McAfee Blames Open Source for Botnets 223
v3xt0r writes "It seems that 'the Open Source Development Model' is to be blamed for the recent increase in botnet development. 'We're not taking aim at the open-source movement; we're talking about the full-disclosure model and how that effectively serves malware development,' the spokesman for McAfee says. Why not just blame the IRC Protocol? Or simply admit that Proprietary vendors cannot keep pace with the Open Source Model?"
What? (Score:5, Insightful)
Wow, I've seen a lot of commercial vendors doing that in the recent years also - maybe they're all suspect.
Re:What? (Score:2, Insightful)
Re:What? (Score:4, Interesting)
Certain vendors of anti-virus software appear to believe so. I wrote an exe-packer primarly so I could pack dotnet executables and distributed it for free. It got used by some malware author out there, and this anti-virus vendor decided then that anything packed with my exe-packer must be a virus.
I swear, it doesn't pay to share anything any more. ;-)
Re:What? (Score:5, Insightful)
And of course, we have to suffer another dig at the full disclosure doctrine. But the part they left out was how they plan to get the black hats not to share information with each other. Full disclosure just assures that the white hats all have the same information and that the battle is fought on pure technology lines and not on who is better at hiding things (a battle the good guys would lose).
Re:What? (Score:2)
A higher productivity model? Nonsense. It is no more high productivity than any other development model. Productivity depends on the development team, and their movation and interest, and the openness or otherwise of the project has little or no bearing on this. Just look at the number of open source projects stuck in permanent beta because no-one is interested in doing t
In related news (Score:5, Funny)
Re:In related news (Score:2, Funny)
Re:In related news (Score:2)
Treebeard Control Protocol / Interent Protocol
Re:In related news (Score:2)
Re:What? (Score:2)
If it's proprietary and closed source malicious software, it's "market-enabling software". It's only "bad" if those open source evildoers write it.
Load of BS (Score:5, Funny)
Re:Load of BS (Score:5, Funny)
Re:Load of BS (Score:2)
If you outlaw CVS only outlaws will use CVS.
Re:Load of BS (Score:3, Funny)
Re:Load of BS (Score:4, Funny)
Re:Load of BS (Score:4, Funny)
Re:Load of BS (Score:2)
Re:Load of BS (Score:2)
"Malware writers use CVS! They're the scum of the earth. Shouldn't you use SVN instead?"
or
"9 out of 10 malware writers use CVS. Their software runs on millions of desktops world-wide. Shouldn't you use CVS too?"
(note: I am non-denominational on version control systems and could see the marketing go either way. I don't really care as long as it makes me laugh
Re:Load of BS (Score:2)
And they probably use the Win32 SDK, too. Maybe we could blame Microsoft. You know, I bet they use SMTP-based e-mail to communicate, too! We should blame Jon Postel for writing RFC 821!
Ooh! I'll bet they use Intel processors, too! And AMD! Hang 'em all, I say!
Re:Load of BS (Score:5, Funny)
M$BlowsMyBalls:
CS_Ownerrer: LOL!
ScriptK1dd13: There's a bug in the bots. Some of them are spelling Vi4gra and C14lis correctly.
CS_Ownerrer: Fixed in CVS
M$BlowsMyBalls: RTFM, noob!
ScriptK1dd13: There is no manual...
M$BlowsMyBalls:
ScriptK1dd13 has been kicked.
M$BlowsMyBalls: Damn noobs.
CVS (Score:5, Funny)
Re:MIT researchers make first bot without Windows (Score:2)
Full Disclosure Vs Secrets (Score:5, Insightful)
But what model would you blame for the hundreds of PC viruses that devestated home and corporate computers in the 90's up to today? I think the exploits they relied upon were simple coding flaws and insecure type checking or buffer overflows that wer simply poor coding kept as a secret.
So, in light of what causes the malware, would I rather the code be fully disclosed or instead guess that there's probably no major exploit possible? I'd probably go with the former considering the sheer number of viruses based on the latter and the fact that it's the exploits based on proprietary code that often do the most severe damage to society.
