Interview With an Adware Author

rye writes in to recommend a Sherri Davidoff interview with Matt Knox, a talented Ruby instructor and coder, who talks about his early days designing and writing adware for Direct Revenue. (Direct Revenue was sued by Eliot Spitzer in 2006 for surreptitiously installing adware on millions of computers.) "So we've progressed now from having just a Registry key entry, to having an executable, to having a randomly-named executable, to having an executable which is shuffled around a little bit on each machine, to one that's encrypted — really more just obfuscated — to an executable that doesn't even run as an executable. It runs merely as a series of threads. ... There was one further step that we were going to take but didn't end up doing, and that is we were going to get rid of threads entirely, and just use interrupt handlers. It turns out that in Windows, you can get access to the interrupt handler pretty easily. ... It amounted to a distributed code war on a 4-10 million-node network."

Sometimes we forget.

[jellomizer]

That the people who makes IT Guys lives difficult and annoying are indeed IT guys.

Re:Sometimes we forget.

Im pretty sure that the majority of cops that became criminals were the hardest to catch. They know all the tricks and what other cops/detectives will be looking for.

Re:Sometimes we forget.

[fph+il+quozientatore]

[Sometimes we forget t]hat the people who makes IT Guys lives difficult and annoying are indeed IT guys.

Or lawyers.

Re:Sometimes we forget.

[snl2587]

Difficult? Maybe, but for freelancers who collect a check every time they "fix" an infected computer (read: fiddle around for a while and ultimately end up reinstalling Windows), these crapware authors are the reason they can stay in business.

Re:Sometimes we forget.

[Thelasko]

Im pretty sure that the majority of cops that became criminals were the hardest to catch. They know all the tricks and what other cops/detectives will be looking for.

*COUGH*

Allegedly

Re:Sometimes we forget.

[MobyDisk]

Talented computer repair techs can stay in business just fine. But yes, the adware/spyware boom caused an explosion in the repair field too.

Re:Sometimes we forget.

[Opportunist]

Without malware writers, I'd be down a few 1000 bucks and would have to do something meaningful.

Still, you may believe me when I tell you, I'd really prefer to write software people want to have to writing software people hate to have but grudgingly accept as a necessary evil.

Re:Sometimes we forget.

[Holi]

if all you end up doing is reinstalling windows then maybe you should be in a different line of work.

Re:Sometimes we forget.

[bensafrickingenius]

"if all you end up doing is reinstalling windows then maybe you should be in a different line of work."

Hello, I understand you have a pretty serious malware problem. Well, here are your choices: I can spend 10 hours researching all of the hundreds of different problems you have, and fix them, and maybe I'll find them all, and maybe your computer will run ok for a while after that. Of course, if I do miss something, it's your financial information that gets stolen, not mine. That'll run you $300. Or I can just back up your data, format your hard drive, reinstall Windows, secure it in its virgin state, restore your data, and have you back up and running in half the time. For half the money. Oh, and when *I'm* done with your computer, it will run faster and more reliably than the day you bought it. What would you prefer?

And, please, don't give me the "you must not be very good at what you do if you can't make a 5 year old install of windows work better than a sparkling clean one in 20 minutes" line. Your arrogance is making my eyes water.

Re:Sometimes we forget.

[hairyfeet]

That is why I tell customers that if they don't want it formatted and they have more than 1 virus they have to pay PER virus. Works real well and keeps them from complaining when you show them the machine has 200+ virus infections at $10 a pop. I had one customer come in and after scanning his new Toshiba laptop he had 2074 viruses RUNNING at the same time! It took nearly an hour just to see the desktop! Sadly my former boss says he had that beat, as he had a home user bring in a machine where he had managed to get over 4500 infections in the thing.

What the earlier poster wrote is true though. Folks acted shocked that it costs so much to fix their horribly infected machines, like we should be fixing them for fun or something. Yet for some reason they don't bat an eyelash when the plumber hands them this huge itemized bill. So I have taken to handing them a nice little printout with Hijack This that shows how much crap was installed with a little mark by each infection. They don't seem to complain as much when they see that huge list of crap they managed to install.

