Chewing Tech Cud Since 1984

Laboratory Malware

Image

Researcher Details Apparent Ease of Developing OS X Attacks: Apple Mac Attacks Trivial, Claims Security Researcher
_________
A reaction to this article:

I really have to wonder about the behind-the-scenes politics of people and organizations that create previously non-existent malware. On the surface I get it, but it seems dubious that a person or group that creates mechanisms that break the average desktop or handheld computer have only altruistic motivations. Here are three things I always wonder about when I read these reports:


1. What happens when this person’s or group’s admiration for the computing system they portend to love wanes?

2. How long does it take for that love to wane in light of the admitted lack of appreciation that comes from the manufacturer/developer?

3. Whether or not there is or was any real admiration by the malware creator, what would it take to buy that particular creator’s particular creation?

4. Finally – I see no regulation or oversight of any kind for this practice.


Certainly germ warfare development [bio-germs] takes place, but it is somewhat regulated by the realization of the people doing the hands-on development, of just how really dangerous what they’re working with is. I would also argue that, whatever of this kind of thing goes on in the USA is watched very closely, even if it is not strictly regulated, (and I’m not saying it’s not – I don’t know if it is or not). Why would it be closely watched? For two reasons:

1. To keep it secret.
2. Because it’s dangerous to all concerned, therefore no risks can afford to be taken.

Now back to the malware lab where it seems to me that this kind of thing is carried out with no oversight of any kind, and if this thing shows up in the wild 12-24 months from now this person will have no culpability except, “I told you so”.

Sorry, but I don’t believe this practice should be geek fodder, because there is a lot at stake – potentially, even human life – since computers are so indelible to our existence now. The more I contemplate this the more I believe this practice needs to be reigned in – there needs to be official oversight. It’s really too bad that giant companies like Microsoft and Apple, and Google, and all the rest, don’t do this all in-house – with government oversight. Software development has too long enjoyed the luxury of getting us to completely depend on products that take absolutely no responsibility for outcomes or losses due to the product’s shortcomings.



_________
_________
Just Thinking ... And, Sharing.
Yours very truly.