Slashdot Mirror
Does Open Source Encourage Rootkits?
An anonymous reader writes "NetworkWorld reports that security vendor McAfee places the blame for increased numbers of rootkits squarely on the shoulders of the open source community. Others, however, do not agree. From the article: 'Rootkit.com's 41,533 members do post rootkit source code anonymously, then discuss and share the open source code. But it's naïve to say the Web site exists for malicious purposes, contends Greg Hoglund, CEO of security firm HBGary and operator of Rootkit. "It's there to educate people," says Hoglund [...] It's a great resource for anti-virus companies and others. Without it, they'd be far behind in their understanding of rootkits."'"
Simply because they use a domain name and the site is known does not make the information malicious. If you don't think rotating sites on rotating server exist to share compromised media and discussion about server cracking then you don't know anything. Rookit.com is open and out there, but the malicious people don't just stop here. Removing rootkit.com off the face of the earth would do zero to stop server compromises and rootkits.
And don't get me started about the quote..." make it advisable "to throw the computer away" if you want to be sure you got rid of the rootkit". Talk about scare tactics...sheesh. How often do you see a BIOS rootkit? And if you did, why don't you just reflash the BIOS? Or is this a sinister plan to make companies throw out old hardware to buy new so they buy new faster stuff to run Vista. That's it! It's all Microsoft's fault. Amazing how fast we can go do the jump off the bridge path.
Quality Hosting e3 Servers
I agree that the information should be open, but the idea that anti-virus companies would be way behind if it werent for open discussion like this is pretty rediculous. a) the anti-virus company can just infiltrate the private communities (which im sure they do already) b) reverse-engineering. not as efficient but mcafee and other have the resources im sure.
McAfee places the blame for increased numbers of rootkits squarely on the shoulders of the open source community
That's like saying Edison and Tesla are to blame every time someone gets electocuted.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
"Rootkits... you say it like it's a bad thing" -Sony
I guess it's the same concept as Virus code out there.
You can argue it's for educational uses, and I bet in some cases it is.
As everything, it depends on how you use it, but personally I'm for freely avaiable information on any topic.
This report looks like a marketing ploy by McAfee to counteract Microsoft's OneCare Live product and Microsoft's reported move into stand-alone antispyware. As noted in a Cnet article on the same report, the report states that the term rootkit should be used in relation to malicious software only and not apply towards technology like Sony's DRM rootkit.
Why is this kind of thing still interesting discussion? It's moot. Has been moot. You have freedom of speech so do what you like.
Reality is nothing but a collective hunch.
What is McAfree afraid of? Being bashed on rootkits.com just like Lavasoft? I think it's very important for the general public to know the information about virus and anti-virus technologies. Big companies try so hard to protect their secrets so that nobody else could get into the market. We often have no idea what kind of pieces of crap are running on our computers which we rely so much upon. Well, let the worms come out of the can!
Without it, they'd be far behind in their understanding of rootkits
...
If you believe that statement, I've got some prime real-estate in Florida with your name on it
Hum, I don't suppose the increase of Rootkits have anything to do with Sony's fupar? Seriously, while rootkits have always been around, I'm pretty sure it's Sony's fubar herd litterally around the world that brought rootkits into the eyes of the masses. So, in reality, you actually blame Sony for their increasing numbers.
Thank you for participating in our Get The Facts Campaign!
--Microsoft
Also, the majority of the article is not about this issue, despite it being both the title and the Slashdot title. Instead, it's about current trends in rootkit design.
As much as Closed Source prevents them.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
I blame Microsoft. They invented Open Source - and GPL v3 is the Rootkit of OSS IP Viruses. Thanks A LOT billg.
--
graphicallyspeaking
graphically speaking
Full disclosure is the best way to force the holes that make the rootkits possible to be addressed sooner rather than later. McAfee should be grateful that these things are getting posted where they can use them to make their offerings more secure. Instead, they come off as a bunch of whiners.
I mean, how is this any different than say all the resources on how to make bombs on the internet (oh no, I just got my traffic flagged since I think it passes through AT&T networks). Anyways, just because the info on how to make weapons is online does not directly lead to people using that info for bad things. The people who truly want to do bad things will get their info from elsewhere. This is just a bad marketing attempt to screw people out of freedom of information/speech.
Remember its for the kids... or terrorists.. or someting ... its gotta go ..
---- Booth was a patriot ----
What percentage of open source code is rootkits? What percentage of honda drivers are mass murderers?
Teh proof that Linux is bad for everybody. :P
You got the touch!
