Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Does Open Source Encourage Rootkits?

ScuttleMonkey posted more than 8 years ago | from the no-ulterior-motives dept.

200

An anonymous reader writes "NetworkWorld reports that security vendor McAfee places the blame for increased numbers of rootkits squarely on the shoulders of the open source community. Others, however, do not agree. From the article: 'Rootkit.com's 41,533 members do post rootkit source code anonymously, then discuss and share the open source code. But it's naïve to say the Web site exists for malicious purposes, contends Greg Hoglund, CEO of security firm HBGary and operator of Rootkit. "It's there to educate people," says Hoglund [...] It's a great resource for anti-virus companies and others. Without it, they'd be far behind in their understanding of rootkits."'"

cancel ×

200 comments

Sorry! There are no comments related to the filter you selected.

Scare Tactics and Get Real (5, Insightful)

WebHostingGuy (825421) | more than 8 years ago | (#15145630)

If this site/domain name was not well know the hackers would just type in an IP like Click for Rootkit [70.85.5.142] and get what they need.

Simply because they use a domain name and the site is known does not make the information malicious. If you don't think rotating sites on rotating server exist to share compromised media and discussion about server cracking then you don't know anything. Rookit.com is open and out there, but the malicious people don't just stop here. Removing rootkit.com off the face of the earth would do zero to stop server compromises and rootkits.

And don't get me started about the quote..." make it advisable "to throw the computer away" if you want to be sure you got rid of the rootkit". Talk about scare tactics...sheesh. How often do you see a BIOS rootkit? And if you did, why don't you just reflash the BIOS? Or is this a sinister plan to make companies throw out old hardware to buy new so they buy new faster stuff to run Vista. That's it! It's all Microsoft's fault. Amazing how fast we can go do the jump off the bridge path.

Re:Scare Tactics and Get Real (1, Interesting)

ScrewMaster (602015) | more than 8 years ago | (#15145675)

Or is this a sinister plan to make companies throw out old hardware to buy new so they buy new faster stuff to run Vista. That's it! It's all Microsoft's fault. Amazing how fast we can go do the jump off the bridge path.

Maybe ... but that doesn't make you wrong. The beauty of FUD is that, while it is ignored by knowledgeable people, a little of it can go a long way in convincing a PHB to change his budget priorities. It really doesn't take much: the old "nuke the site from orbit, it's the only way to be sure" mentality coupled with a bit of relevant FUD can result in the sale of a lot of new equipment.

Re:Scare Tactics and Get Real (5, Interesting)

IntelliAdmin (941633) | more than 8 years ago | (#15146137)

Lets also remember that some of the people associated with this site were the first to notice the Sony DRM RootKit. The research that has been done on this site has really made it hard for rootkit developers to install their wares unnoticed - if you have the right tools. I could be wrong, but I think that Mark Russinovich from sysinternals has been there contributing to this site. It has led to the development of some really great tools such as the SysInternals RootkitRevealer - a really great tool by the way (http://www.sysinternals.com/Utilities/RootkitReve aler.html [sysinternals.com] )

Re:Scare Tactics and Get Real (5, Funny)

Lumpy (12016) | more than 8 years ago | (#15145748)

Man what a great IDEA! I am certified for hazardous rootkit infected computer disposal.. this month only my normal $250.00 disposal fee is reduced to
$100.00 per Pentium 4 computer or laptop infected with a dangerous rootkit. Our trained professionals will seal each infected PC in a hypo allergenic bag and savely transport them to our facilitity for disposal and recycling.

I get paid AND get gobs of good gear to sell on ebay!

Thanks for the tip! this will go great with my DVD rewinding service!

Re:Scare Tactics and Get Real (2, Insightful)

HermanAB (661181) | more than 8 years ago | (#15145966)

Cool idea - you don't even need to clean them up before selling them on Ebay either - that way another geek can make money by cleaning it up for the idiot buyer...

Re:Scare Tactics and Get Real (0)

Anonymous Coward | more than 8 years ago | (#15145922)

How can you possibly trust a machine with an infected BIOS to allow a "true" reflash of a fixed BIOS?

We Don't Need No Steenk'in Topic! (0, Troll)

Philip K Dickhead (906971) | more than 8 years ago | (#15146063)

I was going to post this in the "Expose the big lie" thread but after I wrote it I thought it was interesting enough to merit a thread of its own. This is all good information, personally verified or witnessed by none other than me, but I will not answer any questions about it or go into any detail other than what I've already typed out. I may reply with more information or anecdotes if I see fit, but I've pretty much already scraped the barrel of my experiences.

These are some facts I have witnessed and learned through my employment. Take it at face value, believe it or don't believe it, because I'm not providing corroborating pictures, details, or evidence beyond my own testimony.

Homeland security buys in bulk and at great premium millions of dollars of useless personal appliances from China, such as rice cookers, nose hair trimmers, massage wands, and heating pads, boxes them up, and buries them in railroad shipping containers in the Arizona desert for no reason whatsoever other than to spend its budget and prevent sub-agencies from getting the funds. I suspect that the money goes to a middleman in order to secretly siphon funds into foreign organizations which we can't support over the table, but this is just me trying to find a justification for this massive and intentional government waste.

Donald Rumsfeld needs to wear iced underwear because of some medical condition, and he has his secret service detail hold his spares. He was recently getting uncontrollable long-term erections and had to change up his medical treatments. The underwear and the erections is why he uses a standing desk, not because he is some super-man. He also wears nylon stockings, not because he's gay, but to control some vascular problem with his legs which causes him intense pain.

President Bush uses anti-depressant medication, a lot of it, at a stupendous dosage, and he is hiding it from the American public. This is the real reason he stopped drinking. Because of the dosage, he is also impotent.