Re:Sometimes we forget.

[symbolset]

Typically, yes, cleaning a virus infection from a windows computer costs more billable time than the replacement computer costs. I see a bunch of contrary responses, but I'm guessing they just don't know what's going on here.

Unfortunately, the cost of replacing the machine is just the beginning. After you have the new machine, the crudware infestation it comes with must be removed and that's often a wipe and reinstall from Microsoft media anyway. Then the broken OEM drivers have to be replaced with the functional OEM drivers from the vendor's website, and the installers for those don't always work properly. Then you have to add the drivers for add-on equipment like that combo scanner/fax/printer that the drivers never quite worked for and was discontinued years ago. Then you have to find all the user data from the old machine and put it on the new machine, even the user data that's hidden in stupid places like the programs folder for the application. You'll need to install the third party antivirus, all the Windows updates, and the usual suspects: Flash, Acrobat Reader, an office suite. Then it's all got to be tested with the end user to make sure they've got everything back they need to get their work done. Then if you're going to avoid doing this again in six months, you should take the precaution of capturing a system image.

Yeah, when you're billing at a reasonable rate the cost of the machine is very little. But still, it's something and when a small business is down because the viruses make their computer unusable it's usually best to fix it now rather than wait on a replacement PC to get the doors open again.

If you're reading this and you're a small business owner your best course is to go to EBay right now and buy another system that's the same model as yours for about $150. Then have your IT guy clone your system to it, take it home and put it in storage. Then when your system goes down, you've got a replacement to swap right in and load your data backups on (you DO make data backups, right?) so you can stay functional while your IT guy makes the dead system back into a spare for you.

Re:Sometimes we forget.

[feepness]

Can we throw away the idea of a "throw away society"?

Re:Sometimes we forget.

[symbolset]

You don't "fix" a computer. You reinstall, it should only take 20 minutes tops. Of course, you should not be an idiot and not let it get that way to begin with. Regardless of your overinflated salary you are throwing away money. Dumbass.

Look, I'm not a stranger to making an ass of myself on slashdot, but I still get to point out when other people do it. Sure, from a good image I can flash a 40GB SATA 3.0 drive in 3 minutes flat and the user is up and running. Add five minutes and I can restore today's user data from their good backup. That's not the common experience in the field because they have no good image and seldom have backups. In 20 minutes on the same drive you can install Windows if you have SP3 media. You still can't get all the updates, install the system drivers, install the accessory drivers, do a reasonable security software install and user configuration in 20 minutes. You definitely can't restore their user data, nor their critical apps. It just can't be done.

If the typical consumer were willing to pay his tech to come out and set him up properly, and visit him and make a good image semiannually, maybe. If they bought spares, better still. But they usually won't. Usually they won't call for help until they've borked it good and don't have backups. Most people if you gave them a button that booted their computer from an "emergency backup" spare drive, would crash their main system, then the emergency backup, and then call for help.

And some of them, oh, God I wish it were not so, utterly rely on some system running Windows 95 that hasn't been updated since because it was set up for them a decade ago and it still works and they bought into a system with no migration path.

I hate it when people venerate/elevate scumbags

[elrous0]

Some serial killer goes and and murders dozens of innocent people; and we reward him with veneration, books written about him, endless press coverage, etc. Scumbags don't deserve our respect, our veneration, or polite treatment.

Re:I hate it when people venerate/elevate scumbags

[Nos.]

He should be forced to forever use an unpatched Windows (9x, XP, 2000, etc) as his OS on every computer.

Re:I hate it when people venerate/elevate scumbags

[dave562]

There seems to be a big stretch between a serial killer and some guy writing malicious code. My primary interest in computers initially involved all sorts of fraud and outright criminality. I now work in IT and have a completely legit lifestyle. Anyone who has any real competency or natural inclination to understand computers will mess with them and figure out how to make them do things outside of the "normal" range.

The article talks about exploiting some incompatabilities between the Win32 and WinNT APIs. If there weren't guys like the subject of the interview, those incompatabilities would remain hidden. It takes mischevious people to come along and exploit the holes so that they get patched. By its very nature, software gets better when people push the boundries and tweak it. The person who writes code that leads to improvements in the most widely used operating system is not the same as the person who kills a bunch of people.

