i await response yes/no, and reason why yes, and why no.

WARNING: this is not democratic vote, smart reasoning and prominent members' opinions count

No, since I prefer to know what can be done to be prepered to such attacks instead of just ignoring them. I think that instead of banning is better to motivate members to produce anti malware code so all of us can learn both, the malware and how to protect us against it.

BTW, if you need more feedback about this then remember the discusion about the "timid virus" (it was splitted into two threads to separate the discusion about publishing virus code and the anti timid code).

well said Loco

While you're deciding, here's a link for you Vid

http://www.rootkit.com/

Encryption, antivirus (virus detecting or cleaning), self-modifying code, compression, EXE packers, reverse engineering (when permitted), TSRs, device drivers, studying OSes, low-level hardware access (VGA registers, partitions, fixed/removable drives) are probably okay.

Anything that suggests using someone's hardware/software in a hidden manner without permission, usually for malicious or useless/non-beneficial reasons, should probably be strongly avoided (for legal and moral reasons). Easter eggs are cool, though.

Security by obscurity never works. It is always best to talk about the various exploits openly. That way, more people can protect themselves better and faster. Knowledge is power.

Indeed the more open the better. This is for two main reasons. 1) the more widespread things are known the the more opportunity for the OS/AV vendors have to update their code quicker. 2) by knowing about the problems early we can test our code/system to see if we are affected.

That being said, I must emphasize that I am only considering the discussion of the topics and the tricks that are used. If a thread starts getting to the point where a serious piece of code is being posted that has massive negative potential, then the moderators will still need to step in. Discression, as always, will be needed.

An outright ban would be too restrictive and would fail to recognise the positive benefits of full disclosure. On the other hand, an outright promotion of virus related thread would also mostly not be in the best interest. But I am sure we can lean towards the side of openness and still manage to realise the positive things without adversly increasing anything negatively.

Just my opinion, hope it helps.

[OFFTOPIC]
revolution: no security ever worked 100%. security by obscurity works pretty well. see MazeGen's presentation from FASM tech discussion, obfuscation of StrLen function

i think an open and free wheeling discussion is best. banning malware writers is counterproductive. there is much to be learned from their discussion.
that said, i think we need to refrain from "helping" script kiddies write malware they are incapable of themselves. i also think blatant malware source code on the board may not be wise.

[off topic @vid] - i'll append MazeGen's discussion on strlen function to the video this evening (i'm at work now). i made an error in omitting that portion of his talk. btw - i hope to have your talk on fasmlib up this weekend.

I think we should not ban discussion about such topics. Only the ready solutions (source code or binary) should be deleted as fast as possible.

Ban? Probably not.

But question their motives and poke them in the eyes with a sharp stick if their attitude is too lame, yes. One thing is people dealing with malware analysis - it can be hard telling whether they're doing this for good or bad. But once their attitude tells them off as a fucking little no-good scriptkiddie out to destroy the world, tear them apart.

Don't forget, most of us Win32 peeps have to continually update our antivirus definitions and run a daily scan just in case someone somewhere comes up with something (e.g., a Word macro, go figure) that might cause lots of grief. In fact, mine's running right now (and slowing down the system quite a bit too).

Obviously, encryption and self-modifying code shouldn't be banned. In fact, I'd bet that a hobby OS writing to your hard drive is more dangerous that some viruses (e.g., AntiGUS, more of a nuisance really, just wastes space). So, yes, in case it wasn't obvious, I voted neither for banning or not banning since it depends on the context. But, yeah, I personally find no use in viruses AT ALL (okay, well, I downloaded a .BAT virus recently because I like .BAT files and would appreciate some nifty tips, but otherwise nah ... so I guess you can technically learn from them for good). Don't give in to the dark side, young padawan!

I vote for 'no banning'.

I vote for "no banning".
I think there's a lot to learn from malware coders. I myself have learned a lot from viruses, worms, trojans. Most assembly I know I've learned from VX zines.