Tom Ridge carries 20 credit cards with him at all times, each one with a very low limit. I have never heard of him using one, ever, but he has them. He also wears his socks inside-out, and will flip the fuck out and walk strangely if he is forced to wear them properly, because it drives him crazy. All of his socks must be laundered right side in and then turned inside out before they are returned to him. He gave specific instructions about handling his food, and not allowing his vegetables to touch any other food item on the plate. His utensils must be steamed over boiling water. He will not eat soup which hasn't been boiled within the past 20 minutes or which he has not prepared himself. If any of these rules are violated, he flies into a rage, turns beet red, and will not eat a single thing. He has his personal attendants confirm over and over that the food is as he likes it. He also shaves his forearms and hands because he can't stand the idea of body hair on his arms. He demands that his bedsheets are bleach white and changed fresh every night and he sleeps in a separate bed in a big, tight, body-length nylon sleeve, with a fan blowing over him at full power. He is terrified of animals which have fur or hair longer than one inch, and will not go near curly hair of any kind, even on people. At one time he ran from his office and demanded that someone look under everything for a rodent which did not and could not exist, then he had the entire place wiped down with disinfectant and vacuumed twice. While this was done he couldn't even bear to look at the door, or come within 20 feet of his office. He was in hysterics.

President Bush, when dining at the white-house, does not eat any item of food which has not been first sniffed by a trained dog before being prepared. Think about that.

Word among the staff is that Cheney was drunk when he shot that lawyer, and secluded himself for a day to sober up and avoid felony firearms charges. I don't have any direct information on this because the guys with him at the time are not talking. This is totally unconfirmed, but I think it is plausible.

Dick Cheney has chronic gum problems and his breath smells like shit as a result. He is also a CLOSE TALKER. He keeps a small bottle of diluted hydrogen peroxide which he rinses with every hour on the hour, and he swallows it instead of spitting. He also picks his nose vigorously (violently) and hums loudly and tunelessly to himself while taking shits.

There is a sealed room in the whitehouse which once held a half-ton block of cheese for about 30 years.

The White house is planting its own men among the press agents at press conferences.

The white house lawn is mowed every other day by the same man humming the same tune.

Despite all of this craziness, there is nothing strange whatsoever about Condoleeza Rice. She is completely balanced and normal, if slightly robotic in her personal demeanor. She smells very nice at all times. She does, however, constantly check her investments online from her office when she thinks that nobody is looking, and she has slept at her desk on multiple occasions.

There is an administrative law judge who sits in an office in a building near the white-house, earns around 200k per year and has a secretary, and he does nothing except sit, read, and listen to classical music all day. His secretary likewise does nothing. He gets meals taken to him from the White-house kitchen, and is so lonely that he latches on to whoever gets sent and talks to them for hours about the korean war. His family is all dead and his secretary hates him. In a drawer in his desk he has an old revolver, which he got in there somehow despite that he shouldn't have been able to bring it in. I think he will shoot himself one day.

The "undisclosed location" is usually a local police officer training ground or state trooper college. Shh.


http://forums.somethingawful.com/showthread.php?s= &threadid=1845896 [somethingawful.com]

Re:Scare Tactics and Get Real (2, Funny)

Stoolio (958177) | more than 8 years ago | (#15146195)

You are just stupid. What if the rootkit is designed to sneak into your home's breaker box! You need to burn your house down... NOW!

Yeah.... (1, Interesting)

Cryptacool (98556) | more than 8 years ago | (#15145658)

I agree that the information should be open, but the idea that anti-virus companies would be way behind if it werent for open discussion like this is pretty rediculous. a) the anti-virus company can just infiltrate the private communities (which im sure they do already) b) reverse-engineering. not as efficient but mcafee and other have the resources im sure.

Baloney (4, Insightful)

Spazmania (174582) | more than 8 years ago | (#15145659)

McAfee places the blame for increased numbers of rootkits squarely on the shoulders of the open source community

That's like saying Edison and Tesla are to blame every time someone gets electocuted.

Re:Baloney (4, Insightful)

Ucklak (755284) | more than 8 years ago | (#15145715)

This is another 'blame the tool, not the user' type of mentality.

Guns are evil, drugs are bad, rootkits are bad, P2P is evil, etc...
We've heard this all before.

Concrete is bad because it could be used to make a shoe and keep a victim from struggling whilst they are dropped at the bottom of a lake.
Knives are bad because they may be used to kill someone.
2x4 pieces of lumber are bad because you could use it to knock someone off a motorcycle.
Baseball bats are really evil becuase gangs can use them for intimidation.
Crowbars, they should be illegal anyway, who uses them? We need to have nails that dissolve with water instead of trying to pry them up with this lethal weapon.

Re:Baloney (1, Funny)

Anonymous Coward | more than 8 years ago | (#15145755)

We need to have nails that dissolve with water instead of trying to pry them up with this lethal weapon.

But nails that dissolve in water might tempt builders into constructing houses that will collapse on their defenceless mothers-in-law when it rains!

Such evil devices must be prohibited with the full force of the law. The fate of the world itself is at stake.

Re:Baloney (1)

caffeination (947825) | more than 8 years ago | (#15145767)

Tools/users aren't even remotely analagous to products/development models. But then neither are inventors/inventions, so at least you're standards-compliant for this thread.

Re:Baloney (2, Informative)

David Hume (200499) | more than 8 years ago | (#15145821)

This is another 'blame the tool, not the user' type of mentality.

Guns are evil, drugs are bad, rootkits are bad, P2P is evil, etc...
We've heard this all before.

Concrete is bad because it could be used to make a shoe and keep a victim from struggling whilst they are dropped at the bottom of a lake.
Knives are bad because they may be used to kill someone.
2x4 pieces of lumber are bad because you could use it to knock someone off a motorcycle.
Baseball bats are really evil becuase gangs can use them for intimidation.
Crowbars, they should be illegal anyway, who uses them? We need to have nails that dissolve with water instead of trying to pry them up with this lethal weapon.
Yes, but some tools tend, statistically, to have more harmful uses than beneficial ones, or to be more often used harmfully than benefically, or, perhaps more importantly, to have significantly greater harmful effects than beneficial effects.

I'm as close to a 2nd Amendment purist as one is likely to find in that I believe it protects an individual, as opposed to a collective or "militia," right to bear arms. But even for me, there are limits. Should people be allowed to own fully automatic weapons? RPGs? Artillary? Landmines? All without any sort of license requirements, background checks, etc. After all, one mustn't blame the tool, but only the user.

