Does Open Source Encourage Rootkits? 200
An anonymous reader writes "NetworkWorld reports that security vendor McAfee places the blame for increased numbers of rootkits squarely on the shoulders of the open source community. Others, however, do not agree. From the article: 'Rootkit.com's 41,533 members do post rootkit source code anonymously, then discuss and share the open source code. But it's naïve to say the Web site exists for malicious purposes, contends Greg Hoglund, CEO of security firm HBGary and operator of Rootkit. "It's there to educate people," says Hoglund [...] It's a great resource for anti-virus companies and others. Without it, they'd be far behind in their understanding of rootkits."'"
Scare Tactics and Get Real (Score:5, Insightful)
Simply because they use a domain name and the site is known does not make the information malicious. If you don't think rotating sites on rotating server exist to share compromised media and discussion about server cracking then you don't know anything. Rookit.com is open and out there, but the malicious people don't just stop here. Removing rootkit.com off the face of the earth would do zero to stop server compromises and rootkits.
And don't get me started about the quote..." make it advisable "to throw the computer away" if you want to be sure you got rid of the rootkit". Talk about scare tactics...sheesh. How often do you see a BIOS rootkit? And if you did, why don't you just reflash the BIOS? Or is this a sinister plan to make companies throw out old hardware to buy new so they buy new faster stuff to run Vista. That's it! It's all Microsoft's fault. Amazing how fast we can go do the jump off the bridge path.
Re:Scare Tactics and Get Real (Score:2, Interesting)
Maybe
Re:Scare Tactics and Get Real (Score:5, Interesting)
I have a project there, AFX Rootkit... (Score:3, Insightful)
Re:Scare Tactics and Get Real (Score:5, Funny)
$100.00 per Pentium 4 computer or laptop infected with a dangerous rootkit. Our trained professionals will seal each infected PC in a hypo allergenic bag and savely transport them to our facilitity for disposal and recycling.
I get paid AND get gobs of good gear to sell on ebay!
Thanks for the tip! this will go great with my DVD rewinding service!
Re:Scare Tactics and Get Real (Score:3, Insightful)
Re:Scare Tactics and Get Real (Score:3, Funny)
Man, I wish I had known about your service BEFORE I got hit with the $2 charge at the video store...
Re:Scare Tactics and Get Real (Score:2)
I think it is advisable under mant circumstances, and decent advice at that for the non slashdot type of crowds, with a average desktop. (I mean dont throw out that, 2.7 Ghz quad Xenon server running a raid 5 TerraByte array, and all the data on it because IE got hosed, when someone mistyped wondowsupdate, or something.)
Their has been malware for years that will d
Re:Scare Tactics and Get Real (Score:2)
You! Stop right there! you are hereby mandated to exchange your geek badge for a marketspeek tie.
-nB
Re:Scare Tactics and Get Real (Score:2, Funny)
Baloney (Score:5, Insightful)
That's like saying Edison and Tesla are to blame every time someone gets electocuted.
Re:Baloney (Score:5, Insightful)
Guns are evil, drugs are bad, rootkits are bad, P2P is evil, etc...
We've heard this all before.
Concrete is bad because it could be used to make a shoe and keep a victim from struggling whilst they are dropped at the bottom of a lake.
Knives are bad because they may be used to kill someone.
2x4 pieces of lumber are bad because you could use it to knock someone off a motorcycle.
Baseball bats are really evil becuase gangs can use them for intimidation.
Crowbars, they should be illegal anyway, who uses them? We need to have nails that dissolve with water instead of trying to pry them up with this lethal weapon.
Re:Baloney (Score:2)
Re:Baloney (Score:3, Informative)
Re:Baloney (Score:2, Interesting)
Re:Baloney (Score:2)
Re:Baloney (Score:2, Insightful)
Re:Baloney (Score:2)
Do a google on hemp pulp paper hearst
Re:Baloney (Score:5, Interesting)
No you're not.
