Does Open Source Encourage Rootkits?

An anonymous reader writes "NetworkWorld reports that security vendor McAfee places the blame for increased numbers of rootkits squarely on the shoulders of the open source community. Others, however, do not agree. From the article: 'Rootkit.com's 41,533 members do post rootkit source code anonymously, then discuss and share the open source code. But it's naïve to say the Web site exists for malicious purposes, contends Greg Hoglund, CEO of security firm HBGary and operator of Rootkit. "It's there to educate people," says Hoglund [...] It's a great resource for anti-virus companies and others. Without it, they'd be far behind in their understanding of rootkits."'"

Semantics

[caffeination]

The linked article and the Slashdot summary twist McAffee's report to invoke images of someone blaming the likes of KDE for the existence of rootkits, which is misleading. They are in fact blaming increasing effectiveness on the fact that people are collaborating. If anything it's a glowing advert for the Open Source development model.

Also, the majority of the article is not about this issue, despite it being both the title and the Slashdot title. Instead, it's about current trends in rootkit design.

Re:Baloney

[David Hume]

This is another 'blame the tool, not the user' type of mentality.

Guns are evil, drugs are bad, rootkits are bad, P2P is evil, etc...
We've heard this all before.

Concrete is bad because it could be used to make a shoe and keep a victim from struggling whilst they are dropped at the bottom of a lake.
Knives are bad because they may be used to kill someone.
2x4 pieces of lumber are bad because you could use it to knock someone off a motorcycle.
Baseball bats are really evil becuase gangs can use them for intimidation.
Crowbars, they should be illegal anyway, who uses them? We need to have nails that dissolve with water instead of trying to pry them up with this lethal weapon.

Yes, but some tools tend, statistically, to have more harmful uses than beneficial ones, or to be more often used harmfully than benefically, or, perhaps more importantly, to have significantly greater harmful effects than beneficial effects.

I'm as close to a 2nd Amendment purist as one is likely to find in that I believe it protects an individual, as opposed to a collective or "militia," right to bear arms. But even for me, there are limits. Should people be allowed to own fully automatic weapons? RPGs? Artillary? Landmines? All without any sort of license requirements, background checks, etc. After all, one mustn't blame the tool, but only the user.

Take a more mundane example -- lockpicks. Laws criminalizing the posession of lockpicks by anyone other than a licensed locksmith are obviously wrong because they "blame the tool and not the user." Hell, I might lose my house keys, and need to pick my own lock! And even if it were shown that 99.99% of the use of lockpicks by unlicensed persons was for the purpose of burglary and auto theft -- well, tough, blame the user, not the tool. We have to preserve the unlicensed and unregulated use of that tool for the 0.01% of the uses that are beneficial.

Now, does the above reasoning apply to open source rootkits? I don't think so. (To be clear, I don't think that open source rootkits should be licensed, regulated or prohibited in any way.) I just think that it is wrong to state that regulation of a tool is never appropriate regardless of how dangerous the tool is, or how, statistically, the tool is in fact being used.

Re:Baloney

[Rich0]

Mod parent up.

Ironically back when electrical grids were starting to take off there was a big fight over AC vs DC, with one marketing approach being to associate the opposing side with the electric chair. I think that somebody wanted to coin the phrase "getting westinghoused" for being electrocuted.

Can't say I remember the details though...

Re:Baloney

[Breakfast Pants]

In some famous demonstrations Edison's company electricuted some farm animals with high voltage AC.

Two words: Poor Journalism ...

[Zero__Kelvin]

Anyone who has read David Hume's "A Treatise on Human Nature" [amazon.com] knows that human nature is the cause of rootkits. If one is looking for a root cause that fosters human nature's ability to distort in this particular fashion they need look no further than poor journalism!

If the journalist or her editor possessed the proper level of subject knowledge and/or integrity required for true journalism to occur, then this patently absurd question would never be asked in an article.

Problems with the article abound, but this lone article is far from the problem. Never the less, it is a quintessential example of the kind of absurd misunderstanding of the landscape of the subject matter combined with the complete disregard for the principle of the pursuit of truth as a core element of journalistic principle that is endemic to the disease of misinformation which fosters misinformation in society today.

A few points that should be obvious, but are missed completely by this article:

1) The term rootkit stems from the fact that the concept comes from a UNIX environment
2) Most "rootkits" today target M$ proprietary products
3) Rootkits have always been "Open Source", unless you count ...
4) The biggest rootkit vendor is Sony, who works closely with M$

I could go on, but it is the misinformation propogated by piss poor journalism coupled with the lackluster education levels of the vast majority of the members of society in the free world that is the cause of most problems in the world today.

AntiVirus scare tactics: why the FUD keeps coming

[Gary W. Longsine]

The reason the AntiVirus vendors keep producing this kind of inflamatory FUD is because it works.

Every time an AntiVirus company issues a fear mongering white paper, press release, or paid article placement in a magazine they get explosive coverage, dozens or hundreds of free articles written about them or their topic of interest, nearly all with links back to their original article. Within limits, bad publicity is publicity and publicity is good.

Meanwhile, companies like mine that are building next-generation network security systems (shameless link to Intrinsic Security AntiWorm [intrinsicsecurity.com]) and who try to be good network citizens must work a thousand times harder for links back to our web sites, don't get slashdot stories about us, don't get bazillions of blog entries linking back to us.

Mine is not the only company that suffers this problem. Every time a story by one of these highly bogus AntiVirus FUD spreading companies ticks you off, you should include at the end of your rant about it in your blog a few links to non-bogus internet security companies. We would greatly appreciate it.

Honestly, there are days when I feel like whipping up a FUD press release or scare mongering white paper. It would be easier than taking the publicity high road.

You are dead wrong...

[Khyber]

The founding fathers did not intend for the 2nd Amendment to allow individuals the ability to bear arms to defend themselves against a world power - they designed the 2nd Amendment to guarantee the citizen's right to revolt against their government. Look up some George Washington quotes and get your facts straight, please.