Take a more mundane example -- lockpicks. Laws criminalizing the posession of lockpicks by anyone other than a licensed locksmith are obviously wrong because they "blame the tool and not the user." Hell, I might lose my house keys, and need to pick my own lock! And even if it were shown that 99.99% of the use of lockpicks by unlicensed persons was for the purpose of burglary and auto theft -- well, tough, blame the user, not the tool. We have to preserve the unlicensed and unregulated use of that tool for the 0.01% of the uses that are beneficial.

Now, does the above reasoning apply to open source rootkits? I don't think so. (To be clear, I don't think that open source rootkits should be licensed, regulated or prohibited in any way.) I just think that it is wrong to state that regulation of a tool is never appropriate regardless of how dangerous the tool is, or how, statistically, the tool is in fact being used.

Re:Baloney (2, Interesting)

hotdiggitydawg (881316) | more than 8 years ago | (#15145852)

Take a more mundane example -- lockpicks. Laws criminalizing the posession of lockpicks by anyone other than a licensed locksmith are obviously wrong because they "blame the tool and not the user." Hell, I might lose my house keys, and need to pick my own lock! And even if it were shown that 99.99% of the use of lockpicks by unlicensed persons was for the purpose of burglary and auto theft -- well, tough, blame the user, not the tool. We have to preserve the unlicensed and unregulated use of that tool for the 0.01% of the uses that are beneficial.

Personally, I'd be blaming whoever built the lock, for developing a product that was unfit for the purpose for which it was bought.

Even if we restrict it to just the lockpick (ignore the lock) then yes, it is the person using the lockpick to break and enter that is committing the crime, not the lockpick itself. As far as a tool goes, it is performing the purpose for which it was developed and sold (or at least stolen).

Bottom line: if you develop substandard products you should be held responsible and accountable when they create problems.

Re:Baloney (1)

eMartin (210973) | more than 8 years ago | (#15146064)

There is a saying that goes something like "the only purpose of a lock is to prevent you from getting into your own house."

Re:Baloney (2, Insightful)

Andrew Kismet (955764) | more than 8 years ago | (#15145908)

I understand your point, and agree with your argument, but you've got to remember the high fallibility of statistics. In a more realistic example, hemp is outlawed despite the many advantages it has over cotton. I'd do a side-by-side checklist to prove my point, but let's just assume for now. Why is hemp banned? Because of one of it's uses. Statistically, you could say that the KEY product of the hemp plant, is used as a 'dangerous drug', and knowing politics, you could probably force some statistic to say that 99.99% of the plant's growers are growing it with bad intentions.
While your lockpick argument is fine, you have to remember that even non-dangerous things can be forcibly banned through 'reliable statistics'.

Re:Baloney (4, Interesting)

0123456 (636235) | more than 8 years ago | (#15145945)

"I'm as close to a 2nd Amendment purist as one is likely to find"

No you're not.

"But even for me, there are limits. Should people be allowed to own fully automatic weapons? RPGs? Artillary? Landmines?"

Do you really think that the founders would have been worried about individuals owning RPGs when they were quite happy for individuals to own warships?

Hint: read Article 1 section 8 sometime, and look up 'letters of marque and reprisal', if you don't know what that means.

Re:Baloney (0)

Anonymous Coward | more than 8 years ago | (#15146109)

Do you really think that the founders would have been worried about individuals owning RPGs when they were quite happy for individuals to own warships?

Do you really believe the founding fathers had any imagination of the individual destructive power of modern weapons? A freaking of the day warship requires an entire crew, its limited in its range, ungodly expensive for its day, and difficult to aim. A single modern S.E.A.L. can cause more death and mayhem than a 1790's era warship. Attempting to draw parallels between the 18th and 21st centuries is pretty silly as well.

Re:Baloney (3, Funny)

Suddenly_Dead (656421) | more than 8 years ago | (#15146152)

I thought he was comparing a modern day RPG to a classical warship.

Re:Baloney (0)

Anonymous Coward | more than 8 years ago | (#15145967)

I'm as close to a 2nd Amendment purist as one is likely to find in that I believe it protects an individual, as opposed to a collective or "militia," right to bear arms. But even for me, there are limits. Should people be allowed to own fully automatic weapons? RPGs? Artillary? Landmines? All without any sort of license requirements, background checks, etc.

Yes. They should.

No weapon or weapon system in use or in stockpile by the armed forces or law enforcement agencies of the United States, or of any State, should be unavailable to any citizen of the United States or of the State wherein they reside for a purchase price different from that the State or the United States paid to acquire that same weapon or weapon system, inclusive of the training required to properly employ the weapon or weapon system.

If the government wants to use a weapon system, or have it available for use, it should guarantee that that same system avilable to the people. If it does not want the people to have a system, it should cease its own use and destroy its own stockpile of such weapons or weapons systems.

And yes, I believe that this applies to everything from trench knives, to automatic grenade launchers, to nuclear-tipped intercontinental ballistic missiles, assuming that a citizen or assembly of citizens has the financial wherwithal to acquire them.

If a weapon is too dangerous to trust in the hands of a citizen, it is certainly too dangerous to trust in the hands of a government.

Re:Baloney (0)

Anonymous Coward | more than 8 years ago | (#15146019)

> Now, does the above reasoning apply to open source rootkits? I don't think so. (To be clear, I don't think that open source rootkits should be licensed, regulated or prohibited in any way.) I just think that it is wrong to state that regulation of a tool is never appropriate regardless of how dangerous the tool is, or how, statistically, the tool is in fact being used.

Under some definitions, VNC could be a "rootkit" save that it doesn't hide itself. It is, after all, remote access software, and it is certainly true that not all remote access software *has* to be used for illegal purposes.

Granted, that's NOT what anyone thinks of when they see "rootkit" but it's not so easy to define "rootkit" in and of itself. Normal *nix logging & remote access could almost qualify as having the functionality of a "rootkit" ... using . to hide files, able to log everything a user does, etc. the features are there, but they have none of the malicious intent.

Heck, even programs like sub7 were useful back in the day as a poor man's remote administration software. Although you'd want to *insist* on open source (IIRC, it was either sub7 or BO that had a backdoor password inserted by the creator of it), and so I'd go with something more like VNC these days.

