Virus Exchange (Poll)

[Cowpipe]

In light of some suggestions from members and my own thoughts, I was wondering what the general feeling on the Virus Exchange is. Specifically should it stay open access or should it be restricted to members who demonstrate a minimum level of technical knowledge (analysis wise)?

The proposition in short: Yes or No - Allow all members to upload samples but only allow approved members with a minimum level of analysis knowledge to download samples from the Virus Exchange.

Here are some pros and cons:

Pros:
* Far less likely members will infect themselves as only those who have a demonstrated knowledge, including how to set up a secure analysis environment and how to analyse samples safely would be allowed to download samples.

* Submitting samples to AVs may be more organised as less people will be competing to submit a pack.

* Less chance that a sample pack will end up being reposted on another forum as we will be able to see exactly who has downloaded the pack and thus we can narrow down the search.

Cons:
* Less people may be willing to contribute samples

* There may be less people to process the samples (SUD)

Just wanting to gauge peoples thoughts on this and feel free to discuss

 

[Jaspion]

I think restriction like that would be too much, but perhaps a compromise could be optimal. I agree this section could improve with a bit more control.

I think a download counter showing which members downloaded each pack could be useful to track who accessed those files. I think there should be clearly laid out rules dictating posting etiquette (never submit twice, post "will SUD to..." in the thread to let others know you will submit to a certain vendor, then finish submitting as quickly as possible and edit your post to let others know, plus add whatever information you gathered, etc), and people who are caught doing double submissions or reposting packs without authorization or credit, etc, should be banned (maybe not from the forum, but) at least from the Virus Exchange.

 

[MikeV]

It is better to warn users about possible infection, so if they still want to proceed, then it will be their fault.
It is better to stay public because:
1) Many people will have the opportunity to see which product can do better in detection so they can make up their mind and decide which product is best for them.
2) They will have the opportunity to see which vendor response faster after the submission of the files
3) They will read comments from high experienced members so they will have a better view of a product overall.

I personally learn a lot from these tests and i had the opportunity to see how my product react in realtime (scanning only,no execution)
If the administrator finally decide to make this section private, i suggest not to make it only available for few members, but at least to give access to active members of the forum (not new members) members who post, answer, comment & suggest thinks ( i think this will prevent ''new'' members from spying and get the packs to post them in other forums etc....) IF they exist now or in the future.

Of course this is only my personal opinion, and to be honest i would like to participate to these tests.

Thank you

 

[illumination]

You know where i stand at with this, but to be clear, it is a responsibility. Not only can members without the knowledge to be handling these types of responsibility harm themselves, but they can harm others here, and on their own networks, and any other place they visit..

Since this is a security forum, it would be wise to place restrictions against allowing this type of potential to take place.

 

[Cowpipe]

It is better to warn users about possible infection, so if they still want to proceed, then it will be their fault.
It is better to stay public because................

I think you might have misunderstood (correct me if I'm wrong), I was talking about just making the downloads restricted. So everyone will still be able to see the thread, the detection results as normal, but only a limited selection will have access to the physical malware samples

@illumination These are my exact thoughts as well

 

[Guest28]

I say a special board group of approved members would be pretty sweet.

 

[MikeV]

I think you might have misunderstood (correct me if I'm wrong), I was talking about just making the downloads restricted. So everyone will still be able to see the thread, the detection results as normal, but only a limited selection will have access to the physical malware samples

@illumination These are my exact thoughts as well

Then it's my fault, i apologize.
I agree with you. But i hope the downloads not to be too much restricted....

 

[XhenEd]

I think you might have misunderstood (correct me if I'm wrong), I was talking about just making the downloads restricted. So everyone will still be able to see the thread, the detection results as normal, but only a limited selection will have access to the physical malware samples

I was about to ask the question about the meaning of "open access". Thanks for clarifying it!

 

[WinXPert]

Comparing it with EMSISoft forum, only employees have access to malware samples and their forum private For Mbam, only those with higher reps or rankings (forgot the exact term they use) are allowed to download.

About the downloaded samples handled by a noobie

1. If the user downloads it only to scan and not execute, there is a lesser chance of infection.
2. They should be aware that execution of samples must be on a controlled virtual environment (Deep Freeze, Shadow Defender, Sandboxie, Quietzone, etc) and provided that all safety precautions are in place.
3. Not all are experts in handling live malware, and a noobie can inadvertent infect his USB drive and thus infect other not so well protected system. Or infect the entire network.

I learn the behavior of malwares by executing it live (or sometimes with Sandboxie), where it hides, how it starts with windows, some of its effects like damage to registries and disabling this and that

If the administrator finally decide to make this section private, i suggest not to make it only available for few members, but at least to give access to active members of the forum (not new members) members who post, answer, comment & suggest thinks ( i think this will prevent ''new'' members from spying and get the packs to post them in other forums etc....) IF they exist now or in the future.

I agree with this one

 

[FreddyFreeloader]

Always remember to be safe and post your packs with: hxxp, or hxxps.

 

[juhful]

It should be open to anyone with a disclaimer explaining the risks. Who can know how much knowledge someone has? Who would make the decision on who can and who can't download samples? What if someone wants to start testing and think they are ready to do so? Someone is going to tell them no? Just my thoughts

 

[Kate_L]

I say a special board group of approved members would be pretty sweet.

I think the same

 

[Cowpipe]

It should be open to anyone with a disclaimer explaining the risks. Who can know how much knowledge someone has? Who would make the decision on who can and who can't download samples? What if someone wants to start testing and think they are ready to do so? Someone is going to tell them no? Just my thoughts

Some very good points there, the idea solution is somewhere in the middle. A way to keep members safe by ensuring they are fully prepared for the risks and know how to handle them.

Maybe one way around the problem would be for users to be "approved" for the section by having their testing configuration checked over by a senior member (who is knowledgeable about testing). So we would take note of what sandbox or VM software their using, what their settings are etc, and we could see if they are at any risk. If they don't get the configuration right, some friendly guidance can help them.

Just an idea.

 

[juhful]

Some very good points there, the idea solution is somewhere in the middle. A way to keep members safe by ensuring they are fully prepared for the risks and know how to handle them.

Maybe one way around the problem would be for users to be "approved" for the section by having their testing configuration checked over by a senior member (who is knowledgeable about testing). So we would take note of what sandbox or VM software their using, what their settings are etc, and we could see if they are at any risk. If they don't get the configuration right, some friendly guidance can help them.

Just an idea.

If people are willing to put in the time I think that is a great idea.

 

[Cowpipe]

If people are willing to put in the time I think that is a great idea.

I wouldn't mind doing it, I have enough free time and patience

 

[MikeV]

It should be open to anyone with a disclaimer explaining the risks. Who can know how much knowledge someone has? Who would make the decision on who can and who can't download samples? What if someone wants to start testing and think they are ready to do so? Someone is going to tell them no? Just my thoughts

+1 to this

 

[Mateotis]

What would qualify you as an "approved member" though?

 

[Cowpipe]

What would qualify you as an "approved member" though?

What would qualify me, or someone in general?

 

[Mateotis]

What would qualify me, or someone in general?

The latter.

 

[Malware1]

Comparing it with EMSISoft forum, only employees have access to malware samples and their forum private For Mbam, only those with higher reps or rankings (forgot the exact term they use) are allowed to download.

malware hunters, I have access there too