Slashdot: News for Nerds


Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

McAfee Blames Open Source for Botnets

timothy posted more than 7 years ago | from the how-conveeeeenient dept.


v3xt0r writes "It seems that 'the Open Source Development Model' is to be blamed for the recent increase in botnet development. 'We're not taking aim at the open-source movement; we're talking about the full-disclosure model and how that effectively serves malware development,' the spokesman for McAfee says. Why not just blame the IRC Protocol? Or simply admit that Proprietary vendors cannot keep pace with the Open Source Model?"

cancel ×


What? (5, Insightful)

NiteMair (309303) | more than 7 years ago | (#15732237)

So, here is an article simply claiming that some "malicious developers" have found a way to collaborate using open-source tools...

Wow, I've seen a lot of commercial vendors doing that in the recent years also - maybe they're all suspect.

Re:What? (2, Insightful)

Ortega-Starfire (930563) | more than 7 years ago | (#15732246)

**Waiting for the closed source companies contribute more to spyware article**

Re:What? (4, Interesting)

deathy_epl+ccs (896747) | more than 7 years ago | (#15732353)

Certain vendors of anti-virus software appear to believe so. I wrote an exe-packer primarly so I could pack dotnet executables and distributed it for free. It got used by some malware author out there, and this anti-virus vendor decided then that anything packed with my exe-packer must be a virus.

I swear, it doesn't pay to share anything any more. ;-)

Re:What? (4, Insightful)

bwt (68845) | more than 7 years ago | (#15732448)

Exactly. The open source model is a higher productivity model, so the black hats use it, just like everybody else that produces a lot.

And of course, we have to suffer another dig at the full disclosure doctrine. But the part they left out was how they plan to get the black hats not to share information with each other. Full disclosure just assures that the white hats all have the same information and that the battle is fought on pure technology lines and not on who is better at hiding things (a battle the good guys would lose).

In related news (4, Funny)

rs79 (71822) | more than 7 years ago | (#15732470)

I blame open source for the development of the interent.

Load of BS (5, Funny)

Wieland (830777) | more than 7 years ago | (#15732239)

From TFA:
The current generation of bot software has grown to the point where open-source software development tools make a natural fit. With hundreds of source files now being managed, developers of the Agobot family of malware, for example, are using the open-source CVS (Concurrent Versions System) software to manage their project.
If that's the best example they can come up with... Geezz, malware writers probably eat cereal, too. Why not blame Kellogg's?

Re:Load of BS (5, Funny)

TheOtherChimeraTwin (697085) | more than 7 years ago | (#15732258)

No, he really has a point here. Pass a law forcing Botnet developers to use SourceSafe and you'll see Botnet development slow to a crawl.

Re:Load of BS (1)

krgallagher (743575) | more than 7 years ago | (#15732432)

"Pass a law"

If you outlaw CVS only outlaws will use CVS.

Re:Load of BS (4, Funny)

cspring007 (705809) | more than 7 years ago | (#15732530)

Wait, i thought SourceSafe was malware.

MIT researchers make first bot without Windows SDK (0)

Anonymous Coward | more than 7 years ago | (#15732325)

The villains are using CVS? My God, Man! What anarchist allowed weaponized bleeding edge technology like this out into the wild? If they learn about diff and patch we could be RUINED!

This article is all FUD. The fact that bot makers use the occasional FOSS tool makes them.... Just like (nearly) every other programmer. The fact that nearly all bots attack weaknesses in MS products either suggests that "they" are cross compiling experts or they have been using the Windows SDK for writing bots for a very long time.

Re:Load of BS (1)

powerlord (28156) | more than 7 years ago | (#15732377)

Nah, but the OSS community needs to be taking note of this!

"Malware writers use CVS! They're the scum of the earth. Shouldn't you use SVN instead?"


"9 out of 10 malware writers use CVS. Their software runs on millions of desktops world-wide. Shouldn't you use CVS too?"

(note: I am non-denominational on version control systems and could see the marketing go either way. I don't really care as long as it makes me laugh :D )

Re:Load of BS (0)

Anonymous Coward | more than 7 years ago | (#15732382)

Even I can come up with a better example than that - eMule. Type emule into google, you'd expect to see 1 entry come up for the sourceforge project... instead you get hundreds of 'emules', only one of which is nice and safe, the others have all been hacked about. I've never tried running them, but I imagine they're not there for the good of the community.

Re:Load of BS (1)

PastAustin (941464) | more than 7 years ago | (#15732416)

Agobot family of malware, for example, are using the open-source CVS (Concurrent Versions System) software to manage their project.

They are right. CVS is where it starts. Trust McAfee to get the job done. They still zip their code and send it around in a mailing list to all the coders. That explains why their code is so damned efficient [] .

I say we ban open source development, collaboration leads to corruption.

Re:Load of BS (1)

morgan_greywolf (835522) | more than 7 years ago | (#15732521)

If that's the best example they can come up with... Geezz, malware writers probably eat cereal, too. Why not blame Kellogg's?

And they probably use the Win32 SDK, too. Maybe we could blame Microsoft. You know, I bet they use SMTP-based e-mail to communicate, too! We should blame Jon Postel for writing RFC 821!

Ooh! I'll bet they use Intel processors, too! And AMD! Hang 'em all, I say!

