What part of helping MALWare is good?!

[Xairbusdriver]

An obviously intelligent Austrian lad has been working for a security software firm for a few months. He has recently set up a web site showing how malware 'authors' can circumnavigate the many ways these types of companies and their software monitor for their activity.

QUOTE("Washington Post")

For his part, Kleissner denied he has somehow turned to "the dark side."

"I have done lots and lots of research and helped other anti-virus vendors, and I'm always open for anything," he said. "I won't make a difference between black hats and A[nti]V[irus] companies. To me it's not good or bad, it's just technology."

Ah, the naiveté of youth...
<Full article here.>

[tacit]

In a sense, I get where he's coming from. By providing this information, he is actually helping AV people to fix weaknesses in their software.

"Security through obscurity" doesn't work; if he can find these weaknesses, so can others. By shining a public light on the vulnerabilities rather than keeping them in the dark, he can actually help make the situation better.

However, having said that...most white-hat security people will at least notify the AV vendors of weaknesses a month or so before they publish the weaknesses publicly, so as to give people time to fix those weaknesses. By not doing that, I think he's making a mistake.

[Xairbusdriver]

QUOTE

By providing this information, he is actually helping AV people to fix weaknesses in their software.

The problem with that is that he was already working (and I assume being paid by) a security software company. One wonders if he found he could make a higher income by 'working' with different people. Other than that, I think it is just immaturity. Younger people tend to be more idealistic and naive about real-world behaviors/activities. That's not necessarily bad, but it can lead to mistakes. The hope is that we learn from our mistakes and don't hurt other innocent people.