I would like to ask McAfee what they would think if a competitor found a virus and figured out how to fix it but couldn't tell McAfee that information because it would be considered disclosure. That would be the real irony here. Sites that host viruses and describe/publish them are often very useful sources for people looking to rid them from their computers or even how to avoid exploits in the future.
This article is entitled "Hackers Learn from Open Source" but they only learn as much as the researchers and patchers do. I would rather the community be progressing towards solid impenetrable code than have guarded secrets that keep everyone under a thin veil of security. Because if those secrets are ever discovered by the wrong people, we will not know about them and we'll essentially be caught with our pants down. I'd rather have every programmer know the pitfalls of coding than to have thousands of applications deployed world wide all waiting for one hacker to stumble upon a secret.
You really have to question McAfee's motives here in their Sage magazine
Dude, again, it's _not_ about OSS (Score:5, Interesting)
Basically what McAffee says is, "I wish researchers stopped telling everyone everything about this and that buffer overflow. Telling people everything about a bug only helps the evil hackers use it in a virus!!!111one1eleventeen" Not an exact quote, but that's the general idea they're peddling there.
Which is, in the nutshell, just the old "security by obscurity" argument. Which has already been debated to hell and back and is known to not work that way. And, frankly, it's weird to see McAffee preaching that attitude, because the anti-virus makers should know the best that it never worked that way.
Re:Dude, again, it's _not_ about OSS (Score:2)
Then on the otherhand, maybe it really is just the anti-virus vendors. Very often, with full disclosure, the researchers also say what can be done to protect against the exp
McAfee Afraid of Open Dialog? (Score:3, Insightful)
If enough developers 'pool' into working on it, and an open dialog of faults and vulnerabilities continues, could they find themselves out of a job from an Open Source solution?
(especially as they are about to be challenged by MS Defender, which could also benefit from open dialoge to augment a shallower background in the field?)
They do have a point (Score:2)
1) Post or send a notice in relivant places that lets people know that they are v
Re:They do have a point (Score:3, Insightful)
Re:They do have a point (Score:2)
What if the theif lives in one of the condo's... In real life (most)people dont walk around with signs saying I am a computer hacker/professional burgular/rapist.
Gee, and I always thought (Score:2, Interesting)
They're missing the real culprit. (Score:5, Funny)
Re:They're missing the real culprit. (Score:3, Informative)
It could have been the Chinese that are to "blame":
http://en.wikipedia.org/wiki/Abacus [wikipedia.org]
Re:They're missing the real culprit. (Score:2)
A mere abacus [earthstar.co.uk] - mention it not. Try the Antikythera mechanism. [wikipedia.org]
Re: Antikythera Mechanism (Score:2)
They don't explain how the alternative is better (Score:5, Insightful)
Isn't it better to release info so people can do something about it? Network admins can use it to help block the attacks, or disable the vulnerable software. Users can stop using it. And people can ever make their own patches, or use the shared knowledge to look for similar flaws in other software.
We have seen this happen. Can anyone provide a good alternative, because McAfee certainly can't?
There are middle grounds (Score:2)
As a sys admin, knowing the specifics does me no good. I don't even look at the code, i'm not a programmer. The relivant information to me is "Service X
Schools and colleges are evil! (Score:5, Insightful)
Re:Schools and colleges are evil! (Score:2)
I don't know if that conclusion is sound, but there is no evidence to the contrary and malware certainly has become stag
Re:Schools and colleges are evil! (Score:2)
Well... (Score:4, Insightful)
Because McAfee has an unterior motive and wants to discredit the competition.
With there be anything else?
Re:Well... (Score:2)
Re:IRC (Score:2)
Sound like that old guy in the 1920s-themed Onion rants. "Aw hell, let's not have telnet anymore!"
actual cause (Score:2)
Actually, I see this as a great example of software natural selection. The OSS is killing off the weaker software.
Re:actual cause (Score:2)
Executives chase marketshare because marketshare is an advantage. It's word-of-mouth, mindshare, strategic partnerships, tie-ins, and cross promotions in addition to being more able to set the standards and influence customer expectations. I'll say it now: being able to change people's expectations is probably the biggest advantage, with effective partn
Full disclosure != open source (Score:5, Insightful)
1. The open source part. Which doesn't contain any kind of anti-OSS slant. It just says that people now have a lot of F/OSS tools to manage their files and whatnot.