Re:Load of BS (4, Funny)

Kesch (943326) | more than 7 years ago | (#15732627)

ScriptK1dd13 has joined irc channel #botnet
M$BlowsMyBalls: ...and then I totally DDoSed the mofo!
CS_Ownerrer: LOL!
ScriptK1dd13: There's a bug in the bots. Some of them are spelling Vi4gra and C14lis correctly.
CS_Ownerrer: Fixed in CVS
M$BlowsMyBalls: RTFM, noob!
ScriptK1dd13: There is no manual...
M$BlowsMyBalls: ...
ScriptK1dd13 has been kicked.
M$BlowsMyBalls: Damn noobs.

Full Disclosure Vs Secrets (4, Insightful)

eldavojohn (898314) | more than 7 years ago | (#15732240)

'We're not taking aim at the open-source movement; we're talking about the full-disclosure model and how that effectively serves malware development,' the spokesman for McAfee says.
Yeah, you could probably blame a few people who altered a little bit of a virus/bot and re-released it to the public on the full disclosure model.

But what model would you blame for the hundreds of PC viruses that devestated home and corporate computers in the 90's up to today? I think the exploits they relied upon were simple coding flaws and insecure type checking or buffer overflows that wer simply poor coding kept as a secret.

So, in light of what causes the malware, would I rather the code be fully disclosed or instead guess that there's probably no major exploit possible? I'd probably go with the former considering the sheer number of viruses based on the latter and the fact that it's the exploits based on proprietary code that often do the most severe damage to society.

I would like to ask McAfee what they would think if a competitor found a virus and figured out how to fix it but couldn't tell McAfee that information because it would be considered disclosure. That would be the real irony here. Sites that host viruses and describe/publish them are often very useful sources for people looking to rid them from their computers or even how to avoid exploits in the future.

This article is entitled "Hackers Learn from Open Source" but they only learn as much as the researchers and patchers do. I would rather the community be progressing towards solid impenetrable code than have guarded secrets that keep everyone under a thin veil of security. Because if those secrets are ever discovered by the wrong people, we will not know about them and we'll essentially be caught with our pants down. I'd rather have every programmer know the pitfalls of coding than to have thousands of applications deployed world wide all waiting for one hacker to stumble upon a secret.

You really have to question McAfee's motives here in their Sage magazine ... are they doing this with the customer in mind or are they attempting to place themselves in the leader seat of virus protection with even more exploits running rampant on our machines?

Dude, again, it's _not_ about OSS (4, Interesting)

Moraelin (679338) | more than 7 years ago | (#15732387)

RTFA, seriously. That disclosure that they mention is _not_ the disclosure of OS code. If you RTFA, at that point they explain very well what they mean by "full disclosure" and it has _nothing_ to do with OSS any more. Their "full disclosure" is about researchers disclosing a vulnerability, together with ample instructions and proof of concept code of how it can be exploited. It has _nothing_ to do with Linux vs Windows, Closed Source vs F/OSS, etc. It's about disclosing vulnerabilities.

Basically what McAffee says is, "I wish researchers stopped telling everyone everything about this and that buffer overflow. Telling people everything about a bug only helps the evil hackers use it in a virus!!!111one1eleventeen" Not an exact quote, but that's the general idea they're peddling there.

Which is, in the nutshell, just the old "security by obscurity" argument. Which has already been debated to hell and back and is known to not work that way. And, frankly, it's weird to see McAffee preaching that attitude, because the anti-virus makers should know the best that it never worked that way.

Where did I say "OSS"? (0)

Anonymous Coward | more than 7 years ago | (#15732430)

Ah, "dude" I did RTFA. Perhaps you should read my fucking post because I never once used the words open source or OSS. Seriously, I was commenting on the fact that researchers publish exploits so that everyone knows about them. The title of the fucking article used "Open Source" so stop harping on me.

Re:Dude, again, it's _not_ about OSS (1)

Dcnjoe60 (682885) | more than 7 years ago | (#15732584)

Maybe they (the anti-virus vendors) are just being the front-man for the software industry. Maybe it's really the other software vendors who don't want full disclosure because they don't want people to find out that even after all these years of promoting secure computing, and paying for all those upgrades, things are still not secure.

Then on the otherhand, maybe it really is just the anti-virus vendors. Very often, with full disclosure, the researchers also say what can be done to protect against the exploit. Maybe McAfee feels threatened, particularly with Microsoft coming out with their own anti-virus product.

McAfee Afraid of Open Dialog? (2, Insightful)

powerlord (28156) | more than 7 years ago | (#15732606)

Perhaps what McAfee is really afraid of is the open dialog and response of something like ClamAV?

If enough developers 'pool' into working on it, and an open dialog of faults and vulnerabilities continues, could they find themselves out of a job from an Open Source solution?

(especially as they are about to be challenged by MS Defender, which could also benefit from open dialoge to augment a shallower background in the field?)

They do have a point (1)

Sycraft-fu (314770) | more than 7 years ago | (#15732637)

So consider a development of condos that turn out to have a real problem with their security system. Well, I mean more than the gaping, massive problems that every home has (on a computer scale homes would be luck to rate as good as unpatched Windows 2000). So I notify the developers, they drag their feat since they've already sold the homes and don't care. Well clearly I need to inform the owners. But how to go about it? Do I:

1) Post or send a notice in relivant places that lets people know that they are venurable, and what steps, if any, they can take to fix it.

2) Post it any and everywhere I can with full instructions on how to use the exploit, locations of the houses, and a note that they are a rich neighbourhood with good stuff.

Clearly #2 is irresponsable. Why should I tell theives how to work the exploit? Who is that good for? Isn't it better to disclose what's necessary to let people know what is wrong and what to do about it, but not provide a DIY guide for the malicious?

