Author Makes Symbian Virus Code Available

putko writes "The NY Times (registration required) has a story about a Brazilian software expert whose posted the code for his Bluetooth virus on his website. The article has a general anti-free-exchange-of-information tone to it. Security firms call him bad. Nokia is concerned. Here's his homepage (in Portuguese), so let's not unnecessarily DDoS him: The most irritating bit of all this is that the guy writes the thing, distributes it, gives it a name (eponymous) and then the stupid virus firms go and butcher it -- e.g. "Lasco.A". What's so wrong with "Velasco" already? The guy clearly wants it to be named after himself."

Yeah

Because as we all know, nothing takes away encouragement from a virus writer like giving him exactly what he wants. \sic

I'm confused

[bwalling]

This posting seems rather sympathetic to this guy. Free exchange of information? Your credit cards are information - should I freely exchange those with everyone? So, not all information should be exchanged. Why should we be so nice to his website? He's not being so nice to our cell phones. And who cares what the name of the virus is? It's not like he discovered a new comet or something positive.

There's something to be said for being open and free, but there's also taking it too far.

Re:I'm confused

[tka]

Yep, even though one might think of it as a positive thing to expose security problems in software, I don't. One should first contact the company about this. And then after a while, depending on what the company response was, release it. The security problem might not be due to originally bad design or lack of interest in security.. In which case the company should suffer from it.

But now, we, the customers suffer from it.

jealousy

[St.+Arbirix]

The A/V companies got mad that they didn't think of the virus first.

What good is antivirus software if it can't protect against all viruses? How better to protect against them to have written them yourself?

-1 flamebait

Re:I don't think there should be any debate here

[hummassa]

But this is the only way to tell the companies: fix this or the whole world will know how to exploit it.

Re:I don't think there should be any debate here

[orasio]

Please! try thinking!
Just because nice guys refrain from discovering vulnerabilities, it doesn't mean the bad guys will!!
The guy is just trying to force the hole to be closed.
The situation before this guy was that your phone was vulnerable, and you were ignorant. The situation now is that your phone is vulnerable, and you are aware of it, and probably won't buy another vulnerable bluetooth device until it's fixed.
I don't understand why you prefer the first scenario. It's actually possible to write vulnerability-free software. It is way too expensive, but maybe it should be required.
If people keep thinking that holes whuld just be overlooked instead of fixed, there will never be any value on providing secure software.

I wonder...

[IndiJ]

You know, my gut reaction on reading the article as posted was, "What a goddamn piece of bullshit flamebait - who cares whether or not the guy doesn't get to name the virus he created?"

But then I thought about it. Regardless of what it is, it is something that this Brazilian dude wrote. It's his intellectual property. He should have the right to name it. For the antivirus companies to tag it with their own name is equivalent to WalMart getting a box of "Home on the range" DVD's, ripping the covers off and selling them as "WalMart presents: The Disney cow movie!".

And before anyone offers any arguments about "not wanting to encourage virus-writers", let me say: bullshit. It doesn't matter whether it's a program, a novel, a song or a painting ... or a virus - intellectual property is intellectual property. Even people in jail own the copyrights on their goddam prison tatoos. Even Osama bin Laden has his copyrights. The laws are quite clear on this.

So... yeah. Velasco it is.