Thursday, January 19, 2012

CPE: McAfee AudioParasitic: Episode 8: teaching Malware authoring part 1/2

length: 00:19:51

discussion about ethic issue with Karthik Raman and Craig Schmugar

there will be a class to tech malware writing, under the auspice to become security researcher…

Karthik: Many people have gut reaction –but actually require more nuance, se should look this more carefully

Dave: they shall not write malware

Craig: In pratical way malware writing will not help to become better security researcher…

This course has been offer for educational purpose only…

The AV industry has been plague with conspiracy theory that AV companies write their own virus… result: they shall not hire anybody who has written a piece of malicious code…

Today is totally different than 15 days ago –there is a huge amount of malicious source code, no need to hold malware writing course – it is better to analyze the source code data readily available…

Military use war games to practice
Virus disassembly, law, ethic  must be taught

Economics study capitalism and socialism…

Depend on how much other thing are emphasized, beside writing itself..,.
  You don’t write your own bullet to test the vest…

AV companies use: clean set- non malicious samples created internally to test some AV functionality such as terminating process.

Even if the intention is good, incident can happen….
Learning from Univ can be a safer option that learning from the wild

Ironic teaching limited number of malware while there is HUGE amount available source code

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home