I just think we can advice malware coders to use the knowledge for good things and not for damaging or affecting people's privacy. But banning is not the way to go.

I think every knowledge is good if used for good purposes. Studying a virus is very good to learn low-level skills and also knowing how to protect your own computer.

You know: It's better to read a virus source and learn from it and learn about security than ban everything related to it and then when a real compiled virus come to the computer not be be able to protect against it.

I know lots of malware coders that are good people. They use their creations just to learn and share security problems. It's better to know about security problems in released source-code form than in already compiled hidden code (that you got from unknown coder) already executing on the machine.

Think about it.

I vote no banning --USUALLY-- if they are talking about giving it to people or launching it to spread on networks then it might should be more than banning(course theirs really no international internet cops though so..)

I always think about how virus's work because I am an OS dever and want my OS to be secure at the kernel level

some reasoning to my earlier vote, I like coding Remote Administration Tools which are usually count as malware, and I've learned alot from it.
I spent nearly 3weeks arrested at police station last summer, due coding malware(ircbot) and sharing it with my friend who decided to use it, anyway my point is, the code doesnt hurt anyone, it's the lame kiddies with bad intentions.

ofc anyone who has clear intent of causing harm should be banned.

Since this has been discussed a lot recently then I have this for the thread: BUMP

Well, it was about banning, lets talk about what should we do without banning anyone.

My opinion remains the same as my old post above, BUT, I think that people that miss-use fasm in a way that it looks like a very bad assembler (for the people that had read the malware author's code without reading the fasm's manual), should not be helped much. I really hate the people that thinks that writing malware is some kind of long-penis certificate or even an Assembly wizard "degree". Also, code written in a way that is better read when you pass it through IDAPro freeware version without any user interaction and/or scripts reach the maximum stupidity. It is the binary that must be obfuscated, not the source code! Jesus, is it hard to understand that!! Especially when people come here for help and post this type of code without describing much about the problem so you have to check everything, if the import table is correctly made, if stack variables/arguments are correctly accessed, if the magic numbers represent the correct constants, etc, etc, etc.

Well, that was the reason for why I don't like to provide help to this kind of things, because it confuses newcomers and waste people's time for nothing (because after all, all the malware discussed here is already available but still it is easy to ask here and expect other people write the code to later pseudo-obfuscate it and not give credits for the help to anyone).

I'm feel better now, thanks for reading

PS: Something more: LEARN ASSEMBLY FIRST AND WRITE MALWARE LATER!!!

Don't write malware at all.

Analyzing malware can be a valuable skill, and knowing how exploits, trojans and viruses behave is necessary in order to defeat them. But I have absolutely zero respect for people that obviously don't have good intentions (well, some blackhats do conduct valuable research, even if I don't respect misusing that research).

All this being said, sometimes the little scriptkiddies grow up and turn into productive programmers. But it usually takes a good beating and not helping them writing malware.

malware are easyer to write using C, VB or C++ i think.
assembly is not high level
malware are mostlly high level.

erase a part of a file.
corrupt datas.
corrupt a data transmittion.

acting on low level hardware, but the malware itself is very hard to write using asm. too much instructions.

You don't really know what malware is about, do you edfed?

LocoDelAssembly, I feel your most recent comment has more to do with communication than malware. People that wish to have a problem solved and present a very complex listing: like if I posted Maxwell's equations without explaining what the variables represent. Abstractions should be used to document assembly and when absent the code should be documented sufficiently.

To shortcut and just post a long disassembly is to reduce the audience being addressed -- often to NIL! In the past I just assumed people posting as such just aren't interested in a response from me. There are areas of research at the fringe with a very small audience and I'm okay with that. For example, I optimize for size in a joking manner (stick penis analogy here ).

I haven't been present enough to be aware of the malware content / discussion, of late. I am in favor of anything which simulates dialog. Let us not make malware posts themselves a weapon against discussion, but rather a filter against given (rote) solutions. The ambiguity itself does this to some extent and in the extreme becomes absurd.