If anything, Microsoft made the mistake of making the computer too friendly. They released technologies that gave people too many options. In any sort of free environment, there will be people who abuse the freedoms that they are presented with. Malware authors are those kinds of people. It is easy to blame Microsoft for looking into the future and envisioning a world where web browsers are the central application on the computer. They rushed blindly into it and unleased things like ActiveX on the world. At the core, their intention was right.. they wanted to make it easy to execute code in a distributed environment like the internet. Yet the implementation sucked and it seems like they didn't pay any attention to security.

Re:I hate it when people venerate/elevate scumbags

He should be forced to use Windows ME, at no higher than 800x600 screen mode, with a 56K modem.

He should also be forced to eat his own testicles.

Re:I hate it when people venerate/elevate scumbags

[elrous0]

Given a choice between the two, I might go with the testicles.

Re:I hate it when people venerate/elevate scumbags

Damn right, dave. However, it's hard to deny that someone who writes malicious code that directly targets (ignorant) consumers may very well be treading on morally bankrupt territory.

Re:I hate it when people venerate/elevate scumbags

[girlintraining]

Some serial killer goes and and murders dozens of innocent people; and we reward him with veneration, books written about him, endless press coverage, etc. Scumbags don't deserve our respect, our veneration, or polite treatment.

We're not here to discuss his moral infirmities. We're here to discuss effective ways of countering the threat the aforementioned poses. It is logical to begin by questioning those we've found engaged in such behaviors as to their motivations, goals, and methods. However, if you do not wish to dissect the frog due to moral outrage, I can give you some music to listen to but you will not pass the course.

Re:I hate it when people venerate/elevate scumbags

[dylan_-]

Given a choice between the two, I might go with the testicles.

That's the trouble with browsing at +1...now I have to imagine what kind of comment that was a response to...

Re:I hate it when people venerate/elevate scumbags

Maybe you should click the "whoosh" button.

Re:I hate it when people venerate/elevate scumbags

[Ralish]

I think you're being a little harsh, not to mention very black and white.

Firstly, he's not a serial killer, he hasn't killed anyone; he's just irritated a LOT of people by installing infuriating software that's a pain to remove; in my view, this isn't quite of the same calibre as murdering people.

And if you read the interview, you'd see he's not really evil, like many/most/all serial killers, but a very intelligent young person.

His actions were motivated out of being extremely poor, he needed the money, and so he got involved in dodgy software programming. This isn't a justification for what he did, but it's nevertheless important to note. Further, he removed a lot of viruses and adware through his own adware, I'm not sure if this qualifies as grey hat behaviour, but once again, it blurs the line. Most importantly, he's reformed, and persuing an honest living, as well as providing insight into his past actions. I found his explanation of the measures he took to ensure his software remained on the infected computer fascinating from a technical perspective, there were some very clever approaches there.

I don't agree with what he did, but I'm not going to relegate him to "scumbag" status, and I wouldn't be surprised if over the coming years and decades, he makes many valuable contributions to IT and the Ruby community in particular.

Re:I hate it when people venerate/elevate scumbags

[girlintraining]

Yes, but malware authors are a bit gamey. I suggest buying a lot of rosemary before hunting them.

Re:I hate it when people venerate/elevate scumbags

[try_anything]

Anyone who has any real competency or natural inclination to understand computers will mess with them and figure out how to make them do things outside of the "normal" range.

"Normal?" Not "honest" or "right" or "non-dickish?" Do you really have the balls to suggest there is some kind of honest difference of opinion about the morality of what these adware guys do?

As for what you did, we all have our shameful moments in life. We all, at some point in our lives, invented and couldn't resist using the really clever way to make fun of the retarded kid or the weak kid in class that nobody liked. We did it to show off, to take out our frustrated aggression, and to temporarily feel better than somebody else. It's called being a childish asshole and it isn't any different from a big kid beating up smaller kids because he hates his life and is desperate for any triumph, no matter how hateful it makes him feel.