I don't see why computers should be any different. Yes I want disclosure about security problems, espically if teh company is slow in getting a patch out. However disclose the problem, what it relates to, what the potential attack vectors, and what if anythign can be done to fix it. Don't go and post code that not only shows people how the exploit works but allows them to just compile and do it. Do that and in all likelyhood my system will be 0wned before I ever read the notice and try to do anything about it.

Re:Full Disclosure Vs Secrets (1)

kie (30381) | more than 7 years ago | (#15732419)

From the article
> Hackers are using techniques popularised by developers of open-source software like Linux
> to improve their malicious code, a researcher at McAfee has said.

From your comment.
> You really have to question McAfee's motives here in their Sage magazine

I think that this comment captures the essence of the matter.

McAfee's market is home and corporate users running Microsoft Windows.
Every computer that runs GNU/linux or similar is no longer a potential sale or
subscriber to their services.
If they can write an article that helps spread some FUD about linux
and slow adoption rates a little bit, then it's good for business.

Re:Full Disclosure Vs Secrets (1)

gayak (745124) | more than 7 years ago | (#15732532)

I would like to ask McAfee what they would think if a competitor found a virus and figured out how to fix it but couldn't tell McAfee that information because it would be considered disclosure.

Actually this is pretty normal in anti-virus market. For example F-Secure is proud that their anti-virus is updated in half the time (often about 10 hours) before some of their competitors. This is what they use as a marketing tool when selling their software to big companies.

So ouh, I think they know pretty well what it means. Imagine the situation for one anti-virus tool if they could stop the attacks, but rest couldn't. Sales would skyhigh pretty quickly.

Gee, and I always thought (2, Interesting)

cyber_rigger (527103) | more than 7 years ago | (#15732242) was the conspiracy to create insecure operating systems.

They're missing the real culprit. (4, Funny)

Rob T Firefly (844560) | more than 7 years ago | (#15732244)

The actual blame rests on Charles Babbage, and that "computer" idea of his. But to be fair, he might never have done that if it hadn't been for those damned ancient Greeks with their abacus...

Re:They're missing the real culprit. (1, Insightful)

Anonymous Coward | more than 7 years ago | (#15732281)

Don't blame Babbage. It's those people putting the wrong figures into the machines and expecting the right answers to come out that are the real problem.

Re:They're missing the real culprit. (1)

happyfrogcow (708359) | more than 7 years ago | (#15732343)

But to be fair, he might never have done that if it hadn't been for those damned ancient Greeks with their abacus...

It's not their fault that god/bob/evolution gave us hands and brains. I say we shove crayons up our noses and cut off our hands!

Re:They're missing the real culprit. (2, Informative)

blcamp (211756) | more than 7 years ago | (#15732366)

It could have been the Chinese that are to "blame": []

Of course... (0)

Anonymous Coward | more than 7 years ago | (#15732245)

When compilers|source-code control|whatever is outlawed, only outlaws will have compilers|source-code control|whatever...

Perhaps they should just cut the wires of this internet thingie and be done with it? We can stick with cable TV/download only.

Meh. (1, Funny)

Anonymous Coward | more than 7 years ago | (#15732249)

I blame Eminem, violent video games, and/or the Republicans. whatever's trendier.

Re:Meh. (0)

Anonymous Coward | more than 7 years ago | (#15732597)

You misspelled "liberals" there. Remember, liberals are (in no particular order): traitors, america-haters, supporters of osama bin laden, pedophiles, etc.

They don't explain how the alternative is better (5, Insightful)

AmiMoJo (196126) | more than 7 years ago | (#15732250)

Say there is an vulnerability, only known to black hats which is being exploited. Someone finds it, reports it to the vendor. The vendor sits on it for months while a massive botnet spams the hell out of us using it.

Isn't it better to release info so people can do something about it? Network admins can use it to help block the attacks, or disable the vulnerable software. Users can stop using it. And people can ever make their own patches, or use the shared knowledge to look for similar flaws in other software.

We have seen this happen. Can anyone provide a good alternative, because McAfee certainly can't?

Re:They don't explain how the alternative is bette (0)

Anonymous Coward | more than 7 years ago | (#15732384)

Yes, release rough information about the problem so that people can disable the affected service (if applicable), but for the love of fucking god, DON'T RELEASE A PROOF-OF-CONCEPT. Many exploits in the wild are derived directly from the proof-of-concept exploits that security researchers so stupidly release.

Re:They don't explain how the alternative is bette (1)

PagosaSam (884523) | more than 7 years ago | (#15732589)

Isn't it better to release info so people can do something about it?

Not if you are an anti-virus software manufacturer. ;)

LOL (0)

Anonymous Coward | more than 7 years ago | (#15732253)


Wow! (0, Troll)

rockabilly (468561) | more than 7 years ago | (#15732259)

McAfee is still around? I'm surprised...

Schools and colleges are evil! (4, Insightful)

InfiniteWisdom (530090) | more than 7 years ago | (#15732260)

Evil hackers learn programming techniques in schools and colleges!

Re:Schools and colleges are evil! (1)

Jack9 (11421) | more than 7 years ago | (#15732451)

McAfee is implying that their research indicates that OSS has done a lot of damage. In summary, OSS allows irresponsible and careless (or payed) angry adolescents to develop quicker and easier than going to school. Malcontents have access to tools that were only available to software development houses that sold commercial products, previously. This is why malware is so much more advanced.

I don't know if that conclusion is sound, but there is no evidence to the contrary and malware certainly has become staggeringly advanced. McAfee would probably know better than to issue such a statement without actually being sure. So you can claim that you know more than McAfee and it's all BS. /. is an excellent platform for that.