2. The part about full disclosure. Where they basically whine that they'd like to have what we all call "security by obscurity." Basically McAffee would like a world where researchers keep a lot more stuff secret, because supposedly being public about that helps evil hackers. Which is as stupid as it gets, yes, but it also has nothing to do with OSS at this point.
So why the fanboy slant in the summary?
Re:Full disclosure != open source (Score:2)
What if open source virus checkers are doing better in the market place than McAfee suggests? Open source virus checkers can only compete if there is full disclosure. Or in other words, if McAfee doesn't get advanced notice, then they lose any possible competative advantage.
So it seems to be a FUD attack aimed at shutting down their OSS competition. I'm actually rather surprised because I didn't realize the OSS alternatives w
Ah, well, it's McAffee (Score:3, Funny)
Honestly, the last time I used that crap "security" suite of theirs, it was far worse than your average virus.
Among _many_ samples that proved massive cluelessness was the fact that as soon as it "updated" itself, it actually couldn't cope with being instal
Re:Full disclosure != open source (Score:2)
Well, I can guess...
Fanboy read the title.
Fanboy _may_ have skimmed the article.
Fanboy didn't understand the distinction.
Fanboy rapidly submitted it! (I'm gonna be on
Editor read the title.
Editor _may_ have skimmed the article.
Editor didn't understand the distinction.
Editor rapidly published it! (I'm gonna be on
Re:Full disclosure != open source (Score:2)
You must be new here...
Re:Full disclosure != open source (Score:5, Informative)
From the article:
"Over the last year and a half, we've noticed how bot development in particular has latched on to open-source tools and the open-source development model,"
Further down:
Marcus said his company is drawing attention to the open-source trend to educate users, and not as an attempt to discredit open-source alternatives to its own proprietary software products. "We think [open-source antivirus products] are fine. They've never been something that was really in the same class as ours, but we've always been big supporters of open-source antivirus," he said.
In other words, McAfee is saying "Bot writers are using Open Source tools to develop, maintain, collaborate on, and distribute malware. We're just saying, you know. Not that we're accusing them of anything; we're just saying."
Then later in the article they start bad-mouthing Full Disclosure. That's, as you say, a separate topic.
-dZ.
Seems pretty weak, IMHO (Score:2)
I mean, seriously. So some virus writer uses CVS. In what way does that say anything bad about CVS? It's like saying that gangsters use(d) cars for their drive-by shootings. Does that mean we should start distrusting cars or car manufacturers? And some are stereotyped as beating people up with baseball bats and/or throwing people off piers with cement shoes. Does that mean we should start dis
Re:Seems pretty weak, IMHO (Score:2)
-dZ.
Re:Full disclosure != open source (Score:2)
I noticed the exact same thing.
The open source part. Which doesn't contain any kind of anti-OSS slant. It just says that people now have a lot of F/OSS tools to manage their files and whatnot.
I'm not even sure what the point of this is other than FUD for the uninformed. So virus writers are forming communities and working together... it has nothing to do with OSS. As virus writers they would be more likely to pirate commercial software if th
Obviously (Score:2, Funny)
It's the "Brotherhood of Linux" that prevents malware being written for Linux computers and why there are no Linux zombie botnets.
Re:Obviously (Score:2)
This just in (Score:2)
But seriously folks, malware authors using CVS? I never thought they'd think of using arguably the most popular version control system in the world. Besides, that means they are adopting the open source development model how? Plenty of companies use CVS internally,
LOL (Score:2, Funny)
Idiots.
I guess it's a matter of perspective (Score:2)
Tom Caudron
http://tom.digitalelite.com/ [digitalelite.com]
And why is this a bad thing? (Score:2)
An endorsement of open source? (Score:3, Interesting)
Then Surely....... (Score:3, Funny)
Forget the fact that a powered centre punch is just an inanimate tool and that it's purely the malicious intent of car thieves that means they're used for illegal reasons, someone must be to blame. So let's lynch metal-workers for causing car theft!!