Antivirus software companies should not complain about any of this: it's their bred and butter.
Wow. A security vendor, who has a critical financial interest in creating FUD, claims that disclosing security flaws creates security problems. Forgive me if my eyeballs don't explode with surprise.
Security by obscurity has been proven time and again not to work. Nobody would find a security hole if it didn't exist. Likewise, if one does exist, if one person can find it so can someone else. The responsibility lies squarely with the developers.
Time for a bad analogy (seeing as how this is Slashdot and all): If the door of your house/apartment/room/basement was made of balsa wood rather than a decent hardwood (or a reinforced steel-belted Faraday Cage for you tinfoil-hatters), it would only be a matter of time before someone worked this out. And regardless of whether they boot your front door in and make off with your home entertainment system, or simply leave you a note that says "This door is so thin I can hear you whacking off to Buffy reruns from across the hall (by the way your dinner's getting cold, son)" you can bet if one person can work it out, so can someone else. And the next person might not just leave you a note. So, if the door is your responsibility you better fix it ASAP, or risk the consequences. And if not, you better fry the ass of whoever is responsible, or you'll still risk the consequences yourself.
Landlord won't give you a secure premises? Move out, and tell everyone about it. Or get a gun and a pit bull. Or barricade the door and use the kitchen window for access. Or all three. Windows has more holes than half a dozen slices of Jarlesberg? Switch to a more secure O/S, and add your voice to the complaints. Or install malware detection/removal tools. Or lock it down behind a firewall. Or all three. But don't just stick your head in the sand and hope nobody will notice, that approach just doesn't work.
I would be more worried about their future than trying to blame OSS for their business. My guess is that McAfee and the other Window virus/malware/keystroke logging companies will be out of business in about 3 years or certainly in major decline.
I prefer the "u" in honour as it seems to be missing these days.
Wasn't McAfee suspected of releasing computer viruses into the wild to beef up the sales of their wares?
'Rootkit.com's 41,533 members do post rootkit source code anonymously, then discuss and share the open source code
This is just an example of how Open Source outside of a university forum is a plauge on Western Civilization. Another example is www.odesk.com or rentacoder.com or HCL Technologies. RMS and the MIT academics who paid his salary for the past twenty-five years while he was spewing techno-communist bullshit have done as much damage to the United States and its econmy as if they had literally destroyed a major city. What's more is that they got away with doing it completely under the RADAR of the mainstream population and media. They have the rich thinking it is a tool to enslave the poor and the poor thinking it is a tool to become rich. Bottom line, it is a tool for killing creativity and slowing the growth of the human species back to pre-WWII levels. 41,533 members, my gawd.
Mod McAfee down -1, Troll.
How are sites slashdotted when nobody reads TFAs?
Unfortunately we dont have the absolute right to free speech in this country to 'do what you like'. If you go out and tell somone how to commit a crime, with the sole intent of teaching them to commit it, then you get tossed in jail too..
If you teach them as a tool to avoid being ripped off however, you get away with it.
its all a grey area, and can get you put away if you are on the wrong side of the judge ( or the guy in the black van )
---- Booth was a patriot ----
No joke, if Open Source makes it eaiser for hackers, it makes it just as easy for McAfee, Symantec, etc to update their software.
Of course a pessimest would even go so far as to blame McAfee for malware as a way to get more buisness
Nobody is saying that the open source community is to blame for the individual attempts. What it is saying is that the open source availability of information/code is to blame for the increase in the number of rootkits. It's a bit like saying that if Edison & Tesla had not made electricity widely available, then less people would be electrocuted therefore we could blame them for the increase in numbers of electrocution. That does not make them culpable for each electrocution.
Engineering is the art of compromise.
put the blame squarely on the _ROOTKIT_ opensource community, and he may just have been partly right. the folks who write rootkits are, possibly, a part of the problem. the other part should have, of course, gone to that other community - the one that makes the environment in which rootkits hide.
still i think this article is mostly a part of a general move of "anti-virus" vendors turning into general "security solution companies" as microsoft slowly cleans up its act and erodes their "market". soooo - no reason to read too much into the statement.
"Does Open Source Encourage Rootkits?"
MS: Oh let me asnwer, me me me me!
Every possible action in the world has an economy surrounding it.
Don't like it? Change the economy of whatever vexes you.
I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
Well, at least I've never committed a murder while someone was watching!
Well, anyway, I've never committed a murder for which there are any surviving witnesses, so there is no way that you can PROVE that I'm a mass murderer!
ask Sony.