Like you said--don't blame the tool, blame the kidiots using the tool.

Re:Baloney (1)

Dhalka226 (559740) | more than 8 years ago | (#15146081)

And even if it were shown that 99.99% of the use of lockpicks by unlicensed persons was for the purpose of burglary and auto theft -- well, tough, blame the user, not the tool. We have to preserve the unlicensed and unregulated use of that tool for the 0.01% of the uses that are beneficial.

The problem I have, personally, with criminalizing (in your example) lockpicks, even if it is used to commit a crime 99.99% of the time, is indeed that 0.01%. Not so much because they're deprived of some sort of right, but because I would consider it wrong to lock somebody up who legitimately did not commit a crime or have any intention of committing a crime with the lockpicks, solely because they had them in their pocket.

Some things there are no legitimate uses for. Somebody walking around with a backpack full of C4 isn't going for a picnic, and possession of that should be illegal. Likewise--again C4 would be a pretty good example--some things are so utterly dangerous that even when used for a legitimate purpose, the safety of the user, those around him/her, property nearby, etc etc dictate that such things should probably be made illegal.Other things there are legitimate uses for, regardless of how small of a percentage of use they might compromise, and should be treated differently.

Basically, it's a shortcut around legitimate police work and the assumption of innocence. Since they can't prove you have committed a crime just because you have a lockpick, but have a suspicion that you did or will, they criminalize having one in your pocket at all.

There's also an issue of disparate impact. Laws criminalizing legitimately useful things affect the law-abiding citizen the most. I can't have that set of lock picks, not because I did anything wrong, but because somebody might. If I'm a law-abiding person, that takes them away from me. From a thief? If this person is going to rob people, he's going to rob people lockpicks or not. BEST case scenario, from a police perspective--he too obeys the law and leaves the lockpicks at home. Instead, he runs his elbow through your window and unlocks the door. More likely, if they were going to use lockpicks to commit their crimes they're going to use them even if they're illegal. Do I really care about a couple week prison stint in minimum security (or more likely, just probation) when I'm going to go commit a home-invasion/burglary?

Another consideration: Where do you draw the line? 99.99% illegal usage is clearly enough in your mind to justify making possession illegal. What about 90%? 80%? 75%? 51%? 49%? What percentage risk of locking up innocent people who are no threat to anybody (or anybody's property) is good enough?

So yeah. As much as possible, I think we should be punishing the person for acts they have actually committed. There aren't a lot of cases where I value being able to lock somebody up for thinking of doing it, or having a tool that may or may not be used for it.

Re:Baloney (1)

budgenator (254554) | more than 8 years ago | (#15146194)

machineguns are not illegal, they just require a rather expensive tax stamp and many people own and fire artillery pieces, shit you can take a cannon into Canada with no problem but a 22 cal pistol will get you thrown in jail. Landmines and RPGs are illegal due to the explosives inside them; RPGs would be OK without an explosive warhead as far as I know but IANAL.

I know a guy that got probation for "discharging a firearm inside the city limits" for "playing" Guns with a BB rifle too

Obligatory... (1)

DeafByBeheading (881815) | more than 8 years ago | (#15146012)

Crowbars, they should be illegal anyway, who uses them?

"I do, you insensitive clod!" -Gordon Freeman

Re:Baloney (2, Interesting)

shmlco (594907) | more than 8 years ago | (#15146182)

"This is another 'blame the tool, not the user' type of mentality."

Yeah, because rootkits have so many other benign and benevolent purposes...

Re:Baloney (1)

TeaSeaLancs (969049) | more than 8 years ago | (#15145751)

Or blaming the DVLA for every driveby shooting!

Re:Baloney (1)

Trelane (16124) | more than 8 years ago | (#15145757)

That's like saying Edison and Tesla are to blame every time someone gets electocuted.
Actually, that's exactly what Edison would say. Though he wouldn't appreciate you lumping him in with the likes of Tesla.

Of course, all this electrocution business just goes to show how much safer Edison's DC power would be, now doesn't it?

Hmm. Makes me wonder what kind of power source this vendor (or its backer) is hyping....

Re:Baloney (2, Informative)

Rich0 (548339) | more than 8 years ago | (#15145915)

Mod parent up.

Ironically back when electrical grids were starting to take off there was a big fight over AC vs DC, with one marketing approach being to associate the opposing side with the electric chair. I think that somebody wanted to coin the phrase "getting westinghoused" for being electrocuted.

Can't say I remember the details though...

Re:Baloney (2, Informative)

Breakfast Pants (323698) | more than 8 years ago | (#15145959)

In some famous demonstrations Edison's company electricuted some farm animals with high voltage AC.

Topsy the roasted elephant (2, Interesting)

Adrian Lopez (2615) | more than 8 years ago | (#15146345)

He actually roasted an elephant [roadsideamerica.com] to show how dangerous his competitor's AC current really was.

Re:Baloney (2, Insightful)

HiThere (15173) | more than 8 years ago | (#15145831)

Consider the source.

McAfee certainly doesn't want to take the blame when the computers that it is paid money to protect are infected...so it looks for a soft target. (And now you know what I think of McAfee. I didn't even bother to check that this was the same one...so believe at your own risk.)

Re:Baloney (1)

chris_eineke (634570) | more than 8 years ago | (#15145838)

Argh! Don't give those intelligent design nutcases any ideas!

Increased numbers != culpability (1)

EmbeddedJanitor (597831) | more than 8 years ago | (#15145847)

Nobody is saying that the open source community is to blame for the individual attempts. What it is saying is that the open source availability of information/code is to blame for the increase in the number of rootkits. It's a bit like saying that if Edison & Tesla had not made electricity widely available, then less people would be electrocuted therefore we could blame them for the increase in numbers of electrocution. That does not make them culpable for each electrocution.

Re:Baloney (1)

Gojira Shipi-Taro (465802) | more than 8 years ago | (#15146132)

More to the point, it's like saying wearing denim is a direct cause for anal rape.

There is no connection between one thing and the other.