"But even for me, there are limits. Should people be allowed to own fully automatic weapons? RPGs? Artillary? Landmines?"
Do you really think that the founders would have been worried about individuals owning RPGs when they were quite happy for individuals to own warships?
Hint: read Article 1 section 8 sometime, and look up 'letters of marque and reprisal', if you don't know what that means.
The problem is... (Score:4, Insightful)
You are dead wrong... (Score:3, Informative)
Re:You are dead wrong... (Score:3, Insightful)
Re:Baloney (Score:3, Funny)
Re:Baloney (Score:2)
ignoring the amendments. I think it is about what the population feals most comfortable with, that they can defend what the hold dear. I personally feal reasonably comfortable that I could always wage a decent protest with a sufficient armament (which I havent aquired, yet but think I have the abilty to acquire.)
Re:Agreed. The *purpose* of the 2nd Amendment... (Score:2)
Re:Baloney (Score:2)
And even if it were shown that 99.99% of the use of lockpicks by unlicensed persons was for the purpose of burglary and auto theft -- well, tough, blame the user, not the tool. We have to preserve the unlicensed and unregulated use of that tool for the 0.01% of the uses that are beneficial.
The problem I have, personally, with criminalizing (in your example) lockpicks, even if it is used to commit a crime 99.99% of the time, is indeed that 0.01%. Not so much because they're deprived of some sort of right
Re:Baloney (Score:2)
I know a guy that got probation for "discharging a firearm inside the city limits" for "playing" Guns with a BB rifle too
Re:Baloney (Score:2)
Re:Baloney (Score:2)
Um, yes? The second amendment says nothing about licenses or background checks.
However, the 1938 Nazi gun control law that our Senator Thomas Dodd [hackcanada.com] (D-Conn.) had translated into English became the basis for our 1968 gun laws.
The price of freedom being eternal viligance and all that.
Re:Baloney (Score:3, Insightful)
It's interesting how the same people who support Bush sending Americans to Guantanamo for allegedly planning on building a weapon, but insist on the unconditional right to bear arms.
Re:Baloney (Score:2)
I can't stop someone from picking the lock on my front door if they have the knowledge and skills to do it. I can just make sure I have very good locks that are tough to pick, take time and have some sort of measure in place to tell me if someone's out there picking or if (shudder) theyr'e successful in doing it.
In order to detect rootkits, you have to know what you're looking for. People who do not have the skill to secure their server or the common sense to retain the
Obligatory... (Score:2)
"I do, you insensitive clod!" -Gordon Freeman
Re:Baloney (Score:3, Interesting)
Yeah, because rootkits have so many other benign and benevolent purposes...
Re:Baloney (Score:2)
As long as it's just information, it's first amendment.
Re:Baloney (Score:2)
Of course, all this electrocution business just goes to show how much safer Edison's DC power would be, now doesn't it?
Hmm. Makes me wonder what kind of power source this vendor (or its backer) is hyping....
Re:Baloney (Score:3, Informative)
Ironically back when electrical grids were starting to take off there was a big fight over AC vs DC, with one marketing approach being to associate the opposing side with the electric chair. I think that somebody wanted to coin the phrase "getting westinghoused" for being electrocuted.
Can't say I remember the details though...
Re:Baloney (Score:3, Informative)
Re:Baloney (Score:2)
Re:Baloney (Score:2)
Topsy the roasted elephant (Score:3, Interesting)
Re:Baloney (Score:3, Insightful)
McAfee certainly doesn't want to take the blame when the computers that it is paid money to protect are infected...so it looks for a soft target. (And now you know what I think of McAfee. I didn't even bother to check that this was the same one...so believe at your own risk.)
Re:Baloney (Score:2)
Increased numbers != culpability (Score:2)
Re:Baloney (Score:2)
There is no connection between one thing and the other.
Re:Baloney (Score:4, Insightful)
They mass produce rootkits by the MILLIONS.
Idiots.
-Hackus
Re:Baloney (Score:2)
That's like saying Edison and Tesla are to blame every time someone gets electocuted.