Re:Then Surely....... (Score:2)
Most IT workers blame McAffee for Current Viruses (Score:5, Insightful)
Re:Most IT workers blame McAffee for Current Virus (Score:2)
Perhaps you want to make sure you're aiming in the right direction, before flinging too much mud.
Don't forget that these are the same guys...... (Score:3, Interesting)
http://download.nai.com/products/mcafee-avert/Whi
So take anything they say with a grain of salt.
Same class as McAfee (Score:3, Funny)
"Same class?" Meaning as slow to start, buggy, and bloated as McAfee products? Open-source developers should by thanking that guy for the compliment.
-b,
Headline is a Troll (Score:5, Insightful)
Given that the summary itself says that this is not about the open-source development model, I've got to conclude that the headline is a troll. You can apply the full-disclosure model of security notification to any software, open or closed.
This is about whether the finders of security vulnerabilities give the vendor a grace period to fix the problem before disclosing the vulnerability to the general public. It has nothing to do with open source.
Re:Headline is a Troll (Score:2)
Actually, that's not too bad. But I don't think the
What he said. (Score:2, Insightful)
Linux is evil, Windows is good, proprietary blah blah blah. The biggest shock to me is that anyone has the balls to point to open source and say "YOUR development model is responsible for this mess," especially considering the way Windows ships as default (make all initial users members of Administrators). I'm still reeling from hearing McAfee (or someone officially affiliated) say something to the effect of "Your open code and development is killing us!"
You have
From the experts... (Score:5, Interesting)
When has the AV industry really cared about .... (Score:2)
I know 800 slashdotters are going to mod me troll and describe how wrong I am but I can't fully believe it.
Course I'm into JFK and 9-11 conspiracies as well....
Re:When has the AV industry really cared about ... (Score:2)
When you know an algorithm that flawlessly discriminates between "good" and "bad" code, copyright it today. You'll be a very rich man, if you sell it, or an icon of OSS development if you hand it to the OS community.
But at least you didn't claim that AV companies create them themselves, it's at least something I gotta give you.
Re:When has the AV industry really cared about ... (Score:2)
Security isn't something you can make - it's something you do. McAfee's magic potion just doesn't work. And it's not because the magic potion is bad (after all, this is a magic potion that's been developed over many years and has taken many skilled hackers to create). It's because magic potions don't work.
Take for example one fairly secure operating system - OpenBSD.
Re:When has the AV industry really cared about ... (Score:3, Interesting)
What is Full Disclosure, Anyway? (Score:2)
No. Full disclosure is just that: disclosure. Distributing samples of malicious software is at best a proof of concept, but usually just irresponsible and/or malicious distribution of same.
Given this piece of intellectual dishonesty, I think that any doubt that McAfee was on the up-and-up with this article c
Does this mean OSS programmers are better? (Score:2)
Put a different way, and not to simplify it too much, but the anti-virus programmer needs to write a patch to detect a piece of code which has been handed to him/her. The malware has to wri
You're kidding. (Score:2)
People shouldn't blame McAfee..... (Score:5, Funny)
Funny, yes...but there is a point to be made (Score:2)
I suspect that, all else being equal, it's probably easier to find exploitable flaws in a system and write malicious code to take advantage of it as opposed to trying to defend against such attacks. Not only is it generally easier to destroy than to create, but the attacker need only find a single f
Corral Cache damn you guys (Score:2)
http://www.pcadvisor.co.uk.nyud.net:8090/news/ind
Re:Corral Cache damn you guys (Score:2, Informative)
on the topic of blame (Score:2)
As far as I can see it, FOSS supports people, and statements like this only drive home the point that companies are driven by wealth to the exclusion and elimination of health for people.
Companies were an exception when the King of England first granted them as favors to a select few. It allowed exceptional rights, and those rights have only grown over time. It has now come to the point where pretty much any organized human behavior
'scuse me, McA, but that's bollocks (Score:5, Interesting)
But quite seriously, could anyone please explain just HOW a malware author would benefit from open source? Because of the tools? Seriously, if you're writing software that's considered "illegal" in most places of this planet, would you care about licensing? Whether the software is free (as in beer and as in software) is pointless for him. If it's not free, he'll copy it illegaly.