Re:Baloney (3, Insightful)

hackus (159037) | more than 8 years ago | (#15146153)

I place the increase of rootkits in numbers in a spectacular way to Sony and the DRM folks.

They mass produce rootkits by the MILLIONS.

Idiots.

-Hackus

Re:Baloney (0)

Anonymous Coward | more than 8 years ago | (#15146227)

Actually Edison promoted the use of the electric chair to scare people away from Tesla's AC. Bad analogy.

Is there any reason I would want a ROOT kit on my machine? Probably not.. So maybe its like posting Nuclear bomb plans and where to get parts and claiming there is no reason so assume the info would lead to negative uses.

Re:Baloney (1)

hardwarehacker (748474) | more than 8 years ago | (#15146229)

Actually Thomas Edison originally used the threat of execution to scare the public away from Westinghouse's (and Tesla's) AC distribution system. Edison believed that DC was the only safe solution. Infact Edison licensed Westinghouse's AC technology to build the first electric execution chair for the state of New York.

Re:Baloney (1)

Ungrounded Lightning (62228) | more than 8 years ago | (#15146384)

McAfee places the blame for increased numbers of rootkits squarely on the shoulders of the open source community

That's like saying Edison and Tesla are to blame every time someone gets electocuted.


Actually, Edison DID try to claim that AC was an exceptional electrocution hazard (compared to AC) and blame Tesla and Westinghouse for loosing it upon the world.

(He even suckered Tesla into licensing him to do one invention using AC - before letting on that the invention was the electric chair.)

Phhhbt... (5, Funny)

UbelievablyLame (962303) | more than 8 years ago | (#15145666)

"Rootkits... you say it like it's a bad thing" -Sony

Re:Phhhbt... (1)

level_headed_midwest (888889) | more than 8 years ago | (#15145743)

'..and our rootkit DOES have open-source software in it!" -Sony

Re:Phhhbt... (I blame bill gates) (1)

sreekotay (955693) | more than 8 years ago | (#15145763)

I blame Microsoft. They invented Open Source [theregister.co.uk] - and GPL v3 is the Rootkit of OSS IP Viruses [theregister.co.uk] . Thanks A LOT billg.
--
graphicallyspeaking [kotay.com]

Re:Phhhbt... (1)

gcantallopsr (451114) | more than 8 years ago | (#15145873)

Oh... and ours is (and runs on) 100% closed source, so it keeps all these evil open source guys out of our... I mean... "your" computer :-P

Re:Phhhbt... (1)

hotdiggitydawg (881316) | more than 8 years ago | (#15145894)

Sorry, wrong [slashdot.org] ...

Same as Virus (1)

Beuno (740018) | more than 8 years ago | (#15145685)

I guess it's the same concept as Virus code out there.
You can argue it's for educational uses, and I bet in some cases it is.
As everything, it depends on how you use it, but personally I'm for freely avaiable information on any topic.

Marketing disguised as "Research" (3, Interesting)

kaufmanmoore (930593) | more than 8 years ago | (#15145697)

This report looks like a marketing ploy by McAfee to counteract Microsoft's OneCare Live product and Microsoft's reported move into stand-alone antispyware. As noted in a Cnet article on the same report, the report states that the term rootkit should be used in relation to malicious software only and not apply towards technology like Sony's DRM rootkit.

Double-edged sword. Duh. (1)

chroot_james (833654) | more than 8 years ago | (#15145702)

Why is this kind of thing still interesting discussion? It's moot. Has been moot. You have freedom of speech so do what you like.

Freedom of speech? (1)

nurb432 (527695) | more than 8 years ago | (#15145832)

Unfortunately we dont have the absolute right to free speech in this country to 'do what you like'. If you go out and tell somone how to commit a crime, with the sole intent of teaching them to commit it, then you get tossed in jail too..

If you teach them as a tool to avoid being ripped off however, you get away with it.

its all a grey area, and can get you put away if you are on the wrong side of the judge ( or the guy in the black van )

Business protection? (4, Interesting)

microbee (682094) | more than 8 years ago | (#15145721)

What is McAfree afraid of? Being bashed on rootkits.com just like Lavasoft? I think it's very important for the general public to know the information about virus and anti-virus technologies. Big companies try so hard to protect their secrets so that nobody else could get into the market. We often have no idea what kind of pieces of crap are running on our computers which we rely so much upon. Well, let the worms come out of the can!

Riiggghhhttt.... (1, Flamebait)

Keeper (56691) | more than 8 years ago | (#15145733)

Without it, they'd be far behind in their understanding of rootkits

If you believe that statement, I've got some prime real-estate in Florida with your name on it ...

Errr...Sony? (1)

guice (907163) | more than 8 years ago | (#15145739)

Hum, I don't suppose the increase of Rootkits have anything to do with Sony's fupar? Seriously, while rootkits have always been around, I'm pretty sure it's Sony's fubar herd litterally around the world that brought rootkits into the eyes of the masses. So, in reality, you actually blame Sony for their increasing numbers.

Dear McAfee: (0)

Anonymous Coward | more than 8 years ago | (#15145740)

Thank you for participating in our Get The Facts Campaign!

--Microsoft

Semantics (4, Informative)

caffeination (947825) | more than 8 years ago | (#15145742)

The linked article and the Slashdot summary twist McAffee's report to invoke images of someone blaming the likes of KDE for the existence of rootkits, which is misleading. They are in fact blaming increasing effectiveness on the fact that people are collaborating. If anything it's a glowing advert for the Open Source development model.

Also, the majority of the article is not about this issue, despite it being both the title and the Slashdot title. Instead, it's about current trends in rootkit design.

Re:Semantics (1)

ceoyoyo (59147) | more than 8 years ago | (#15145988)

You've got to hate those evil hackers who go around talking about what they can do on public, well known discussion boards. I mean, that makes it MUCH harder to fix the problems they're taking advantage of. It would be so much better if they kept it all on the down low, like normal criminals. Why, imagine what would happen if all the burglars in the world went down to the town square two days in advance and yelled out the exact time and address of the next house they were going to burgle. What would the police do? ;)

Does Open Source Encourage Rootkits? (4, Insightful)

vertinox (846076) | more than 8 years ago | (#15145744)

As much as Closed Source prevents them.