Actually, Edison DID try to claim that AC was an exceptional electrocution hazard (compared to AC) and blame Tesla and Westinghouse for loosing it upon the world.
(He even suckered Tesla into licensing him to do one invention using AC - before letting on that the invention was the electric chair.)
Re:Baloney (Score:2)
Well not Edison, he championed DC, it was Westinghouse that was the 'father' of AC, which is actually the deadly one and was used to kill people in executions.
Sorry, couldn't resist.
Re:Baloney (Score:2)
That's like saying Edison and Tesla are to blame every time someone gets electocuted.
Ok, I think they are stretching things quite a bit as well, they would have been better served by making a lower bar point.
Sharing of programming and technology is condusive to the sharing of hacking technology. Now this isn't necessary what 'Open Source' is actually, but hey if they don't know any better.
My othe
Re:Baloney (Score:2)
You do know that the electric chair [about.com] has been invented during the AC vs DC flamewar by Edison (a DC proponent...) to "prove" that AC was too damn dangerous for general use ;)?
So Westinghouse (not Tesla) is to blame for the invention of AC current, and Edison for his invention of that particular use of AC...
Phhhbt... (Score:5, Funny)
Re:Phhhbt... (Score:2)
Marketing disguised as "Research" (Score:3, Interesting)
Re:Marketing disguised as "Research" (Score:2)
Business protection? (Score:4, Interesting)
Semantics (Score:5, Informative)
Also, the majority of the article is not about this issue, despite it being both the title and the Slashdot title. Instead, it's about current trends in rootkit design.
Re:Semantics (Score:2)
Does Open Source Encourage Rootkits? (Score:5, Insightful)
Re:Does Open Source Encourage Rootkits? (Score:2)
Hello, McAfee? We're trying to help you! (Score:5, Insightful)
Full disclosure is the best way to force the holes that make the rootkits possible to be addressed sooner rather than later. McAfee should be grateful that these things are getting posted where they can use them to make their offerings more secure. Instead, they come off as a bunch of whiners.
Re:Hello, McAfee? We're trying to help you! (Score:2, Insightful)
That's not to say that spreading this information is a bad thing, but you have to realize that McAfee
Re:Hello, McAfee? We're trying to help you! (Score:2)
Re:Hello, McAfee? We're trying to help you! (Score:2)
Except that the rootkit makers have always passed information around on their own private networks. Forcing them underground would change absolutely nothing on their side, and would mean the AV companies would have less info on the rootkits to base their signatures and detection code on. In fact, the nastiest stealthed, encrypted, polymorphic viruses were developed when there was no public circulation of information about the techniques involved.
The problem is that saying that circulation of information he
Access to info == Potential to do bad things (Score:5, Insightful)
Re:Access to info == Potential to do bad things (Score:2)
Right. And in the spirit of that logic, I suggest you disable your firewall, leave your keys in your car, unlock your front door, and post your daughter's picture, name, address, and phone number on mySpace. After all, the people who really want your computer, car, TV, and/or daughter will get them, so why not make doing so as easy as possible?
OSS is bad, must outlaw it. (Score:2)
Security vendor FUD (Score:5, Insightful)
Security by obscurity has been proven time and again not to work. Nobody would find a security hole if it didn't exist. Likewise, if one does exist, if one person can find it so can someone else. The responsibility lies squarely with the developers.
Time for a bad analogy (seeing as how this is Slashdot and all): If the door of your house/apartment/room/basement was made of balsa wood rather than a decent hardwood (or a reinforced steel-belted Faraday Cage for you tinfoil-hatters), it would only be a matter of time before someone worked this out. And regardless of whether they boot your front door in and make off with your home entertainment system, or simply leave you a note that says "This door is so thin I can hear you whacking off to Buffy reruns from across the hall (by the way your dinner's getting cold, son)" you can bet if one person can work it out, so can someone else. And the next person might not just leave you a note. So, if the door is your responsibility you better fix it ASAP, or risk the consequences. And if not, you better fry the ass of whoever is responsible, or you'll still risk the consequences yourself.
