFlyte writes "news.com.com is running a very interesting interview with 'Benny' (AKA Marek Strihavka), a former member of the famed 29A russian virus-writing group, about what drove the group among other things. He's now one of several ex-virus writers working for security companies."
He's got a point there, but still, that stinks of "create a problem, then sell the solution".
quidquid latine dictum sit altum videtur.
1. Write viruses
2. Work for antivirus company selling solutions to the viruses that you write
3. Profit!
In Soviet Russia, Chuck Norris will still kick your ass.
"Inside the Mind of a Virus Writer"
Will I get infected reading the article?
Q: How many viruses have you written?
A: A lot
Q: Why did you write them?
A: To learn and innovate, not to harm.
Q: Should virus writers like you work for AV companies?
A: Yes, of course. We know security the best.
Why is this an "interesting interview"? There is little to no content here. It's the same crap we've heard every virus writer say to every person who interviews them. While I agree that the best security people are probably the ones who used to break the system (aka virus writers and crackers) why does this need to be considered interesting news? I was more interested in the (FALSE) story about the fish from the tsunami.
It amazed me the way some people think. It sounds to me like he thinks he should be free to write virii because it's expression and protected under the first amendment? So by that analogy, someone who burns down a building shouoldn't be prosecuted because they are just expresssing themselves. Come on, him saying that he didn't distribute his "code" is complete crap. He wrote it and it got distributed. Anyone who thinks differently can buy some swampland from me at a steep price.
My sig of choice is Marlboro
I foud this tidbit a bit interesting...
Some antivirus firms say that I have no moral right to do it, but...almost all ex-members and current members of 29A are employed in the antivirus and information technology security industry.
Does this strike anybody else as a "wolf guarding the henhouse" scenario?
Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
There is something to be said for learning techniques for mitigation through hands-on practice. For example, I routinely attempt to crack my own web servers in an attempt to discover potential weaknesses. You can read white papers on XSS and privledge escalation and proper filesystem permissions all day, but you don't really ever learn the application until you try it for yourself.
If I were to hire another administrator to be in charge for securing my systems, I would want them to have that same internal drive and desire to explore the system, rather than having a checklist-mentality. Go down the list and assume the server is secure.
That said, I would _not_ hire someone who was actively involved in breaking into other people's systems. It's the mindset. They did it once, they can't do it appreciably any better than if they had probed their own systems, and they're likely to do it again. Part of being a professional means a mature respect for other people's beings.
So if this guy actually wrote viruses that were released, I would consider him probably a bad canidate. Otherwise, yeah, go for it. Good choice.
The guy never distributed the viruses, he never even wrote code designed to self-replicate. He is just some guy with an interest in computer security and finding exploits and you are calling him "the virus writer". The man is not a criminal.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
somesuch thing about a passionate young code mangler:
"Frank Abignail did steal millions of dollars. He was a criminal. This kid didn't do anything of the sort -- he simply wrote programs that exposed insecurities in operating systems."
And spam writers simply write spam that exposes weaknesses in baysian filters.
"I am of the mind that we absolutely need people like Benny -- someone MUST check the locks to ensure that we are indeed safe. If no-one is checking the locks, then we're just fooling ourselves that what we hold near and dear is safe."
I'll be over to check your locks. DON'T CALL THE POLICE!
Correct me if I'm wrong, but isn't the whole idea that a virus writer assists in securing computers just a bunch of crap? I mean, please, let's drop the facade for a minute, and think this through:
01: A virus writer releases a virus or worm,
02: A virus writer gets accused of damaging millions of computers
03: A virus writer says he did it to bring attention to X bug that could be potentially used to write a virus or worm for
04: GOTO 01
I realize that some companies are stubborn and have persued legal action against people who publish bugs in software, so a virus or worm can sometimes be the only effective way to bring public attention to a problem. However, this usually is in turned converted to bad press for the writer, and just backfires. The way I see it, this is a better argument than others for switching to OSS - no morbid fear that publishing a bug will result in a lawsuit (no matter how unfound half the time), and thus any virus/worm exploits on an open platform can be considered generally malicious, and the writer persued fully.
He states that he publised his viruses. This is just as bad as actively releasing the thing.
Or maybe they're all just too stupid to think that some script kiddie will come along, compile and release the thing. Writing malicious code to see if something works is one thing, writing it and releasing/publishing it is another. One can help you understand the workings of another piece of software, the other makes a big mess of the internet and there's no excuse for it.
Silly rabbit
The article doesn't mention what the turning point in his life was. I think that would fill in a big gap.
I just RTFA, and there wasn't one mention of bone saws, power drills, or plastic explosives. How else would one get into the mind of a virus writer?
The only acceptable process for getting into the mind of a virus writer should be both irreversable and serve as a warning to others.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
When you get down to it, who you employ is up to you. If you think that your customers would be best served by a former virus writer, then do it. If you think they are too dangerous then don't. It comes down to your economic choice.
This is another way of starting a sig with this and ending it with that.
