[tombert]

For that matter, if more altruistic people had access to these tools, couldn't you argue that security bugs would be found quicker as well? As of right now, it's possible that there are a million security bugs that black-hat hackers are sitting on that the average person doesn't have the tools to know about.

Isn't security-through-obscurity considered the worst kind of security?

[henryackerman]

Security-through-obscurity can be very effective by using it to throw up a smoke screen.

Case: you need to protect a web server. If you can successfully hide/spoof your OS/software fingerprint, an attacker won't know whether your server has vulnerable software. This makes exploit selection extremely difficult.

You can protect an already secure system from 0-day or unknown exploits by hiding whether you're running windows/linux/bsd/whatever with IIS/apache/nginx/traefik/caddy.

Of course this should not be used as an argument to introduce laws that limit the rights of repair shops, users or even security researchers.

[dvfjsdhgfv]

Really? Software detection techniques are so sophisticated these days, you need to put a lot of effort into that, and it all can be defeated by something very simple that doesn't even depend on you. Experts will find the way and newbies will just throw at you everything they have.