Landlord won't give you a secure premises? Move out, and tell everyone about it. Or get a gun and a pit bull. Or barricade the door and use the kitchen window for access. Or all three. Windows has more holes than half a dozen slices of Jarlesberg? Switch to a more secure O/S, and add your voice to the complaints. Or install malware detection/removal tools. Or lock it down behind a firewall. Or all three. But don't just stick your head in the sand and hope nobody will notice, that approach just doesn't work.
Re:Security vendor FUD (Score:2)
Without readily available sources of information, wanna-be rootkit hackers would be forced to invent (bring) their own tools to the party. And it's pretty easy to guess that more script-kiddies can tweek and compile free code than can create their own from scratch.
Re:Security vendor FUD (Score:2)
Nice theory, but those "sources of information" have always existed. Except even when the white-hats weren't publishing source code, the black-hats were publishing enough information for script-kiddies to use. Ever heard of a "virus creation program" or "hacker BBS"?
Shutting up the white-hats just gives the black-hats a head start, and everyone who has a clue knows
If I were McAfee (Score:2)
McAfee? McAfee?!? (Score:2)
Mod McAfee (Score:5, Insightful)
Depends who you ask (Score:5, Funny)
MS: Oh let me asnwer, me me me me!
Kids with code . . . Billion dollar companies (Score:2, Interesting)
Every possible action in the world has an economy surrounding it.
Don't like it? Change the economy of whatever vexes you.
And the answer is..... (Score:4, Funny)
Re:And the answer is..... (Score:2)
Well, since Sony stole code from 2 or 3 different GPLed (and even LGPLed) programs, their answer would be: "It surely does!"
Knowledge is power (Score:2)
Solution: Close the websites; burn the books.
Open Source is a scapegoat... (Score:2, Insightful)
When there's a problem in the open source community, they blame each other. When there's a problem in the proprietary source community, they blame the open source.
They really have no argu
Re:Open Source is a scapegoat... (Score:2, Insightful)
Re:Open Source is a scapegoat... (Score:2)
HAHAHAHAHAHAHHAHAHAHAHAHHAHAHAHAHAHAHAHAHAHA
That line belongs on bash.org
~Rebecca
Whatever happened to the IDP? (Score:2)
Whatever happened to the IDP?
Re:Whatever happened to the IDP? (Score:2)
Headline doesn't match article... (Score:3, Interesting)
From the article: "The predominant reason for the growth in use of stealthy code is because of sites like Rootkit.com," says Stuart McClure, senior vice president of global threats at McAfee.
Again, to me, this isn't an "open source" problem as much as an "Internet/can we stop bad guys from getting together and working on bad things" problem.
I somehow doubt rootkit.com is that dangerous (or I have no idea if it's even malicious), but I think we're likely to see this general issue come up again with websites on bomb making techniques, biological weapons etc... What should the government/society do if there is a public website that researches technology that can be used to make mass casualty weapons?
Proliferation of rootkits mean opensource works (Score:5, Funny)
Who wants to be stuck with a closed source rootkit when your IRC channel and server change and you have no way to update it? Opensource empowers the user to take the best features of different rootkits to ensure that they get the rootkit that meets their needs.
Users can strip down rootkits to run on older hardware that would otherwise be discarded, or they can enable many new features that make these rootkits competitive with all of the current commercial rootkits currently being used.
With the proliferation and expansion of UNIX desktop software that tries to emulate more and more windows (mis)-features, I think the rootkits and opensource actually do a lot to ensure that the basic applicatio n and OS security model in Linux and GNOME and KDE desktop environments remain secure.
open source == freedom (Score:5, Insightful)
Live with it, it's better than the alternative.
two basic theories at work (Score:2)
2) closed source makes finding/removing root kits more difficult (for the admins)
I'll deal with 1 before I'll face off against 2. Making life easier for the kiddies is a lot less hassel than making MY life more difficult.