Most viruses are designed to be friendly to the anti-virus industry.
There's always been an implicit synergy between the virus and anti-virus companies. They need each other. But now we know there's more than that.
This article at InformIT.com is another interview with a 29A member (Ratter). Much of the same content and statements.
Looks pretty darn empty in there.
Last time I checked, the First Amendment was in the US Constitution.
Article 17 of the Czech Republic's Constitution ("Charter of Fundamental Rights and Freedoms") states, in Section 4, "The freedom of expression and the right to seek and disseminate information may be limited by law in the case of measures essential in a democratic society for protecting the rights and freedoms of others, the security of the State, public security, public health, and morality." So here, limitations on these rights are more specifically spelled out. I'm not sure, but I would argue that writing virus code and releasing such code certainly is not protected "expression," at least as defined here. Such expression clearly may interfere with the rights of others and public security. Mr. Strihavka may not be as free as he thinks, and he's certainly not protected by the First Amendment.
In the US, First Amendment protections are not all they're cracked up to be, in any case. These rights are clearly spelled out in the US Constitution, but, in practice, that only means that they can be asserted and litigated. Thus, you have the presumption of such freedom, until some corporation or government entity wishes to deny or abridge your rights, armed with better lawyers. Unless, you're rich and can afford press coverage and good attorneys, you can be screwed by a simple letter.
"Who else (besides virus writers) should code antivirus programs? Who else has the experience and technical skills for fighting viruses?"
just because you can blow up a bridge doesn't mean you should be trusted to build one.
it takes a completely different skillset to defend against viruses than it does to write them.
doctors don't have to know how to create a disease in order to know how to cure it. i would trust a doctor to treat disease far more than a bioweapons engineer.
just like i don't trust a burglar to guard a bank vault, i don't trust a virus writer to write antivirus software.
I was hoping they had a bunch of them with their skulls cracked open.....
...that stinks of "create a problem, then sell the solution".
Sounds like every consulting gig I've been involved with. Convince them they have a problem and that you, and only you, know how to fix it. Oh, and ummm, profit!
Actually, I would trust a bioweapons engineer to create a drug designed to block biological weapons far more than I would trust a doctor. What, you were going to put a surgeon or a pediatrician in charge of that team? I would also expect a talented safecracker to know things about safes that the original designers don't know -- and as someone else pointed out, who better to blow up the bridge than a guy who builds bridges?
A poorly thought out simile is like a fish riding a bicycle, for reasons you would do well to contemplate on.
In the meantime, the safecracker metaphor is actually kind of revealing: getting input from the safecracker on how to protect future safes is invaluable, *but* you would of course expect any changes to be thoroughly reviewed by trusted engineers before they were accepted. I wonder if the firms employing old virus writers apply similar precautions?
THAT would tell you whether he was as good as he claimed.Yep. And until I see him releasing code to fix exploitable holes in Open Source, he's still just another kiddie. Again, from the article: Pattern matching is nothing. And that's all that anti-virus software is.
Rather than spending his massive talent on pattern matching viruses, why hasn't he come out with something to prevent viruses in the first place?
Anti-virus systems are all re-active, not pro-active.
Re-active is easy.
Pro-active is hard.
This story is junk. Some "journalist" saw that a "criminal" had been hired by a "security" company and decided that it would be a good story.
So for several years I was an op on #virus the 'home base' of 29A and less popular/talented virus groups, i've never written a virus/worm myself, and because of that I was only mildly accepted however I did get an insite to them, and many of 'them' do it for the reasons Benny listed- and Benny is a perfect example of Proof of concept, he wrote the first xp virus, the first virus that would infect linux from windows if a computer dual booted/etc, while slashdot as a whole may have an unpopular opinion of them in general, I can say at least some of them are quite talented. Oh, and they hate the vbs/vba viruses just as much as anyone else.
You recognized it, you offered an alternative which you feel is legit, but you did recognize it, and that's all any word is good for. Therefore it's a good word, a real word. As Andrew Jackson said, it's a poor mind that can only think of one way to spell a word.
Infuriate left and right
I don't think that's intentionally "frendly to the anti-virus industry".
The challenge of virus/worm writing is having the thing spread, of manipulating systems and hiding.
The reason there is rarely a destructive payload is because there is absolutely no challenge in a destructive payload... any moron can write destructive code.
Contrary to what the movies, and thanks to them, the media like to make people think, the primary goal of most virus writers isn't to wreak havok on a global scale, it's simply to see their code spread around the world.
It's largely just very irresponsible behavior, not necessarly malicious.
You're a little off here. If not for SPAM, we wouldn't need antispam programs and bays-filters. The filter is a response to the annoyance of the spam. You might argue that the SPAM is due to the lacks in SMTP et al but in that case why make new SPAMs once it's pointed out
The programs written by the kid, however, are targetted at vulnerabilities that already exist. Had he not written the code to expose the weakness, the weakness would still exist. Therefore he is responding to the weakness (and the weakness is the problem) whereas bays-filters are responding to SPAM (and SPAM is the problem).