Re:Does Open Source Encourage Rootkits? (1)

rbochan (827946) | more than 8 years ago | (#15145820)

Rootkits are about the last thing McAfee needs to be worrying about [slashdot.org] .

Hello, McAfee? We're trying to help you! (4, Insightful)

Rex Code (712912) | more than 8 years ago | (#15145772)

OK, I'll admit that there are a lot of rootkits being passed around in the open. More than in the past, and most of them include the source code. The only reason this should be a problem for McAfee is if they aren't able to keep up with the volume. Would they rather that these things circulated underground so that 10x more sites would fall victim before McAfee managed to capture an example to analyze?


Full disclosure is the best way to force the holes that make the rootkits possible to be addressed sooner rather than later. McAfee should be grateful that these things are getting posted where they can use them to make their offerings more secure. Instead, they come off as a bunch of whiners.

Re:Hello, McAfee? We're trying to help you! (1)

kabaju42 (959652) | more than 8 years ago | (#15145843)

No joke, if Open Source makes it eaiser for hackers, it makes it just as easy for McAfee, Symantec, etc to update their software.

Of course a pessimest would even go so far as to blame McAfee for malware as a way to get more buisness

Re:Hello, McAfee? We're trying to help you! (2, Insightful)

something_wicked_thi (918168) | more than 8 years ago | (#15146054)

There is another side to this, too. It's like bacterial conjugation. If there are certain bits of DNA (code) in the wild that do certain things, that code can be passed around and inserted into other organisms (rootkits) to help them survive. If they were forced underground, it would make it harder for both groups - for the rootkit makers to create better products and for McAfee to track the rootkit makers.

That's not to say that spreading this information is a bad thing, but you have to realize that McAfee is right about one thing - it does help the rootkit makers in addition to helping the anti-rootkit people.

Re:Hello, McAfee? We're trying to help you! (1)

budgenator (254554) | more than 8 years ago | (#15146240)

Yes but the antivirus can't keep up with the new stuff coming out not so much because they are "new" but because their technology depends on signatures. It just so much easier for the bad guys to take their root kits, mix the functions arround and recomplie and viloa, the signatures stop matching.

Access to info == Potential to do bad things (4, Insightful)

licamell (778753) | more than 8 years ago | (#15145782)

I mean, how is this any different than say all the resources on how to make bombs on the internet (oh no, I just got my traffic flagged since I think it passes through AT&T networks). Anyways, just because the info on how to make weapons is online does not directly lead to people using that info for bad things. The people who truly want to do bad things will get their info from elsewhere. This is just a bad marketing attempt to screw people out of freedom of information/speech.

Re:Access to info == Potential to do bad things (1)

shmlco (594907) | more than 8 years ago | (#15146165)

"The people who truly want to do bad things will get their info from elsewhere."

Right. And in the spirit of that logic, I suggest you disable your firewall, leave your keys in your car, unlock your front door, and post your daughter's picture, name, address, and phone number on mySpace. After all, the people who really want your computer, car, TV, and/or daughter will get them, so why not make doing so as easy as possible?

OSS is bad, must outlaw it. (1)

nurb432 (527695) | more than 8 years ago | (#15145783)

Remember its for the kids... or terrorists.. or someting ... its gotta go ..

Percentage? (0)

Anonymous Coward | more than 8 years ago | (#15145791)

What percentage of open source code is rootkits? What percentage of honda drivers are mass murderers?

Re:Percentage? (3, Funny)

Carrot007 (37198) | more than 8 years ago | (#15145811)

> What percentage of open source code is rootkits?

0.01%

> What percentage of honda drivers are mass murderers?

80%

hope that helps you.

Mass murderers?!? (0)

Anonymous Coward | more than 8 years ago | (#15145880)

As a long time Honda driver, I'll have you know that I have NEVER committed a murder...

Well, at least I've never committed a murder while someone was watching!

Well, anyway, I've never committed a murder for which there are any surviving witnesses, so there is no way that you can PROVE that I'm a mass murderer!

Re:Mass murderers?!? (1)

Tankdagger (829413) | more than 8 years ago | (#15146149)

And furthermore, I would assume that you have never committed a murder while driving your Honda....

Re:Percentage? (1)

Arwing (951573) | more than 8 years ago | (#15146047)

Don't you mean 80% of the mass murders are honda drivers?

if 80% of the hondar drivers are mass murders, we won't have much of a population left.

Re:Percentage? (1)

TheOtherChimeraTwin (697085) | more than 8 years ago | (#15146087)

Bruce George Peter Lee, David Berkowitz, Ted Bundy and Dennis Rader all drove hondars. Look it up, it is a matter of public record.

Re:Percentage? (1)

Zen (8377) | more than 8 years ago | (#15146077)

Hmmmm... I own an Accord and a Civic, so what does that make me? Am I 160% likely to be a mass murderer? I'm confused. Maybe this blood shake has gotten to my brain.

Re:Percentage? (1)

something_wicked_thi (918168) | more than 8 years ago | (#15146178)

No, no. You are 1 - (0.2 * 0.2) = 96% likely to be a mass murderer. If you want 99% likelihood, you're going to need another one.

Re:Percentage? (1)

shmlco (594907) | more than 8 years ago | (#15146238)

> What percentage of honda drivers are mass murderers? 80%

I can see you did well on your SATs...

Linux root kits (1)

GeorgeMonroy (784609) | more than 8 years ago | (#15145795)

Teh proof that Linux is bad for everybody. :P

Bred and butter (0)

Anonymous Coward | more than 8 years ago | (#15145803)

Antivirus software companies should not complain about any of this: it's their bred and butter.

Security vendor FUD (5, Insightful)

hotdiggitydawg (881316) | more than 8 years ago | (#15145805)

Wow. A security vendor, who has a critical financial interest in creating FUD, claims that disclosing security flaws creates security problems. Forgive me if my eyeballs don't explode with surprise.

Security by obscurity has been proven time and again not to work. Nobody would find a security hole if it didn't exist. Likewise, if one does exist, if one person can find it so can someone else. The responsibility lies squarely with the developers.