Re:two basic theories at work (Score:2)
But notice that the closed-source/opoen-source involved here has almost nothing to do with the nature of the operating system: it has to do with the development models for rootkits themselves. The rootkit developers are sharing their information, and frankly, they should share it. Otherwise, these holes will remain in place and fester and be passed around behind doors that are barely closed at
Two words: Poor Journalism ... (Score:3, Informative)
If the journalist or her editor possessed the proper level of subject knowledge and/or integrity required for true journalism to occur, then this patently absurd question would never be asked in an article.
Problems with the article abound, but this lone article is far from the problem. Never the less, it is a quintessential example of the kind of absurd misunderstanding of the landscape of the subject matter combined with the complete disregard for the principle of the pursuit of truth as a core element of journalistic principle that is endemic to the disease of misinformation which fosters misinformation in society today.
A few points that should be obvious, but are missed completely by this article:
I could go on, but it is the misinformation propogated by piss poor journalism coupled with the lackluster education levels of the vast majority of the members of society in the free world that is the cause of most problems in the world today.
AntiVirus scare tactics: why the FUD keeps coming (Score:3, Informative)
Every time an AntiVirus company issues a fear mongering white paper, press release, or paid article placement in a magazine they get explosive coverage, dozens or hundreds of free articles written about them or their topic of interest, nearly all with links back to their original article. Within limits, bad publicity is publicity and publicity is good.
Meanwhile, companies like mine that are building next-generation network security systems (shameless link to Intrinsic Security AntiWorm [intrinsicsecurity.com]) and who try to be good network citizens must work a thousand times harder for links back to our web sites, don't get slashdot stories about us, don't get bazillions of blog entries linking back to us.
Mine is not the only company that suffers this problem. Every time a story by one of these highly bogus AntiVirus FUD spreading companies ticks you off, you should include at the end of your rant about it in your blog a few links to non-bogus internet security companies. We would greatly appreciate it.
Honestly, there are days when I feel like whipping up a FUD press release or scare mongering white paper. It would be easier than taking the publicity high road.
Re:AntiVirus scare tactics: why the FUD keeps comi (Score:2)
Every intrusion detection, anti-virus, malware detector, trojan detector, rootkit detector companies are trying to outfox each other with their shining new widgets that can normalize, filter, block malicious payloads. It is like the Holy Grail. There can only be ONE.
Fear, Uncertainity and Doubts is the primary driver
Sour Grapes (Score:2)
In fact, McAfee is pretty much kinda sucking and finding any of the latest malware. They're just trying to jump on the anti-open source bandwagon because they don't have a better plan. Is Daryl McBride working there, too?
Wasn't aware that... (Score:2)
Does this work for other things in the world too? (Score:2)
I'm not trying to be sensationalist. I do understand that vulnerabilities in systems need to be pointed out before anyone will spend the money on corrective action. I also understand that if the knowledge is kept 'secret' that only two groups of people will have the knowledge -- the 'good ones' and 'the bad ones.' It does little to noth
or.... (Score:2)
or to look at it another way, we would need a lot less computer techs and anti-virus companies wouldn't exist. Yah... A world without rootkits (read- not open source) is the way to go.
Here's another question for you (Score:2)
Heh (Score:2)
Or blaming burger shops for making Fat People.
Re:Percentage? (Score:4, Funny)
0.01%
> What percentage of honda drivers are mass murderers?
80%
hope that helps you.
Re:Percentage? (Score:2)
I can see you did well on your SATs...
Re:Percentage? (Score:2)
What percentage of rootkits are open source? The last few I got did not come with source code or a GPL EULA.
Freedom of speech? (Score:2)
If you teach them as a tool to avoid being ripped off however, you get away with it.
its all a grey area, and can get you put away if you are on the wrong side of the judge ( or the guy in the black van )
Re:Linux root kits (Score:2)
Maybe I'm mistaken, but aren't most rootkits for another operating system?