Because they could learn how to write malware? The "real" malware projects are not open source, actually anything BUT it. First of all, major exploits are not shared, they're sold. Plain and simple. Malware is a business, just like a lot of other software, and they are by far the last to go for open sourcing, simply because it would cut into their revenue. Actually, the few snippets and code parts that ARE open source is one of the key sources for AV researchers, unless they want to go for the darker venues in the trade. And, finally, when knowledge becomes illegal, gimme a ring. Then it's time to leave the planet.
If you want to learn how to write malware, you needn't wade through open source projects. You won't find much worth finding.
So I don't really understand just why McA is targeting the OSS movement. There is little to be gained by malware writers through OSS, but a lot for those opposing malware. If anyone, it's the AV researchers who benefit from open sourcing malware. Because they would have a hard time explaining just why they would have sent money towards people wearing darker colored hats.
Misleading title (Score:3, Informative)
Sheesh.
Improves all development (Score:3, Insightful)
The open source, full-disclosure model improves the pace of ALL software development. All means all, including software development for "bad" purposes.
Once again, Free Speech is causing problems (Score:3, Interesting)
Time to roll up your sleeves (Score:2, Funny)
On locks and Open Source (Score:4, Informative)
Below are two excerpts from the paper, found, interestingly enough, using the "fortune" program. Yes, I know that the making of locks isn't exactly like the creation of software, but the principle remains the same. Security through obscurity is no security at all; however, if the standards and techniques are open and available to the public, we, the "experts" in the field, will actually be hold companies accountable for problems and shortcomings in their software.
Well... (Score:2)
Why would they want to slow down that far? Seriously, if MS was as fast as open source, we'd still be running on DOS 5.0 with Windows 3.0.
It is soo tempting to read between the lines. (Score:3, Interesting)
"We're not taking aim at the open-source movement; we're talking about the full-disclosure model and how that effectively serves malware development," he said.
become more transparent.
What effectivly serves malware development also serves things like clamav and snort. I suspect this botnet thing is just a short term issue for them, the long term problem is full-disclosure used to defend oneself.
Maybe I am wrong. Maybe it is all about malware developers becoming more effective. If thats true then this reads like an appology for being ineffective.
Or maybe its just a sad cry for help. Like a suicide note left in a conspicuous place.
Its fun reading things into things.
Full Disclosure Lowers the Barriers to Entry (Score:4, Insightful)
In other news: World Blames Macafee for... (Score:2)
Simple enough (Score:2)
b) Closed Source: Harder to find bugs/exploits, meaning that they might be harder to exploit, but also oftimes harder to get a timely fix and/or fix it yourself... or even know the bug exists.
There's a bad and good in both worlds.
McAffee like Symantec, are getting desperate... (Score:2)
The chickens are coming home to roost. The anti-virus model is essentially untenable-- akin to closing the barn doors after the horses have escaped. Anti-virus only works if you get the anti-virus signature updates before you get the virus attack-- but the signatures cannot be produced until the virus is encountered in the wild, by which time it has likely mutated into something new. AV is only capable of protecting against *old* viruses. Far better preventatives are a good network firewall, a good exec
My answer to McAffee: (Score:2)
As others have pointed out, McAffee is actually worse than spyware. At first, I thought it was just the fault of Windows that reading stuff off the disk was taking several minutes for 10 or 20 megs of data. Or maybe the nvidia software RAID. But I disabled McAffee, and suddenly, it was as fast as it was supposed to be.
As to why it was there in the first place? College gave me lots of commercial software for free, including a copy of XP Pro. I have a legit, original, burned copy of XP Pro. Weird, I kno
Re:It's the opposite, in my opinion (Score:3, Funny)
Pardon, that last sentence was too sarcastic -- I have to go puke now.
Re:It's the opposite, in my opinion (Score:2)
Re:It's the opposite, in my opinion (Score:2)
No, seriously, coming up with an alternative name for doing the same thing, only criminally, is painfully wrong at worst and grammatically incorrect at best.
Re:fud alert (Score:2, Funny)
Re:Meh. (Score:2)