Personally, I think it's probably true. That's not to say it's a bad thing that their job is rougher. The concept of a separate vendor to combat bugs in an OS is just a rough spot in the evolution of OS development.

It's the opposite, in my opinion (1)

Captain_Thunder (937821) | more than 7 years ago | (#15732263)

Crackers will find vulnerabilities in software no matter what. In an open source application, there's a better chance of someone fixing the flaw faster. In a closed source application, you have to wait for the (usually extrememly slow) corproation who maintains the app to fix the flaw.

Re:It's the opposite, in my opinion (2, Funny)

Proteus (1926) | more than 7 years ago | (#15732309)

Dude, they aren't even talking about bugs in OSS. They're saying that OSS development tools (like CVS, Eclipse, etc.) exist, and that that very existence means that OSS shares blame for all the malware that's out. Because, you know, if it weren't for OSS these coders couldn't get development tools.

Pardon, that last sentence was too sarcastic -- I have to go puke now.

Well... (3, Insightful)

voice_of_all_reason (926702) | more than 7 years ago | (#15732266)

Why not just blame the IRC Protocol?

Because McAfee has an unterior motive and wants to discredit the competition.

With there be anything else?

Re:Well... (0)

Anonymous Coward | more than 7 years ago | (#15732310)

Unterior? Try ulterior.

Re:Well... (1)

voice_of_all_reason (926702) | more than 7 years ago | (#15732395)

In this case, it is an un terior motive as well, since it's not working.

actual cause (1)

psbrogna (611644) | more than 7 years ago | (#15732269)

I've done some research on this myself and I've determined that the primary cause of the spread of malware is the internet. Updates to follow.

Actually, I see this as a great example of software natural selection. The OSS is killing off the weaker software.

Re:actual cause (1)

smitingpurpleemu (951712) | more than 7 years ago | (#15732294)

Um.... One wishes that OSS would kill off weaker software, but that doesn't seem to be the case, since M$ is alive and well. Or does it mean that M$ software isn't that bad after all? Oh god, perish the thought!

Full disclosure != open source (5, Insightful)

Moraelin (679338) | more than 7 years ago | (#15732270)

Basically it seems to me that McAffee _isn't_ complaining about OSS, and explicitly says they don't. There are two _very_ distinct and unrelated parts of the article:

1. The open source part. Which doesn't contain any kind of anti-OSS slant. It just says that people now have a lot of F/OSS tools to manage their files and whatnot.

2. The part about full disclosure. Where they basically whine that they'd like to have what we all call "security by obscurity." Basically McAffee would like a world where researchers keep a lot more stuff secret, because supposedly being public about that helps evil hackers. Which is as stupid as it gets, yes, but it also has nothing to do with OSS at this point.

So why the fanboy slant in the summary?

Re:Full disclosure != open source (1)

wrook (134116) | more than 7 years ago | (#15732383)

I wondered this as well... It seemed very strange until I put 2 and 2 together.

What if open source virus checkers are doing better in the market place than McAfee suggests? Open source virus checkers can only compete if there is full disclosure. Or in other words, if McAfee doesn't get advanced notice, then they lose any possible competative advantage.

So it seems to be a FUD attack aimed at shutting down their OSS competition. I'm actually rather surprised because I didn't realize the OSS alternatives were doing so well. Well done guys!

Ah, well, it's McAffee (2, Funny)

Moraelin (679338) | more than 7 years ago | (#15732526)

Ah, well, it's McAfee, so being "better" than that doesn't really say much. I'm sure there are some good OSS AV programs out there, but comparing them to McAfee really doesn't say much. It's sorta like saying that they're better than a kick in the crotch.

Honestly, the last time I used that crap "security" suite of theirs, it was far worse than your average virus.

Among _many_ samples that proved massive cluelessness was the fact that as soon as it "updated" itself, it actually couldn't cope with being installed in a different directory than what the installer proposed, and proceeded to install the update as a second copy in the default directory. Both copies running at the same time. The combined effect was slowing my computer worse than some spyware cocktails I've seen on other people's computers. Uninstalling it actually uninstalled one copy, and left the other one running. I had to edit the registry and delete files manually to get rid of it.

Yes, you've read it right. If you thought manually editing the registry applied only to getting rid of viruses and spyware, now you can add McAfee's crap to that.

Other stuff included a sort of a "privacy guard" that, effectively, ruined access to any site that used cookies. Using most forums became impossible. File Planet thought simultaneously that I'm logged in and _not_ logged in. And so on.

And, as I was saying, many many other such annoyances.

But you know what takes the cake? This: on March 10, McAfee deletes system and Office files, thinking they're a virus []

I mean, frankly, at that point their solution is worse than most viruses and trojans. A lot of viruses just sit there and silently send spam or redirect popups or whatnot. Having to reinstall half your apps used to be the mark of the nastiest and most anti-social malware. Now McAfee lets you experience that without the trouble of actually getting virused.

So, frankly, comparing anything to McAfee is going to look good. A turd on the side of the road seems better when you compare it to McAfee.

Re:Full disclosure != open source (1)

CuCullin (551104) | more than 7 years ago | (#15732392)

Because the title of the article, and the focus on open source tools in the beggining, lends to the idea that open source is behind viruses. I would have to say the general public will understand it this way, and McAfee being the ones to point it out... wow, they must really be on the ball to take on this open force lennox aibo virus thingamjoodle aren't they?

