McAfee Blames Open Source for Botnets 223
v3xt0r writes "It seems that 'the Open Source Development Model' is to be blamed for the recent increase in botnet development. 'We're not taking aim at the open-source movement; we're talking about the full-disclosure model and how that effectively serves malware development,' the spokesman for McAfee says. Why not just blame the IRC Protocol? Or simply admit that Proprietary vendors cannot keep pace with the Open Source Model?"
Re:They're missing the real culprit. (Score:3, Informative)
It could have been the Chinese that are to "blame":
http://en.wikipedia.org/wiki/Abacus [wikipedia.org]
Re:Full disclosure != open source (Score:5, Informative)
From the article:
"Over the last year and a half, we've noticed how bot development in particular has latched on to open-source tools and the open-source development model,"
Further down:
Marcus said his company is drawing attention to the open-source trend to educate users, and not as an attempt to discredit open-source alternatives to its own proprietary software products. "We think [open-source antivirus products] are fine. They've never been something that was really in the same class as ours, but we've always been big supporters of open-source antivirus," he said.
In other words, McAfee is saying "Bot writers are using Open Source tools to develop, maintain, collaborate on, and distribute malware. We're just saying, you know. Not that we're accusing them of anything; we're just saying."
Then later in the article they start bad-mouthing Full Disclosure. That's, as you say, a separate topic.
-dZ.
Re:Corral Cache damn you guys (Score:2, Informative)
Misleading title (Score:3, Informative)
Sheesh.
On locks and Open Source (Score:4, Informative)
Below are two excerpts from the paper, found, interestingly enough, using the "fortune" program. Yes, I know that the making of locks isn't exactly like the creation of software, but the principle remains the same. Security through obscurity is no security at all; however, if the standards and techniques are open and available to the public, we, the "experts" in the field, will actually be hold companies accountable for problems and shortcomings in their software.