By its very nature, software gets better when people push the boundries and tweak it. The person who writes code that leads to improvements in the most widely used operating system is not the same as the person who kills a bunch of people.

Bigger problems get more attention. The more people exploit a flaw, the bigger a problem it is. So yeah, if you go around making problems worse, they'll get patched faster. Childish, egocentric hackers use that logic to rationalize the havoc they cause. People with an honest desire to protect users act in a very different way. The difference is instructive.

Re:I hate it when people venerate/elevate scumbags

[Shakrai]

I can't find it.... where is it?

Re:I hate it when people venerate/elevate scumbags

[Grishnakh]

So if I buy a door that happens to have a lock with a flaw, it's the fault of the lock maker that my stuff gets stolen? Sorry, but no, the fault lies solely on the shoulders of the thief. Windows has many problems, but all the fault for exploiting it is on the malware authors.

I disagree.

If you buy a door that has a lock with a flaw, and the lock maker knows about this flaw and does nothing about it and continues to sell this same flawed model for many years, making billions of dollars of profit, while people like you keep getting your stuff stolen, there's two parties at fault: 1) the thieves, obviously, since they stole the stuff, and 2) the lock maker, because they sold you something they claimed to be secure and which would protect your stuff from thieves, but which really wasn't, and they knew about it.

When assigning blame for things like this, you have to look at the big picture. For a single instance of criminality, it's usually just the criminal's fault. But when the criminals keep using the same tricks over and over to commit their crimes, you have to look at what's enabling them. In the case of MS, they shoulder a lot of blame, because they, for decades, have put features ahead of security, even though they own the lion's share of the market and any security flaw has the most potential for damage because of that. Finally, because users have known about MS's crap and keep buying it, users also share part of the blame, for continuing to purchase MS's shoddy products, although this is mitigated partially because of MS's manipulation of the market to keep themselves in a position where it's difficult to get by without their product (for instance, because many important software products like AutoCAD only work in Windows).

Re:I hate it when people venerate/elevate scumbags

[fuckface]

Of course they're morally bankrupt. However they also play an important role in the ecosystem.

OMG, you're right! I'll be over in 20 minutes to smash all your windows. You know, to stimulate the economy!

All these tools are doing is saving M$ money on code audits and proper beta testing at the expense of EVERYONE else.

Re:I hate it when people venerate/elevate scumbags

[Thing+1]

Oh, the left, definitely the left.

Seriously

It would be a damn shame if something bad happened to this guy.

Re:Seriously

[fuzzyfuzzyfungus]

Do you think it would be more of a shame if he accidentally cut his throat while shaving, slipped and fell down three flights of stairs, or tripped and hit his head on a bullet?

You first, buddy

[Red+Flayer]

FTA:

In particular, things involving human interactions don't have to be perfect, because groups of humans have all these self-regulations built in. If you and I have an agreement and you screwed me over badly, you've always got in the back of your mind the nagging worry that I'm going to show up on your doorstep with a club and kill you.

Times change. In order for this to continue to be a factor, we need to make sure that occasionally, someone *does* show up on a doorstep and club someone over the head.

I suggest we start with people who have kidded themselves that the abusive software they've written does not make them a villain.

Re:You first, buddy

[Red+Flayer]

Let me guess... You liked playing whack-a-mole when you were a kid, right?

I grew up on a farm, where we did not have to dilute the whack-a-FOO experience with carnival games.

Juvenile groundhogs leaving the nest to dig their own burrow were frequent targets of a well-timed shovel strike.

Potentially-rabid raccoons, whether in the bottom of a 55-gallon drum, or in a wire mesh trap, proved no match for a well-placed pitchfork thrust.

Voracious, ridiculously fecund rabbits proved much easier to deal when their heads were separated from their bodies via garden hoe.

Pesky, time-wasting, crop-damaging field/woodland creatures QUIVERED before the mightiness of the farmer's kids.

It'd be a better world if malware writers trembled before the wrath of internet users.

Chilling

[bbbaldie]

I am now more convinced than ever that it is impossible to secure Windows.