Re:Full disclosure != open source (1)

writermike (57327) | more than 7 years ago | (#15732414)

So why the fanboy slant in the summary?

Well, I can guess...

Fanboy read the title.

Fanboy _may_ have skimmed the article.

Fanboy didn't understand the distinction.

Fanboy rapidly submitted it! (I'm gonna be on /.!!!!!!)

Editor read the title.

Editor _may_ have skimmed the article.

Editor didn't understand the distinction.

Editor rapidly published it! (I'm gonna be on /.!!!!!!)

Re:Full disclosure != open source (1)

Trailer Trash (60756) | more than 7 years ago | (#15732476)

So why the fanboy slant in the summary?

You must be new here...

Re:Full disclosure != open source (4, Informative)

dzfoo (772245) | more than 7 years ago | (#15732546)

They *are* complaining. Its called "planting the seed of distrust":

From the article:
"Over the last year and a half, we've noticed how bot development in particular has latched on to open-source tools and the open-source development model,"

Further down:
Marcus said his company is drawing attention to the open-source trend to educate users, and not as an attempt to discredit open-source alternatives to its own proprietary software products. "We think [open-source antivirus products] are fine. They've never been something that was really in the same class as ours, but we've always been big supporters of open-source antivirus," he said.

In other words, McAfee is saying "Bot writers are using Open Source tools to develop, maintain, collaborate on, and distribute malware. We're just saying, you know. Not that we're accusing them of anything; we're just saying."

Then later in the article they start bad-mouthing Full Disclosure. That's, as you say, a separate topic.


Obviously (1, Funny)

eclectro (227083) | more than 7 years ago | (#15732274)

It's the "Brotherhood of Linux" that prevents malware being written for Linux computers and why there are no Linux zombie botnets.

This just in (1)

spinfire (148920) | more than 7 years ago | (#15732276)

Reportedly, evil malware authors have been discovered using Microsoft Visual Studio! That is right, they're using Microsoft development tools to create their evil wares. Where are the crowds with pitchforks?! Time to hang Redmond out to dry.

But seriously folks, malware authors using CVS? I never thought they'd think of using arguably the most popular version control system in the world. Besides, that means they are adopting the open source development model how? Plenty of companies use CVS internally, my employer included.

LOL (1, Funny)

truthsearch (249536) | more than 7 years ago | (#15732277)

We're not taking aim at the open-source movement, but we hate the fact you like to be open and honest. How dare you tell people what's really going on! We're the only ones with the authority to do that!


I guess it's a matter of perspective (1)

caudron (466327) | more than 7 years ago | (#15732278)

When I look for someone to blame for Botnets, I tend to lay it on Botnet operators. I guess McAfee has a different way of looking at blame.

Tom Caudron []

And why is this a bad thing? (1)

s31523 (926314) | more than 7 years ago | (#15732279)

Open Source bugs will be revealed faster and closed faster PLUS a developer's code will be viewable by anyone (including those pesky hackers) so one might argue that the open source movement will (does?) cause people to be a little more careful in their code and not do things like say "oh, this pointer can be null here, but oh well, no one will know about it". We might see a flurry of open source security holes at first, but I bet they are closed and stopped quickyly, unlike the commercial counterparts which seem to be an endless security hole.

An endorsement of open source? (3, Interesting)

Maru Dubshinki (804451) | more than 7 years ago | (#15732283)

Amusingly, you could read this article as an endorsement of open source software and methods- as in, "Open source methods and tools are so awesome that crackers and blackhats have switched to using them and now run rings around the antivirus corporations who don't."

wtf? (1)

spykemail (983593) | more than 7 years ago | (#15732284)

Blaming open source for malicious software is like suing your doctor for saving your life - you can do it, but it doesn't make any sense.

fud alert (0)

Anonymous Coward | more than 7 years ago | (#15732285)

With hundreds of source files now being managed, developers of the Agobot family of malware, for example, are using the open-source CVS
The basic argument is that virus authors use the same development methods that all programmers use. So, let's have a corporation control code development. It smacks of "all code should be signed" initiative.

Re:fud alert (2, Funny)

ultima (3696) | more than 7 years ago | (#15732313)

All code SHOULD be signed, with l33t ASCII art!

Way to go submitter (0)

Anonymous Coward | more than 7 years ago | (#15732286)

I suppose I shouldn't be surprised with the how about blame it on IRC, or Open Source > all silliness. How about leaving out the editorial comments so the reader can draw their own conclusion?

Blame... (0)

Anonymous Coward | more than 7 years ago | (#15732295)

I blame the parents myself !

If it wasn't for you meddling kids

Scooby Dooby Doo !

How ignorant (0)

Anonymous Coward | more than 7 years ago | (#15732303)

As always, the blame for the newest problem has been levelled at the newest development in the industry. Because they came about at the same time, one must have caused the other, yes? Correlation does not imply causation, boneheads.

The full disclosure/open standards model is the best thing to happen to the industry in decades, possibly since the internet. In this model for development the consumer wins -- open standards allow everybody to play, and competition yields better products -- and the developer wins -- many eyes spot more bugs.

Yes, in open source everyone can see the source code. Yes, that means that so-called "malicious" users can see the source code too. But, it's a small price to pay, and if someone finds an exploit in a program important to your organization... fix it. You have the source.

Well... (0)

Anonymous Coward | more than 7 years ago | (#15732304) would still be better than every patch/exploit would sound like "Blahblahblah could allow remote code execution..."

Then Surely....... (2, Funny)

mormop (415983) | more than 7 years ago | (#15732306)

Car theft is the fault of metal-workers. After all, if powered centre-punches weren't available due to metal workers using them to mark drilling spots on metal then car thieves wouldn't use them to break car windows.

