Lions and Tigers, Oh My!

On many programming sites such as CodeProject there are articles posted on root kits, viruses, windows message spying, and keylogging. The reaction whenever these sorts of articles appear usually begins with site members asking "Do we really want this kind of article here?" and ends with ... nothing. Nothing in the sense that nothing more is said, and nothing is done. My reactions follow the same lines - wondering if the article will incite otherwise kindly programmers to flood the internet with every kind of abhorrent malware, wondering if the mere posting of the article will brand the site as a programming cesspool, its members stained forever.

I usually realize fairly quickly that the suspect article is only a shadow of the kinds of information available on some web sites, about how to actually write and distribute malware. I have never seen any of these articles talk about techniques that weren't discussed in great detail elsewhere. The article author's intentions also need to be considered - usually it's something like, "I got this virus, and I wanted to know how it infected my PC, so I dug into it a little and this is what I found".

I find this perfectly normal behavior, since I do it myself all the time. Programmers are curious, and want to share what they discover with other programmers. And there are many things to learn from studying and understanding malware:

• How to detect the presence of malware on a PC
• How to remove malware
• System internals that may be useful in writing other software
• Coding techniques - malware probably uses the most minimalist and efficient algorithms of any software, including game programming

So do I have a problem with these types of articles being posted? Usually, no. The only problem I would have is if the article obviously advocated creating and distributing malware (for whatever reason). Otherwise, I enjoy reading about the clever programming techniques that malware uses, and thinking about how to use these techniques myself.