Re:Chilling

[El+Lobo]

The same guy says in another interview in CNET that it would be pretty easy to find ways to implement the same in OSX (where they are actually experimenting) and in many Linux distros, but nobody pays a shit for that. They can get a lot of cash for pressing their brains to find exploits for hundred of millions of computers than what they would get to find exploits for some thousands in more exotic OSs. Easy like that. A so complex thing like a OS with millions of lines of code will necessarily ALWAYS have a couple of thousand possible holes, be it BeOS, MistOs, NetBSD os whatever. You only need the will (or the cash).

Re:Chilling

[steelfood]

In life, genetic diversity means the species has a better chance of survival. OS diversity, processor, and even instruction set diversity, is important for the same ends.

So it's not worth much to attack Linux or OSX or one of the BSD's. If all of these OS's including Windows had the same, 20% marketshare, perhaps it wouldn't be worth it to attack any of them. Or, it might actually be worth it to go for the low hanging fruit, namely, the easier-to-use OS's (OSX, Windows, and possibly a flavor of Linux). But the returns for the amount of work needed to attack 3 or 4 different OS's definitely wouldn't be as high, and the incentive for creating malware would be much less.

Demonize him now, but when the aliens invade...

[starglider29a]

...his skills to slide past security and override their computer systems may be the last hope of mankind.

Unless the aliens AREN'T running Windows.

Not a complete jerk

[steveha]

I'm seeing comments and tags using words like "scumbag". Well, I actually RTFA, and this guy doesn't seem to be a complete jerk.

According to him, the adware he wrote did not crack into your system using exploits, and when you ran the uninstaller it would go away and never come back. Also, according to him, it didn't scan for really personal information like credit card numbers.

I'm not about to start a fan club for him, but I don't hate him either.

I was interested in the technical stuff. His software would find other adware on a system and kick the other adware off; it was also designed to be very difficult for other adware to kick off.

The best single exchange in the interview:

S: In your professional opinion, how can people avoid adware?

M: Um, run UNIX.

steveha

The new battle ground

[girlintraining]

I think the Windows programming model is at fault for much of the obfusciation tactics used by malware. Entire classes of exploits have arisen due entirely to the complexities and obscurities of the interface. Modern anti-malware tactics have to monitor many different parts of the operating system, and in some cases due to architectural constraints the methods of doing so can make the entire operating system unstable. Not only that, but race conditions and the use of special trap conditions/exception handling can make safely disabling malware a frustrating experience. Even professionally designed applications can sometimes tank the Operating System. Trying disabling Symantec Anti-virus on an XP system without a reboot, for example, and then doing a reinstall of it remotely. In the field, I saw failure rates of about 6% for SAV10. On a hundred thousand systems, let's just say I was not happy on that deployment! Killing malware is even more risky.

Windows is layers upon layers of earlier APIs that cannot be removed due to "backwards compatibility" concerns. I have some limited exposure to the .NET framework, and it has perhaps a half-dozen APIs for threading, and the documentation is riddled with exposed interfaces that have the note "Do not use. Not safe. bullet in the brain pan squish" in it. Over a third of the API is already depreciated (as far as I can tell), and there is an ever-shifting set of best practices standards. I can only imagine the hell a proper programmer endures in developing truly complex applications for .NET -- all I was doing was a few WMI calls and a database interface and I still crashed the kernel many times trying to figure out what to trap -- in many cases, error handling is mostly about creating a catch-all and then trying to break your code to see what is generated and then guessing what to trap accordingly. With an interface this complicated and unstable, it will always be a cat and mouse game between the white and black hats on this architecture, a game predicated on undocumented interfaces, obscurity, and deep knowledge of layers of the operating system that interact in unpredictable ways.

Compare this to linux, where the interfaces haven't changed that much, and when they do, depreciated means "We're going to remove this in a year or so and we mean it." Open source has one huge advantage here -- if it's not maintained, it ceases to be relevant and there's no 20 year old code lurking about in an unused API long forgotten. At least not nearly to the degree Windows has it. If you ask me, Microsoft is complicit in allowing malware to exist because they are unwilling to modernize Windows. They need to start over from scratch on their codebase and have a good hard think about what those APIs and interfaces are going to look like and then stick to it. Or at the very least, they could start by documenting these interfaces and releasing some code so we can be more confident that our hooks into their black-boxed APIs won't tear the operating system's heart out...