Forget the fact that a powered centre punch is just an inanimate tool and that it's purely the malicious intent of car thieves that means they're used for illegal reasons, someone must be to blame. So let's lynch metal-workers for causing car theft!!

Re:Then Surely....... (1)

MrSquirrel (976630) | more than 7 years ago | (#15732456)

Exactly, open source is just a tool. Like guns. Guns don't kill people, dangerous minorities do (it's from Family Guy). Tools may make it easier, put it takes people with malicious intent to do harm (3 people in my town got stabbed last year... I blame knives... sitting around all pointy like that, it's a wonder we're not ALL dead!).

What does McAfee know about security (0)

Anonymous Coward | more than 7 years ago | (#15732315)

Aren't these the same clowns who's interface (used) to be based on internet explorer and active X ?!!

So if you did the first most obvious things to secure your system like clamping down on internet permissions (disable active X, etc.) and disable explorer (and install a different browser) you couldn't pull up the McAfee interface.

Or at least that was a couple years ago.

Most IT workers blame McAffee for Current Viruses (4, Insightful)

Lumpy (12016) | more than 7 years ago | (#15732318)

My headline is as credible as theirs. If they want to start flinging mud we can fling it back. Outsourcing virus writers to help perpetuate sales of Anti Virus software is good for business has a large return on investment and a practical way of making sure that the next incremental release is purchased by all your customers.

Misunderstood? (0)

Anonymous Coward | more than 7 years ago | (#15732330)

It's not about open source, I think. From TFA:

However, Marcus did take issue with security researchers who distribute samples of malicious software, a practice known as full disclosure. "We're not taking aim at the open-source movement; we're talking about the full-disclosure model and how that effectively serves malware development," he said.
What this guy is probably pissed about are people who publicly release and share exploits before they could be fixed. In some cases, they don't even notify the software authors. It happens for both closed and open source software.

That's funny, because I blame MacAfee ... (1)

Neuropol (665537) | more than 7 years ago | (#15732332)

MacAfee is who I blame for the first, ever, loss of a hard drive to improper worm detection and deletion.

Thanks guys! ... Nope, didn't need *that* data ...

Seriously, I think back to the mid to late 90s when viruses were becoming more prevalent. MacAfee always seemed to be the first ones that came out with a fix usually within hours to days after it being announced. That seemed strange to me because of the timeliness of such fixes. It almost seemed as if the stuff was being launched by well known software producers only to generate sales and essentially create the need for virus protection.

I know it may not really be that way, but I know that other people have felt this way and said the same things about them and other anti-virus companies.

As for attacking the Open Source Model, all I can say is find some thing else ot go pick on.

It's intentionally our fault that years of hard work have kept a lot of us off your virus definition update list.

Re:That's funny, because I blame MacAfee ... (1)

plague3106 (71849) | more than 7 years ago | (#15732452)

So you blame MacAfee because you set their product to delete infections it couldn't clean? Hmm, ok.

Just get rid of software... (1)

darcling (987237) | more than 7 years ago | (#15732339)

What language is the said malware written in? Why don't we just eliminate the compiler on a global scale. Eliminate all compilers since you could write malware in any of them.

Hell, Why don't we just eliminate this whole "software" hullabaloo (sp?) altogether? That way, if it doesn't exist it can't be used for evil.

However, we should then probably get rid of the hardware, since it could be used for evil.

Come to think of it, why don't we just ex-nay computers completely, it's not like they do anything important and look at all the problems they're causing. /sarcasm

It just never ceases to amaze me what people will blame their problems on.

Same class as McAfee (2, Funny)

b0s0z0ku (752509) | more than 7 years ago | (#15732340)

"We think [open-source antivirus products] are fine. They've never been something that was really in the same class as ours, but we've always been big supporters of open-source antivirus," he said.

"Same class?" Meaning as slow to start, buggy, and bloated as McAfee products? Open-source developers should by thanking that guy for the compliment.


Re:Same class as McAfee (0)

Anonymous Coward | more than 7 years ago | (#15732608)

This comment caught my eye also. "slow to start, buggy and bloated" are annoying, but my complaint is that it just doesn't work! Three computers in the last few months, all running McAffee and updated with the latest defns and all with some infection that McAfee didn't catch. Two were replaced with Norton (client's decision, not mine) and one with AVG Free. Norton and AVG both immediately detected and cleaned what McAfee couldn't even see.

Sorry, I didn't keep track of what viruses they were, but this was enough to cross McAfee off of my preferred list.

Headline is a Troll (4, Insightful)

algae (2196) | more than 7 years ago | (#15732346)

Given that the summary itself says that this is not about the open-source development model, I've got to conclude that the headline is a troll. You can apply the full-disclosure model of security notification to any software, open or closed.

This is about whether the finders of security vulnerabilities give the vendor a grace period to fix the problem before disclosing the vulnerability to the general public. It has nothing to do with open source.

People saying this are trolls, actually. (0)

Anonymous Coward | more than 7 years ago | (#15732620)

You're assuming it's a case of open source zealotry and whinging. That sort of reverse-kneejerkery doesn't make you much better than what you're trolling.

McAffable is blaming full disclosure for the state of current botnets, which is indeed a convenient scapegoat as the title would suggest. From their perspective, lack of full disclosure means that software developers have more time to patch their software in secret before exploits ignite like wildfire, or that the descriptive methods make it easier to deploy by neophyte hackers. Conversely, the other side of the table thinks they're just complaining because they can't keep up with the work load and it's making them look bad.