Time for a bad analogy (seeing as how this is Slashdot and all): If the door of your house/apartment/room/basement was made of balsa wood rather than a decent hardwood (or a reinforced steel-belted Faraday Cage for you tinfoil-hatters), it would only be a matter of time before someone worked this out. And regardless of whether they boot your front door in and make off with your home entertainment system, or simply leave you a note that says "This door is so thin I can hear you whacking off to Buffy reruns from across the hall (by the way your dinner's getting cold, son)" you can bet if one person can work it out, so can someone else. And the next person might not just leave you a note. So, if the door is your responsibility you better fix it ASAP, or risk the consequences. And if not, you better fry the ass of whoever is responsible, or you'll still risk the consequences yourself.

Landlord won't give you a secure premises? Move out, and tell everyone about it. Or get a gun and a pit bull. Or barricade the door and use the kitchen window for access. Or all three. Windows has more holes than half a dozen slices of Jarlesberg? Switch to a more secure O/S, and add your voice to the complaints. Or install malware detection/removal tools. Or lock it down behind a firewall. Or all three. But don't just stick your head in the sand and hope nobody will notice, that approach just doesn't work.

Re:Security vendor FUD (1)

shmlco (594907) | more than 8 years ago | (#15146224)

A really bad analogy, because to continue it in this case we're placing a sledgehammer next to your door, bricks next to your windows, a ladder next to your balcony, and hanging a pair of wirecutters next to your alarm system.

Without readily available sources of information, wanna-be rootkit hackers would be forced to invent (bring) their own tools to the party. And it's pretty easy to guess that more script-kiddies can tweek and compile free code than can create their own from scratch.

If I were McAfee (1)

WindBourne (631190) | more than 8 years ago | (#15145807)

I would be more worried about their future than trying to blame OSS for their business. My guess is that McAfee and the other Window virus/malware/keystroke logging companies will be out of business in about 3 years or certainly in major decline.

Re:If I were McAfee (0)

Anonymous Coward | more than 8 years ago | (#15145872)

...unless they write the viruses/malware themselves. And who says they don't already?

McAfee? McAfee?!? (1)

QuietLagoon (813062) | more than 8 years ago | (#15145809)

Wasn't McAfee suspected of releasing computer viruses into the wild to beef up the sales of their wares?

Open Source = Viruses + Western IT Collapse (0)

Anonymous Coward | more than 8 years ago | (#15145817)

'Rootkit.com's 41,533 members do post rootkit source code anonymously, then discuss and share the open source code

This is just an example of how Open Source outside of a university forum is a plauge on Western Civilization. Another example is www.odesk.com or rentacoder.com or HCL Technologies. RMS and the MIT academics who paid his salary for the past twenty-five years while he was spewing techno-communist bullshit have done as much damage to the United States and its econmy as if they had literally destroyed a major city. What's more is that they got away with doing it completely under the RADAR of the mainstream population and media. They have the rich thinking it is a tool to enslave the poor and the poor thinking it is a tool to become rich. Bottom line, it is a tool for killing creativity and slowing the growth of the human species back to pre-WWII levels. 41,533 members, my gawd.

Mod McAfee (4, Insightful)

Firehed (942385) | more than 8 years ago | (#15145822)

Mod McAfee down -1, Troll.

He should have (1)

siddesu (698447) | more than 8 years ago | (#15145849)

put the blame squarely on the _ROOTKIT_ opensource community, and he may just have been partly right. the folks who write rootkits are, possibly, a part of the problem. the other part should have, of course, gone to that other community - the one that makes the environment in which rootkits hide.

still i think this article is mostly a part of a general move of "anti-virus" vendors turning into general "security solution companies" as microsoft slowly cleans up its act and erodes their "market". soooo - no reason to read too much into the statement.

Depends who you ask (4, Funny)

suv4x4 (956391) | more than 8 years ago | (#15145864)

"Does Open Source Encourage Rootkits?"

MS: Oh let me asnwer, me me me me!

Kids with code . . . Billion dollar companies (2, Interesting)

SlappyBastard (961143) | more than 8 years ago | (#15145876)

Did it ever occur to them they might want to employ more of the Open Source people instead of starting a self-righteous war?

Every possible action in the world has an economy surrounding it.

Don't like it? Change the economy of whatever vexes you.

Re:Kids with code . . . Billion dollar companies (0)

Anonymous Coward | more than 8 years ago | (#15146111)


and maybe the police/prisons should hire more criminals, and driver tuition by getaway drivers and drug research by junkies and bank security should hire more robbers and child protection should hire pedos and race relations should hire more KKK members

And the answer is..... (3, Funny)

3seas (184403) | more than 8 years ago | (#15145885)

ask Sony.

Knowledge is power (1)

Scrameustache (459504) | more than 8 years ago | (#15145921)

Power corrupts.

Solution: Close the websites; burn the books.

Hmmm (1)

tacolicker (924348) | more than 8 years ago | (#15145925)

Yes, closed source OSes are never affected by rootkits....

Open Source is a scapegoat... (2, Insightful)

frostoftheblack (955294) | more than 8 years ago | (#15146000)

I always find it interesting how they blame open source users for viruses and spyware, or in this case, rootkits. Last time I checked, isn't it the Microsoft (R) Windows that has the problems with these things? How much malicious code do you see for Linux, BSD, etc... I'm sure the answer is much less than for Windows.

When there's a problem in the open source community, they blame each other. When there's a problem in the proprietary source community, they blame the open source.

They really have no argument against the rootkit sites. I mean, imagine if terrorists were talking about secret terrorist plans on a certain forum/wiki on some public website. Do you really think law enforcement would shut down the site and ignore it? I doubt it, it's out in the open, so police would want to read as much of it as possible so they can learn and be prepared. If they shut down the site, everything becomes secret and they have no useful information to work with.

Same goes for the rootkits. If it's public, security companies can study it and learn from it and prepare for the worst. If they shut it down, they won't even know it exists until it's already hit some companies.