Sadly, no.

[lucas_picador]

From the article:

In their licensing terms, the EULA people agree to, they would say "in addition, we get to install any other software we feel like putting on." Of course, nobody reads EULAs, so a lot of people agreed to that. If they had, say, 4 million machines, which was a pretty good sized adware network, they would just go up to every other adware distributor and say "Hey! I've got 4 million machines. Do you want to pay 20 cents a machine? I'll put you on all of them." At the time there was basically no law around this. EULAs were recognized as contracts and all, so that's pretty much how distribution happened.

Um, no. Unconscionability is a pretty ancient principle of contract law. People joke about signing away their first-born child in an unread EULA, but they understand that it's a joke: that term would never be enforced by a court, because allowing contracts of adhesion (like EULAs) signed by non-lawyers in casual circumstances to extract those kinds of concessions from the parties would result in the complete breakdown of society.

So when this guy (and his bosses) talk about how there was "no law around this", they're not fooling anyone, least of all themselves. If I buy a bus ticket and on the back there's some fine print stating that by riding the bus I've agreed to let the driver break into my house and take anything he wants, guess where the bus driver ends up if he tried to exercise his contractual "rights"? In prison. Which is where this guy belongs.

Why Windows Registry is a bad idea

[whoever57]

From the interview:

We did create unwritable registry keys and file names, by exploiting an "impedance mismatch" between the Win32 API and the NT API. Windows, ever since XP, is fundamentally built on top of the NT kernel. NT is fundamentally a Unicode system, so all the strings internally are 16-bit counter Unicode. The Win32 API is fundamentally Ascii. There are strings that you can express in 16-bit counted Unicode that you can't express in ASCII. Most notably, you can have things with a Null in the middle of it.

That meant that we could, for instance, write a Registry key that had a Null in the middle of it. Since the user interface is based on the Win32 API, people would be able to see the key, but they wouldn't be able to interact with it because when they asked for the key by name, they would be asking for the Null-terminated one. Because of that, we were able to make registry keys that were invisible or immutable to anyone using the Win32 API. Interestingly enough, this was not only all civilians and pretty much all of our competitors, but even most of the antivirus people.

Re:Why Windows Registry is a bad idea

[Johnno74]

The differences in the way the NT api and Win32 api handle registry strings has been very well documented by Mark Russinovich and others.

Rootkit Revealer (written by mark) uses this difference to try and detect rootkits - read the registry using both APIs, and see what comes back different.

Hence Rootkit Revealer would put a huge flashing neon sign above malware that uses this technique

Yes, he is a jerk

[sirwired]

To get that oh-so-useful uninstaller you had to go to a website, answer a survey, and only then could you download it. If they genuinely wanted to make it easy, they would have put it in Add/Remove Programs, and stuck their survey in there.

I don't know about you, but after getting sketchy software on my machine, the LAST thing I want to do is go to some random website and download even MORE crap. I wouldn't trust that download one bit.

And the bit about "it was also designed to be very difficult for other adware to kick off" is complete hand-waving B.S. It was designed to be very difficult for anti-virus packages and anti-spyware packages too. In fact, anti-malware packages were probably the primary target of the persistence code.

And their distributors were complete scum that Direct Revenue did very little to police. Yeah, they suspended any that were complained about (if the hapless users even had any clue how they got the software), but those rogue distributors would just sign up under a new name.

I can't believe he thought this job was a "net positive" simply because he wiped out the other guys' malware more than he installed. That just means he is a very sneaky coder... That's like a embezzeling salesman saying he was a "net positive" because he generated more profits than he stole. It may be true, but it doesn't make him any less of a scumbag.

