NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY 10/14/04 Today's focus: Publishing functional viral code
Dear [EMAIL PROTECTED], In this issue: * Is it ever a good idea to publish code that could be used to ��create a virus? * Links related to Security * Featured reader resource _______________________________________________________________ This newsletter is sponsored by Veritas Meta Group Whitepaper Database Infrastructure Performance Challenges: Approaches to Better Manage Application Database and Storage Subsystem Performance Corporate relational databases now manage the majority of business-critical data within the enterprise. IT organizations face continuing challenges in managing increasingly complex, data-driven application environments. Read this white paper to discover several factors which will converge to challenge the IT organization's ability to manage its database software infrastructure. http://www.fattail.com/redir/redirect.asp?CID=84693 _______________________________________________________________ SECURITY CONCERNS STOPPING YOUR WLAN PLANS? Is it possible to deploy a secure wireless LAN with technology available today? That question preys on the minds of IT executives who are tempted to deploy enterprise WLANs, but are hesitant because of security concerns. Find out what we uncovered when we assembled 23 wireless products trying to get to the answer. Click here: http://www.fattail.com/redir/redirect.asp?CID=84755 _______________________________________________________________ Today's focus: Publishing functional viral code By M. E. Kabay Should laws be applied to disseminating functional virus code? A January 1993 discussion in the NCSA (National Computer Security Association, later ICSA and then TruSecure) section on the CompuServe network (for which I was Chief Sysop for several years) considered the issue of forbidding publication of functional viral code. Participants drew parallels between writing down viral code and writing down instructions on creating harmful devices such as bombs. The slippery-slope argument was invoked by one prominent member of the anti-virus community, who said: "My concern is that if we can justify the suppression of information as 'undesirable' or 'potentially dangerous' is it that much further a jump to... suppression of other 'information?'" Some people have suggested that publishing functional viral code is useful and necessary because everyone should understand how viruses work to be able to combat them. I disagree. No one has explained why it is useful for users and programmers to have access to detailed, working code. Generalized descriptions are fine; even fragments of code may be justifiable. But I draw the line at publishing functional code that can be typed into an assembler or a debug facility and create a working virus. People who build anti-virus products need the code but can get it through private, controlled channels. People who build computer system hardware and want to devise better anti-virus traps can also use real viruses obtained through controlled channels. So can operating-system gurus. Computer scientists and anti-virus product developers wishing to publish research on specific features of viruses can share their knowledge constructively by printing portions of the code in question without making the entire functional virus available to all and sundry. As long as what is disseminated does not work if entered directly as printed or transmitted, I see no problem. But public, unrestricted dissemination of functional viral code to, say, disturbed 15-year-olds intent on causing havoc is unnecessary and harmful and ought to be punished in the same way we place pre-emptive restrictions on other potentially harmful acts. More in the third part of this rant. _______________________________________________________________ To contact: M. E. Kabay M. E. Kabay, Ph.D., CISSP, is Associate Professor in the Division of Business and Management at Norwich University in Northfield, Vt. Mich can be reached by e-mail <mailto:[EMAIL PROTECTED]> and his Web site <http://www2.norwich.edu/mkabay/index.htm>. A Master's degree in the management of information assurance in 18 months of study online from a real university - see <http://www3.norwich.edu/msia> _______________________________________________________________ This newsletter is sponsored by Veritas Meta Group Whitepaper Database Infrastructure Performance Challenges: Approaches to Better Manage Application Database and Storage Subsystem Performance Corporate relational databases now manage the majority of business-critical data within the enterprise. IT organizations face continuing challenges in managing increasingly complex, data-driven application environments. Read this white paper to discover several factors which will converge to challenge the IT organization's ability to manage its database software infrastructure. http://www.fattail.com/redir/redirect.asp?CID=84693 _______________________________________________________________ ARCHIVE LINKS Archive of the Security newsletter: http://www.nwfusion.com/newsletters/sec/index.html Breaking security news: http://www.nwfusion.com/topics/security.html _______________________________________________________________ FEATURED READER RESOURCE CHECK OUT NW FUSION'S WHITE PAPER LIBRARY Visit Today: NW Fusion's White Paper Library with new features and improved capabilities! Sort NW Fusion's library of white papers by Date and Vendor, view white papers by TECHNCIAL CATEGORY, mouse over white paper descriptions and take advantage of our IMPROVED white paper search engine. CLICK HERE: <http://www.nwfusion.com/vendorview/whitepapers.html> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