Re:Open Source is a scapegoat... (2, Insightful)

mikek3332002 (912228) | more than 8 years ago | (#15146246)

There is a lot less viruses and spyware for linux. However I belive there are plenty of rootkits avaliable for Linux cause thats where root comes from.

Whatever happened to the IDP? (1)

blair1q (305137) | more than 8 years ago | (#15146008)

Is it no longer possible to cut a node off from Internet access?

Whatever happened to the IDP?

call me to talk! (0)

Anonymous Coward | more than 8 years ago | (#15146022)

if u wanna talk about open source, call...

Caylee - 440-942-5962
Amber - 337-334-4010 :)

Headline doesn't match article... (2, Interesting)

fortinbras47 (457756) | more than 8 years ago | (#15146030)

The main point of the article isn't about open source, but about websites that bring people together to work on technology that can be used for nefarious purposes.

From the article: "The predominant reason for the growth in use of stealthy code is because of sites like Rootkit.com," says Stuart McClure, senior vice president of global threats at McAfee.

Again, to me, this isn't an "open source" problem as much as an "Internet/can we stop bad guys from getting together and working on bad things" problem.

I somehow doubt rootkit.com is that dangerous (or I have no idea if it's even malicious), but I think we're likely to see this general issue come up again with websites on bomb making techniques, biological weapons etc... What should the government/society do if there is a public website that researches technology that can be used to make mass casualty weapons?

Proliferation of rootkits mean opensource works (4, Funny)

poopie (35416) | more than 8 years ago | (#15146096)

Instead of users being limited in their choices of rootkits, users now have many different rootkits that are community supported to choose from. *THIS* is exactly why opensource is so important.

Who wants to be stuck with a closed source rootkit when your IRC channel and server change and you have no way to update it? Opensource empowers the user to take the best features of different rootkits to ensure that they get the rootkit that meets their needs.

Users can strip down rootkits to run on older hardware that would otherwise be discarded, or they can enable many new features that make these rootkits competitive with all of the current commercial rootkits currently being used. ... Seriously, though, all of this just means that security patches continue to become more critical and that deployment of patches on servers cannot wait for months or years like we used to do back in the good old days.

With the proliferation and expansion of UNIX desktop software that tries to emulate more and more windows (mis)-features, I think the rootkits and opensource actually do a lot to ensure that the basic applicatio n and OS security model in Linux and GNOME and KDE desktop environments remain secure.

open source == freedom (4, Insightful)

IchBinEinPenguin (589252) | more than 8 years ago | (#15146115)

freedom encourages all sorts of things, some of them bad.

Live with it, it's better than the alternative.

two basic theories at work (1)

v1 (525388) | more than 8 years ago | (#15146188)

1) open source makes creating root kits easier (for the kiddies)

2) closed source makes finding/removing root kits more difficult (for the admins)

I'll deal with 1 before I'll face off against 2. Making life easier for the kiddies is a lot less hassel than making MY life more difficult.

Re:two basic theories at work (1)

Antique Geekmeister (740220) | more than 8 years ago | (#15146297)

Agreed. The closed source community is notorious for doing amazingly brain-dead things and lying about patching it.

But notice that the closed-source/opoen-source involved here has almost nothing to do with the nature of the operating system: it has to do with the development models for rootkits themselves. The rootkit developers are sharing their information, and frankly, they should share it. Otherwise, these holes will remain in place and fester and be passed around behind doors that are barely closed at all: they always have been, since long before the release of the original Morris Worm.

Two words: Poor Journalism ... (2, Informative)

Zero__Kelvin (151819) | more than 8 years ago | (#15146276)

Anyone who has read David Hume's "A Treatise on Human Nature" [amazon.com] knows that human nature is the cause of rootkits. If one is looking for a root cause that fosters human nature's ability to distort in this particular fashion they need look no further than poor journalism!

If the journalist or her editor possessed the proper level of subject knowledge and/or integrity required for true journalism to occur, then this patently absurd question would never be asked in an article.

Problems with the article abound, but this lone article is far from the problem. Never the less, it is a quintessential example of the kind of absurd misunderstanding of the landscape of the subject matter combined with the complete disregard for the principle of the pursuit of truth as a core element of journalistic principle that is endemic to the disease of misinformation which fosters misinformation in society today.

A few points that should be obvious, but are missed completely by this article:
1) The term rootkit stems from the fact that the concept comes from a UNIX environment
2) Most "rootkits" today target M$ proprietary products
3) Rootkits have always been "Open Source", unless you count ...
4) The biggest rootkit vendor is Sony, who works closely with M$

I could go on, but it is the misinformation propogated by piss poor journalism coupled with the lackluster education levels of the vast majority of the members of society in the free world that is the cause of most problems in the world today.

AntiVirus scare tactics: why the FUD keeps coming (2, Informative)

Gary W. Longsine (124661) | more than 8 years ago | (#15146328)

The reason the AntiVirus vendors keep producing this kind of inflamatory FUD is because it works.

Every time an AntiVirus company issues a fear mongering white paper, press release, or paid article placement in a magazine they get explosive coverage, dozens or hundreds of free articles written about them or their topic of interest, nearly all with links back to their original article. Within limits, bad publicity is publicity and publicity is good.

Meanwhile, companies like mine that are building next-generation network security systems (shameless link to Intrinsic Security AntiWorm [intrinsicsecurity.com] ) and who try to be good network citizens must work a thousand times harder for links back to our web sites, don't get slashdot stories about us, don't get bazillions of blog entries linking back to us.

Mine is not the only company that suffers this problem. Every time a story by one of these highly bogus AntiVirus FUD spreading companies ticks you off, you should include at the end of your rant about it in your blog a few links to non-bogus internet security companies. We would greatly appreciate it.

Honestly, there are days when I feel like whipping up a FUD press release or scare mongering white paper. It would be easier than taking the publicity high road.

Sour Grapes (1)

catdevnull (531283) | more than 8 years ago | (#15146369)

McAfee's just pissed that their product sucks at finding root kits.

In fact, McAfee is pretty much kinda sucking and finding any of the latest malware. They're just trying to jump on the anti-open source bandwagon because they don't have a better plan. Is Daryl McBride working there, too?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>