McAfee Blames Open Source for Botnets 223
v3xt0r writes "It seems that 'the Open Source Development Model' is to be blamed for the recent increase in botnet development. 'We're not taking aim at the open-source movement; we're talking about the full-disclosure model and how that effectively serves malware development,' the spokesman for McAfee says. Why not just blame the IRC Protocol? Or simply admit that Proprietary vendors cannot keep pace with the Open Source Model?"
Gee, and I always thought (Score:2, Interesting)
An endorsement of open source? (Score:3, Interesting)
Don't forget that these are the same guys...... (Score:3, Interesting)
http://download.nai.com/products/mcafee-avert/Whi
So take anything they say with a grain of salt.
Re:What? (Score:4, Interesting)
Certain vendors of anti-virus software appear to believe so. I wrote an exe-packer primarly so I could pack dotnet executables and distributed it for free. It got used by some malware author out there, and this anti-virus vendor decided then that anything packed with my exe-packer must be a virus.
I swear, it doesn't pay to share anything any more. ;-)
From the experts... (Score:5, Interesting)
Dude, again, it's _not_ about OSS (Score:5, Interesting)
Basically what McAffee says is, "I wish researchers stopped telling everyone everything about this and that buffer overflow. Telling people everything about a bug only helps the evil hackers use it in a virus!!!111one1eleventeen" Not an exact quote, but that's the general idea they're peddling there.
Which is, in the nutshell, just the old "security by obscurity" argument. Which has already been debated to hell and back and is known to not work that way. And, frankly, it's weird to see McAffee preaching that attitude, because the anti-virus makers should know the best that it never worked that way.
'scuse me, McA, but that's bollocks (Score:5, Interesting)
But quite seriously, could anyone please explain just HOW a malware author would benefit from open source? Because of the tools? Seriously, if you're writing software that's considered "illegal" in most places of this planet, would you care about licensing? Whether the software is free (as in beer and as in software) is pointless for him. If it's not free, he'll copy it illegaly.
Because they could learn how to write malware? The "real" malware projects are not open source, actually anything BUT it. First of all, major exploits are not shared, they're sold. Plain and simple. Malware is a business, just like a lot of other software, and they are by far the last to go for open sourcing, simply because it would cut into their revenue. Actually, the few snippets and code parts that ARE open source is one of the key sources for AV researchers, unless they want to go for the darker venues in the trade. And, finally, when knowledge becomes illegal, gimme a ring. Then it's time to leave the planet.
If you want to learn how to write malware, you needn't wade through open source projects. You won't find much worth finding.
So I don't really understand just why McA is targeting the OSS movement. There is little to be gained by malware writers through OSS, but a lot for those opposing malware. If anyone, it's the AV researchers who benefit from open sourcing malware. Because they would have a hard time explaining just why they would have sent money towards people wearing darker colored hats.
Once again, Free Speech is causing problems (Score:3, Interesting)
It is soo tempting to read between the lines. (Score:3, Interesting)
"We're not taking aim at the open-source movement; we're talking about the full-disclosure model and how that effectively serves malware development," he said.
become more transparent.
What effectivly serves malware development also serves things like clamav and snort. I suspect this botnet thing is just a short term issue for them, the long term problem is full-disclosure used to defend oneself.
Maybe I am wrong. Maybe it is all about malware developers becoming more effective. If thats true then this reads like an appology for being ineffective.
Or maybe its just a sad cry for help. Like a suicide note left in a conspicuous place.
Its fun reading things into things.
The real complaint here can be summarized (Score:1, Interesting)
They have made exploits and viruses their business, and they see OSS as the biggest threat as one day, OSS virus databases could rack up more viruses than they could at a much faster rate. It scares them.
Watch, next companies like McAfee and Norton will push congress to pass the "National CyberSecurity act" which will outlaw open code and free virus scanners.
I'm actually afraid when that happens. Bad enough McAfee sucks.
plus dont be shocked by the idea that McAfee and Norton wouldnt be as low as to create their own worms and viruses, that could be another take on this, they dont like "open sourced" viruses prolly because they CAN be caught quicker. Meanwhile a closed virus means great business for them. let it wreak havoc and then slowly deploy a cure for it. I wouldnt be shocked if they released a few on a slow year in the past or in the future.
People who make money off others' suffering should be shot.
Re:When has the AV industry really cared about ... (Score:3, Interesting)
Nope. But they do. And there's money to be made.
So those people are here, and they're here to stay. You can't teach them security. It's futile, I've tried. They care about their inter...thingwebsomething and mailing their auntie in Greece and that they can buy some pr0n online but being a spambot or trojan distributor, who cares?
Yes, MS's APIs contain some horribly insecure functions, coupled with the predominant (ab)use of admin privilege accounts (because some horribly written software requires it), and the fact that people would rather switch "everything on" before trying which setting is REALLY required. "Just make yourself admin and all works" is the creed.
Don't think it would be different if Linux/BSD was the dominant system. We'd get to see the same problem, except that people would surf around the 'net as root. The main difference would probably be that patches would start popping up more quickly, and if some program relies on an insecure function it would break 'til the programmer fixes it. Linux/BSD core people tend to be less lenient, especially with functions labeled "for debugging purposes only".
So AV tools are a stopgag against that problem. Yes, we see the same entry points abused time and again. Yes, it starts to be boring every time I dissect another trojan, only to find it uses the same routines to sink its hooks into the system. Yes, we tell MS to get rid of those functions and the only thing we get in return is "we can't".
So tell me how to solve this problem.