PC World, Malcon, and Our Industry’s Flawed Logic

Posted by in Analysis on Aug 31, 2010

Malcon: the malware authorship industry conference.  You’ve heard about it here, you’ve heard about it on anti-virus rants, and now you’ve heard about it on PC World.

As you might be able to tell from the title of their article (“Malware Convention — Not a Good Idea”), that PC World…  well, they don’t think it’s a good idea.

They quote Grimes who says the following:

No good can come from the conference…  There have been similar projects before: virus coding books (plenty of them), dozens of malware ezines, etc., and none add to the good side of the equation…”

Pretty strong words.  I’d be on board with that as I stated the other day, but something about the logic of all this doesn’t sit right with me.  And the more I pick at it, the more it bothers me. Expressed as a syllogism:

  • Major premise:  All conferences that provide details on how to create malware are a “bad idea”
  • Minor premise:  Malcon is a conference that provides details on how to create malware
  • Conclusion: Malcon is a “bad idea”

And then:

  • Major premise:  All conferences that provide details on how to create malware are a “bad idea”
  • Minor premise:  Blackhat/Defcon provide details on how to build malware (e.g. the Invisible Things Blue Pill presented at Defcon 2006; stated goal, “creating 100% undetectable malware”)
  • Conclusion:  Blackhat/Defcon is a “bad idea”.

But it clearly isn’t – at least most of us don’t think so.  As PC World points in their first paragraph, Blackhat/Defcon is a “reputable venue” in the security community.  And I keep getting boxed in by the logic.  Either the major premise is false and Blackhat is reputable (i.e., not a “bad idea”), or the major premise is true and Blackhat is not reputable  (a “bad idea”)… in exactly the same way as Malcon is.

Now, I know this is not going to be a popular position…  But I’m not willing to give up the ghost on Blackhat.  I like Blackhat.  I’ve been going to Defcon for over a decade.  So I don’t think that it’s a bad idea.  I think historical precedent has given those conferences respectability… which it probably wouldn’t have if it started today.

So by virtue of the fact that my brain can’t handle the cognitive dissonance associated with defying the logic, I’m going to put the stake in the ground that MalCon is OK.  Or, at least, not “bad” based solely on the single criteria that they’re discussing details about how to create malware.  Maybe somebody else is willing to throw some hate Blackhat’s direction and say it’s not a good idea either… but saying one is OK and one isn’t?  I’d advocate that if you’re going to come out against one, you should stop attending the other.

Search
  • digigeek2004

    Bravo!!! Dude u are good.. I like your logical approach.. you are right..

  • R00t3r

    Have gone through the malcon website and found it interesting . Looking forward for such events to encourage research on malware coding and analysis. This will help in to improve the current malware analysis model and thus will be helpful to security world.

  • http://www.emergentchaos.com Adam

    Alternate major premise: All conferences that have no purpose except to provide details on how to create malware are a “bad idea.”

    Note that I’m not taking a side, simply suggesting an alternate analysis path.

  • http://www.securitycurve.com Ed

    Interesting thought… I can’t get enough from their website to know whether they have another purpose or not. So the content of MalCon (i.e. whether or not they have another purpose other than to provide details on creating malware) would make it bad/not-bad.

  • Pingback: Introducing the “Malware Conference for Global Evil (and Mass Effect 2)” | SecurityCurve

  • Pingback: SecurityCurve – Introducing the “Malware Conference for Global Evil (and Mass Effect 2)” | MalCon

TwitterRssFacebook