Power corrupts.
Solution: Close the websites; burn the books.
You can't take the sky from me...
I always find it interesting how they blame open source users for viruses and spyware, or in this case, rootkits. Last time I checked, isn't it the Microsoft (R) Windows that has the problems with these things? How much malicious code do you see for Linux, BSD, etc... I'm sure the answer is much less than for Windows.
When there's a problem in the open source community, they blame each other. When there's a problem in the proprietary source community, they blame the open source.
They really have no argument against the rootkit sites. I mean, imagine if terrorists were talking about secret terrorist plans on a certain forum/wiki on some public website. Do you really think law enforcement would shut down the site and ignore it? I doubt it, it's out in the open, so police would want to read as much of it as possible so they can learn and be prepared. If they shut down the site, everything becomes secret and they have no useful information to work with.
Same goes for the rootkits. If it's public, security companies can study it and learn from it and prepare for the worst. If they shut it down, they won't even know it exists until it's already hit some companies.
Do not mark in this space. For official office use only.
Is it no longer possible to cut a node off from Internet access?
Whatever happened to the IDP?
"I do, you insensitive clod!" -Gordon Freeman
Telltale Games: Bone, Sam and Max
if u wanna talk about open source, call...
:)
Caylee - 440-942-5962
Amber - 337-334-4010
From the article: "The predominant reason for the growth in use of stealthy code is because of sites like Rootkit.com," says Stuart McClure, senior vice president of global threats at McAfee.
Again, to me, this isn't an "open source" problem as much as an "Internet/can we stop bad guys from getting together and working on bad things" problem.
I somehow doubt rootkit.com is that dangerous (or I have no idea if it's even malicious), but I think we're likely to see this general issue come up again with websites on bomb making techniques, biological weapons etc... What should the government/society do if there is a public website that researches technology that can be used to make mass casualty weapons?
There is another side to this, too. It's like bacterial conjugation. If there are certain bits of DNA (code) in the wild that do certain things, that code can be passed around and inserted into other organisms (rootkits) to help them survive. If they were forced underground, it would make it harder for both groups - for the rootkit makers to create better products and for McAfee to track the rootkit makers.
That's not to say that spreading this information is a bad thing, but you have to realize that McAfee is right about one thing - it does help the rootkit makers in addition to helping the anti-rootkit people.
I was going to post this in the "Expose the big lie" thread but after I wrote it I thought it was interesting enough to merit a thread of its own. This is all good information, personally verified or witnessed by none other than me, but I will not answer any questions about it or go into any detail other than what I've already typed out. I may reply with more information or anecdotes if I see fit, but I've pretty much already scraped the barrel of my experiences.
These are some facts I have witnessed and learned through my employment. Take it at face value, believe it or don't believe it, because I'm not providing corroborating pictures, details, or evidence beyond my own testimony.
Homeland security buys in bulk and at great premium millions of dollars of useless personal appliances from China, such as rice cookers, nose hair trimmers, massage wands, and heating pads, boxes them up, and buries them in railroad shipping containers in the Arizona desert for no reason whatsoever other than to spend its budget and prevent sub-agencies from getting the funds. I suspect that the money goes to a middleman in order to secretly siphon funds into foreign organizations which we can't support over the table, but this is just me trying to find a justification for this massive and intentional government waste.
Donald Rumsfeld needs to wear iced underwear because of some medical condition, and he has his secret service detail hold his spares. He was recently getting uncontrollable long-term erections and had to change up his medical treatments. The underwear and the erections is why he uses a standing desk, not because he is some super-man. He also wears nylon stockings, not because he's gay, but to control some vascular problem with his legs which causes him intense pain.
President Bush uses anti-depressant medication, a lot of it, at a stupendous dosage, and he is hiding it from the American public. This is the real reason he stopped drinking. Because of the dosage, he is also impotent.
Tom Ridge carries 20 credit cards with him at all times, each one with a very low limit. I have never heard of him using one, ever, but he has them. He also wears his socks inside-out, and will flip the fuck out and walk strangely if he is forced to wear them properly, because it drives him crazy. All of his socks must be laundered right side in and then turned inside out before they are returned to him. He gave specific instructions about handling his food, and not allowing his vegetables to touch any other food item on the plate. His utensils must be steamed over boiling water. He will not eat soup which hasn't been boiled within the past 20 minutes or which he has not prepared himself. If any of these rules are violated, he flies into a rage, turns beet red, and will not eat a single thing. He has his personal attendants confirm over and over that the food is as he likes it. He also shaves his forearms and hands because he can't stand the idea of body hair on his arms. He demands that his bedsheets are bleach white and changed fresh every night and he sleeps in a separate bed in a big, tight, body-length nylon sleeve, with a fan blowing over him at full power. He is terrified of animals which have fur or hair longer than one inch, and will not go near curly hair of any kind, even on people. At one time he ran from his office and demanded that someone look under everything for a rodent which did not and could not exist, then he had the entire place wiped down with disinfectant and vacuumed twice. While this was done he couldn't even bear to look at the door, or come within 20 feet of his office. He was in hysterics.
