Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

CARO's Undisclosed Meeting Agenda

ARiSToTLE
Nuke Info Journal [7]
August 1993

1
[Back to index] [Comments]

By now, most of us have seen this particular document and have either accepted it as factual or shrugged it off as a hoax. Regardless of your viewpoint, there are still a few items of interest, and their implications, that I wanted to address. Initially, I wanted to do this wonderful spill on the legal aspects of cartels and collusion, but since this particular item cannot be substantiated as being 100% legitimate, I prefer to avoid any possible legal responses that may be incurred by doing so. I will therefore attempt to define some of the more relevant issues and let you be the judge.

The New American Dictionary defines the cartel as: "A monopolistic combination of independent business enterprises."

The same dictionary defines collusion as: "A secret agreement for a deceitful or fraudulent purpose."

Let's first look at a few statements from this "alleged" agenda.

3. Membership categories - I'd like to formally propose three categories - weeders, disassemblers, and advisory. Advisories don't want, or get, the viruses. Disassemblers have to do CARObase entries. For weeders, see below. It means we modify Vcircle, and we don't give the password to the advisories (e.g. Yisrael R., Ken van Wyck, etc..)

The third motion in this agenda makes reference to the word "MEMBERSHIP." Although this does yet imply any businesses or transactions, we can safely assume that CARO is indeed a structured organization.

4. Consideration of new applicants.

In item 4. we can now assume my claim of CARO being a "STRUCTURED" organizations correct due to the reference of "FORMALLY APPLIED."

7. Proposed action against organised virus writing groups - working group to be formed, I suggest, with 2/3 US members (Glenn, Joe, Ross?), 1/2 Euros. It's mostly a US problem, now that ARCV have gone :-).

We should set up a Murky Database (Handles, BBSes, Names, Addresses.) The objective is to get a police prosecution against anyone who is committing a crime (but not, of course, against anyone who is not committing a crime)

In line seven, we may be able to link "BUSINESS" into the picture if the people mentioned, Glenn, Joe, and Ross, are the same people as those we know as Glenn Jordan of DATAWATCH (Virex PC), Joe Wells of SYMANTEC, and Ross Greenburg, author of FLU-SHOT. If such is the case, then we have representatives of a common field, uniting efforts for a common cause. There is nothing illegal here and it is not implied that there is anything illegal with what they may be doing.

8. Identification and naming - if Frisk isn't there, that'll have to be deferred. But maybe Vess and I can do some stuff.

In line eight, we have yet another reference to a person who could quite possibly be Fridrik Skulason, author of F-PROT.

11.4 An undertaking from those who want to participate. The disadvantages are that you get to do lots of work, and everyone benefits. Your company might not permit this. I suggest we call these CARO members the Weeders. Non-weeders don't get the garbage files (why would you want them?), and get the viruses slightly after the weeders do.

In line eleven, subsection four, we can see a reference made to the word "COMPANY." This seems to substantiate the claim that the actual companies are involved with the CARO organization.

We can clearly see that the some members of CARO do work for companies that may, in the long run, benefit from the efforts of this organization's findings. I am concerned that CARO might possibly become a cartel. Membership in CARO is restrictive in nature, which conceivably keep other companies with software ideas from joining and sharing the same benefits. Essentially, this situation could be construed as a barrier to entry under ideal conditions. If CARO can manage to encompass all of the "select" companies, then quite possibly CARO may gain a monopolistic control over the market. Although there is one organization that presently holds the majority in market share, the possibility for a combined effort producing a new technology exists. All of us know that this one person must soon adopt a new method of detection and eradication or his product produce will quickly become too cumbersome for any practical use. You think about all the possibilities!

Moving right along... Let's look at the second definition that I mentioned earlier in this text. Collusion!

According to the dictionary definition of the word, collusion does not always have to imply "illegal" activities, only deceitful or fraudulent. With this in mind, take a look at some of the following excerpts from the "alleged" CARO agenda.

12. The CARO Virus Collection. I think that it is really important that there be no such thing. That way, if people ask for it, or claim they have it, then it's nonsense. Can we so move - there is no such thing?

This is self explanatory, but what is all this tripe in the new set of statements?

5. CARO Base We need to come to a conclusion. Maybe the weeders (see below) are excused from CARO basing, on the basis that they are contributing as weeders? That also gets Vess off that hook.

Okay! So there is a CARO base!

6. Virus Tagging We have a leak somewhere. I'd like to find it, and stop it. So we need to tag the viruses - that's easier than it sounds, these days. Lets decide how.

The "BASE" is obviously a "VIRUS" base!

11. Sharing the work on collections. I'd like to propose that for future collections like Stang's collection, or Buchanan's where the main problem is sorting the wheat from the chaff, that we divide the work up. You should be prepared to:

11.1 Sort out the viruses from the non-viruses (that's the main workload)

11.2 Isolate the non-viruses (put them in Zip files, marked Intended, Innocent and Garbage)

11.3 Make a replicant of the viruses into a group of Goat files (I am willing to donate my little files [big deal]) so that we all have N replicant and the original. And a small descriptive text file of the basic info, which is (roughly how it infects, roughly what it infects, is it encrypted, is it stealth, is it polymorphic). This is preliminary info, which you'll get as a result of replicating the viruses without doing any real work. Put this text file, plus the replicants, in a Zip, and if we all do some of the collection, many hands make light work. Since the work is proportional to the number of files I suggest that we divide it on that basis.

If N people volunteer to be weeders, each one will get 1/N of the files in the collection. This idea only applies to collections that are large and likely to be weedful, and I think we should expect more such in future.

11.4 An undertaking from those who want to participate. The disadvantages are that you get to do lots of work, and everyone benefits. Your company might not permit this. I suggest we call these CARO members the Weeders. Non-weeders don't get the garbage files (why would you want them?), and get the viruses slightly after the weeders do.

11.5 Someone to act as a central coordinator/collator/disseminator. Vess is the obvious candidate, but he might have too much on already.

Again, we're back to square one! Someone is going to now say that the CARO Virus Collection doesn't exist, or at least make a motion to this effect.

12. The CARO Virus Collection. I think that it is really important that there be no such thing. That way, if people ask for it, or claim they have it, then it's nonsense. Can we so move - there is no such thing?
14. Dinner. Beer. More beer.

...and last but not least, the last line of the "alleged" CARO agenda. Having read this article time and time again, I am convinced that they must have done line fourteen for at least three days prior to ever discussing line one.

You decide for yourself what these people are doing. I only wanted to take the opportunity to show it to you the way I see... Of course, I could be wrong, but as I see it, CARO may be able to monopolize the industry if they control the mass collection and can manage to restrict it from those whom the may not "approve." Couple this with legislation in their favor and the general public will be in for quite a shock. I dare say we would see any "free" software any longer. Who works for free? How many people can you count on one hand that are trying to do something for you?

Special thanks to Time Lord of Phalcon/SKISM for snatching the agenda at the New York conference!

ARiSToTLE/NuKE
[Back to index] [Comments]
By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxheaven.org aka vx.netlux.org
deenesitfrplruua