SirWired

there are comments here threatening violence

[circletimessquare]

so let's educate some of you:

we capture someone like frank abagnale, and we go all sharia law on him, as a lot of you propose, and leave him as a bloody stump

then what?

well, there are other frank abagnales out there. how do we detect them and capture them? well, the frank abagnale you just beat to a pulp: he would have made a good tool to do that, ya think?

luckily, in real life, this is exactly what the feds and the banks did. in real life, you capture and use highly intelligent crooks to... drum roll please... capture more highly intelligent crooks. get it?

law enforcement is hard grinding work, it doesn't happen like "death wish" or "dirty harry". i know in some of your justice league of america fantasy lives, delivering justice with a fist and a gun is the way to go. but we'd like to talk about reality, ok?

so to review:

1. we can have justice your way, and beat adware authors to a pulp, or
2. we can have smart justice, and listen carefully to mr. adware author's words, and use those words to catch more adware authors

get it? see the difference? do you want to pursue justice? or do you want to beat people up?

these are mutually exclusive activities, despite your dimwitted fantasy lives

now go crawl back under your rocks mouth breathers. nobody who is actually going to catch and punish cybercriminals in this world is going to think like you do

even the most vile amoral serial killer is useful to keep alive and listen to. simply for matters of brain analysis and psychological study. or, we could put a bullet in his head, scrambling the abnormal brains, and having nothing useful to catch more vile amoral serial killers

dumb violent justice leaves a dumb violent society that knows nothing about the smart and truly vicious criminals in their midst

smart justice is about studying smart criminals, and using them against each other

The Ethics of CoreWars

[ewhac]

My initial gut reaction was to denounce this guy as a $SCOUNDREL (substitute your preferred profane term). But a little voice told me to go read the article, and now I'm not as sure as I was previously.

Just for fun, consider the following actions a Unitary Programmer might do to your machine. Where would you rate them on the $SCOUNDREL scale, and why?

• Deletes viruses from your machine.
• Deletes competing adware from your machine.
• Rebuffs attempts by competing viruses and adware to be deleted.
• Reconfigures IE to be more secure.
• Reconfigures Outlook to send plaintext only, fixed-width font, no top-posting, do not load or display remote images.
• Disables using MSWord as an email editor.
• Deletes IE; replaces it with Firefox, preserving all your bookmarks.
• Deletes Outlook; replaces it with Thunderbird, converting all your mail archives.
• Deletes all BitTorrent clients; replaces it with a RIAA/MPAA/FBI warning.
• Deletes the scary warning about installing device drivers not digitally signed by Microsoft.
• Converts HDCP to a system security setting, and flags all unprivileged applications that attempt to mess with it.
• Deletes Windows; replaces it with Linux+Wine.
• Deletes Windows; replaces it with Linux+KDE, with a message on the desktop reading, "Learn to use a real computer, kid..."

Playing "CoreWars" is tricky business, and people with even a dim sense of ethics are loathe to try it. But there's one case where none of the above actions are ethically questionable: When the machine's owner does it themselves.

I think the adware author lost sight of that for a while...

Schwab

or the cops still on the force...

[SuperBanana]

Im pretty sure that the majority of cops that became criminals were the hardest to catch. They know all the tricks and what other cops/detectives will be looking for.

What about those that use color of law? It's not terribly surprising that the FBI only receives about 200 complaints of color-of-law, and doesn't investigate, much less prosecute, a single one.

Simply being a police officer offers enormous immunity from the general public accusing you of crimes, and further means that most of your fellow officers won't "rat" on you (instead of being disgusted at your behavior and bringing disrepute to the supposed "profession.")

Yes, law

[Wrexs0ul]

Lol, the only "other" profession where it can take 4 million lines of code and a dozen libraries to effectively state "Hello World".

-Matt

"Ecosystem"???

[DesScorp]

Of course they're morally bankrupt. However they also play an important role in the ecosystem.

What? How in the hell are malware writers an "important part of the ecosystem"?

This is the Internet, not Wild Kingdom. In nature, real virus infections do indeed serve a natural purpose. On a computer, it serves nothing but the ends of assholes and criminals. There's no justification... none whatsoever... for what these guys do. And don't give me that farcical security argument, either. They're not doing the world any favors by violating other people's computers.