The title is applicable. Slanted, but applicable.

What he said. (2, Insightful)

CCFreak2K (930973) | more than 7 years ago | (#15732361)

"You know what really grinds my gears?..."

Linux is evil, Windows is good, proprietary blah blah blah. The biggest shock to me is that anyone has the balls to point to open source and say "YOUR development model is responsible for this mess," especially considering the way Windows ships as default (make all initial users members of Administrators). I'm still reeling from hearing McAfee (or someone officially affiliated) say something to the effect of "Your open code and development is killing us!"

You have to consider the fact that some tools, while they can aid those with ill will, serve mostly to benefit. Take nmap, for example. Some script kiddie can use it to scope out their target. On the other hand, a tech can use it to check for open ports on their own systems to prevent those kinds of things. These are useful tools, but because of their power, they could also potentially be used as bad devices in the wrong hands. You could say the same thing for guns. Innocent people are killed with guns (among other things, such as knives and harsh language). Should a bullet-proof vest manufacturer come out and say, "We're not taking aim at the gun manufacturers; we're talking about the ability to propel small things really fast and how that effectively serves criminals?"

From the sounds of it, it sounds like they're blaming the OSS model simply because malware authors use it. Although, I could have completely missed what TFA was saying; I'm really tired and I keep reading each paragraph over and over and I just can't grok it.

i'm confused (0)

Anonymous Coward | more than 7 years ago | (#15732365)

aren't malware and viruses primarily a windows problem, made possible by microsoft's famous "SwissCheeseSecurity(tm)"? put another way, how much did it cost microsoft to get mcaffee to be their shill? (the proper unit of measure for which is probably baystars-per-press-release....)

From the experts... (5, Interesting)

helmutvs (912204) | more than 7 years ago | (#15732368)

Who brought you an "update" the other month that categorized files from "IBM (Rational), GreenHills, MS Office, Ansys, Adobe, Autocad, Hyperion, Win MPM, MS Shared, MapInfo, Macromedia, MySQL, CA, Cold Fusion, ATI, FTP Voyager, Visual Studio, PTC, ADS, FEMAP, STAT" as viruses and promptly deleted them. Here's the story. []

When has the AV industry really cared about .... (1)

nlinecomputers (602059) | more than 7 years ago | (#15732375)

...curing Viruses? Most viruses are the most minor change in code yet that is all it takes for the new version of TRJ_Worse_Virus_ever.BA3 and then BA4, and BA5, to infect the next PC. If they did there job as good as they could do it they would put themselves out of business.

I know 800 slashdotters are going to mod me troll and describe how wrong I am but I can't fully believe it.

Course I'm into JFK and 9-11 conspiracies as well....

Re:When has the AV industry really cared about ... (1)

Opportunist (166417) | more than 7 years ago | (#15732415)

I hereby cordially invite you to write the better AV tool.

When you know an algorithm that flawlessly discriminates between "good" and "bad" code, copyright it today. You'll be a very rich man, if you sell it, or an icon of OSS development if you hand it to the OS community.

But at least you didn't claim that AV companies create them themselves, it's at least something I gotta give you.

What is Full Disclosure, Anyway? (1)

Daedala (819156) | more than 7 years ago | (#15732400)

TFA defines Full Disclosure for us, in case we were confused: "However, Marcus did take issue with security researchers who distribute samples of malicious software, a practice known as full disclosure."

No. Full disclosure is just that: disclosure. Distributing samples of malicious software is at best a proof of concept, but usually just irresponsible and/or malicious distribution of same.

Given this piece of intellectual dishonesty, I think that any doubt that McAfee was on the up-and-up with this article can be laid to rest.

Does this mean OSS programmers are better? (1)

Dcnjoe60 (682885) | more than 7 years ago | (#15732402)

Since the OSS model or full disclosure model as the article calls it is widely available to the anti-virus companies (ie commercial programmers) and the malware programmer simultaneously and the malware programmer beats the commercial programmer out the door, does that mean that the OSS programmer is a better programmer?

Put a different way, and not to simplify it too much, but the anti-virus programmer needs to write a patch to detect a piece of code which has been handed to him/her. The malware has to write a program that actually impliments, propigates and hides from detection. Which should be the easier task? It seems that full disclosure should benefit the anti-virus company as much, if not more than the malware programmer.

Don't get me wrong, I'm not trying to bash the anti-virus companies or their programmers. They have a tuff job to do. However, blaming OSS and it's "full-disclosure" model is simply ludicrous and makes as much sense as blaming McDonalds for people being overweight.

However, if they said that their slow response to software threats being released in the public was the cause, likewise, people's overeating and underexercising for being overweight, well, then, that would make a lot of sense, but would hardly be the fault of OSS (or McDonalds).

You're kidding. (1)

RyoShin (610051) | more than 7 years ago | (#15732408)

Hackers are using techniques popularised by developers of open-source software like Linux to improve their malicious code, a researcher at McAfee has said.

Nowhere is this more apparent than within the growing families of 'bot' software, which allow hackers to remotely control infected computers. Unlike viruses of the past, bots tend to be written by a group of authors, who often collaborate by using the same tools and techniques as open-source developers, said Dave Marcus, security research and communications manager with McAfee's Avert Labs.
Ingenious. These men have certainly found the root of the problem. These malicious hackers (or crackers, if you will) are using open-source techniques to do their bidding. And because evil men use open-source, all open-source must be bad!

You know, now that I think about it, suicide bombers often use cars... Cars are evil! We should all write stern letters to GM and Ford, telling them how evil all their vehicles are because a small minority of people use them for evil.

The fact is that even if those open source models didn't exist, crackers would still be making botnets. The one thing that would actually stop these guys from making botnets would be having Microsoft put out a secure OS (and/or people actually making sure to secure their computer- it's not hard!). Having a proper, functioning anti-virus program [] is a good start.

Re:You're kidding. (1)

tlacuache (768218) | more than 7 years ago | (#15732621)

We should all write stern letters to GM and Ford, telling them how evil all their vehicles are because a small minority of people use them for evil.

Offtopic, I know, but this is the same thing I think every time I read about some genious new piece of legislature designed to ban handguns or otherwise take away my 2nd amendment rights.

Re:You're kidding. (1)

Bruitist (987735) | more than 7 years ago | (#15732633)

This reminds me of the shop that stopped selling the particular backpack used by the 7/7 London bombers. Because it was obviously the backpack design that made them want to kill people...

People shouldn't blame McAfee..... (4, Funny)

Dcnjoe60 (682885) | more than 7 years ago | (#15732420)

People shouldn't blame McAfee. They're just really stressed out. You'd be too, if you had to make Windows a secure OS.

i blame the internet (1)

Intangion (816356) | more than 7 years ago | (#15732442)

if it wasnt for the internet none of this would be a problem

Re:i blame the internet (1)

mkw87 (860289) | more than 7 years ago | (#15732503)

Yes, maybe they should shrink the tubes, that should cut back on the botnets.

Corral Cache damn you guys (1)

fire-eyes (522894) | more than 7 years ago | (#15732443)

It really blows my mind that a corral cache link isn't automatically added to submitted stories... just a little (cc) afterwards with the cc being a link would suffice. x.cfm?newsid=6601 []

Re:Corral Cache damn you guys (2, Informative)

kennedy (18142) | more than 7 years ago | (#15732565)

Try the Slashdotter plugin for firefox...

McAfee=Microsoft=BillGates=EnoughSaid (0)

Anonymous Coward | more than 7 years ago | (#15732477)

Microsoft made the operating system that is the supreme virus transporter, so why not blame them? Or that would be blame themselves.

on the topic of blame (1)

drDugan (219551) | more than 7 years ago | (#15732543)

hmmm... let's put things in perspective here between companies and people.

As far as I can see it, FOSS supports people, and statements like this only drive home the point that companies are driven by wealth to the exclusion and elimination of health for people.

Companies were an exception when the King of England first granted them as favors to a select few. It allowed exceptional rights, and those rights have only grown over time. It has now come to the point where pretty much any organized human behavior must be regulated as a company of some sort, either for profit or nonprofit.

By itself, this is not an issue - organizing people and keeping some controls on what people do are all fine.

The problem is that the rights balance between people and companies is completely out of whack. The interest of the companies are making the rules, instead of following rules set up to make life good for people.

Capitalism basically says we should all be building wealth: results of human activity that transforms the world into usable stuff. Again, a great idea. Wealth is either consumed or kept around as capital to build more wealth. Taken too far, as we have now, the health of people suffers because there is a fanatical drive by enormously powerful companies that only care about wealth creation. Companies only give lip service to people's health when it serves their need to stay competitive in the wealth game.

The most important thing people will do in the next 50 years will be to capitate capitalism and promote wealth only in the context of supporting the health and wellbeing of sentient creatures. Wealth devotion without bounds leads to fanatical capitalism, and lots of unhappy individuals.

'scuse me, McA, but that's bollocks (4, Interesting)

Opportunist (166417) | more than 7 years ago | (#15732568)

Could be that they have to get that air of being against closed source off them after they found Excel to be a trojan (ok... some might claim it's not really a false positive, but still... a few companies didn't enjoy the idea of having their Excel removed...).

But quite seriously, could anyone please explain just HOW a malware author would benefit from open source? Because of the tools? Seriously, if you're writing software that's considered "illegal" in most places of this planet, would you care about licensing? Whether the software is free (as in beer and as in software) is pointless for him. If it's not free, he'll copy it illegaly.

Because they could learn how to write malware? The "real" malware projects are not open source, actually anything BUT it. First of all, major exploits are not shared, they're sold. Plain and simple. Malware is a business, just like a lot of other software, and they are by far the last to go for open sourcing, simply because it would cut into their revenue. Actually, the few snippets and code parts that ARE open source is one of the key sources for AV researchers, unless they want to go for the darker venues in the trade. And, finally, when knowledge becomes illegal, gimme a ring. Then it's time to leave the planet.

If you want to learn how to write malware, you needn't wade through open source projects. You won't find much worth finding.

So I don't really understand just why McA is targeting the OSS movement. There is little to be gained by malware writers through OSS, but a lot for those opposing malware. If anyone, it's the AV researchers who benefit from open sourcing malware. Because they would have a hard time explaining just why they would have sent money towards people wearing darker colored hats.

Misleading title (2, Informative)

HangingChad (677530) | more than 7 years ago | (#15732573)

It makes it sound like virus writers are using open source software to launch botnets. They're using open source software development techniques to create botnet software for Windows.


got this guys email? (0)

Anonymous Coward | more than 7 years ago | (#15732588)

i got a few words for this guy!

Improves all development (2, Insightful)

Spazmania (174582) | more than 7 years ago | (#15732635)

we're talking about the full-disclosure model and how that effectively serves malware development

The open source, full-disclosure model improves the pace of ALL software development. All means all, including software development for "bad" purposes.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account