President Bush, when dining at the white-house, does not eat any item of food which has not been first sniffed by a trained dog before being prepared. Think about that.
Word among the staff is that Cheney was drunk when he shot that lawyer, and secluded himself for a day to sober up and avoid felony firearms charges. I don't have any direct information on this because the guys with
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
Instead of users being limited in their choices of rootkits, users now have many different rootkits that are community supported to choose from. *THIS* is exactly why opensource is so important.
... Seriously, though, all of this just means that security patches continue to become more critical and that deployment of patches on servers cannot wait for months or years like we used to do back in the good old days.
Who wants to be stuck with a closed source rootkit when your IRC channel and server change and you have no way to update it? Opensource empowers the user to take the best features of different rootkits to ensure that they get the rootkit that meets their needs.
Users can strip down rootkits to run on older hardware that would otherwise be discarded, or they can enable many new features that make these rootkits competitive with all of the current commercial rootkits currently being used.
With the proliferation and expansion of UNIX desktop software that tries to emulate more and more windows (mis)-features, I think the rootkits and opensource actually do a lot to ensure that the basic applicatio n and OS security model in Linux and GNOME and KDE desktop environments remain secure.
freedom encourages all sorts of things, some of them bad.
Live with it, it's better than the alternative.
1) open source makes creating root kits easier (for the kiddies)
2) closed source makes finding/removing root kits more difficult (for the admins)
I'll deal with 1 before I'll face off against 2. Making life easier for the kiddies is a lot less hassel than making MY life more difficult.
I work for the Department of Redundancy Department.
Yes but the antivirus can't keep up with the new stuff coming out not so much because they are "new" but because their technology depends on signatures. It just so much easier for the bad guys to take their root kits, mix the functions arround and recomplie and viloa, the signatures stop matching.
Apocalypse Cancelled, Sorry, No Ticket Refunds
If the journalist or her editor possessed the proper level of subject knowledge and/or integrity required for true journalism to occur, then this patently absurd question would never be asked in an article.
Problems with the article abound, but this lone article is far from the problem. Never the less, it is a quintessential example of the kind of absurd misunderstanding of the landscape of the subject matter combined with the complete disregard for the principle of the pursuit of truth as a core element of journalistic principle that is endemic to the disease of misinformation which fosters misinformation in society today.
A few points that should be obvious, but are missed completely by this article:
I could go on, but it is the misinformation propogated by piss poor journalism coupled with the lackluster education levels of the vast majority of the members of society in the free world that is the cause of most problems in the world today.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
The reason the AntiVirus vendors keep producing this kind of inflamatory FUD is because it works.
Every time an AntiVirus company issues a fear mongering white paper, press release, or paid article placement in a magazine they get explosive coverage, dozens or hundreds of free articles written about them or their topic of interest, nearly all with links back to their original article. Within limits, bad publicity is publicity and publicity is good.
Meanwhile, companies like mine that are building next-generation network security systems (shameless link to Intrinsic Security AntiWorm) and who try to be good network citizens must work a thousand times harder for links back to our web sites, don't get slashdot stories about us, don't get bazillions of blog entries linking back to us.
Mine is not the only company that suffers this problem. Every time a story by one of these highly bogus AntiVirus FUD spreading companies ticks you off, you should include at the end of your rant about it in your blog a few links to non-bogus internet security companies. We would greatly appreciate it.
Honestly, there are days when I feel like whipping up a FUD press release or scare mongering white paper. It would be easier than taking the publicity high road.
If you mod me down, I shall become more powerful than you could possibly imagine.
He actually roasted an elephant to show how dangerous his competitor's AC current really was.
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
McAfee's just pissed that their product sucks at finding root kits.
In fact, McAfee is pretty much kinda sucking and finding any of the latest malware. They're just trying to jump on the anti-open source bandwagon because they don't have a better plan. Is Daryl McBride working there, too?
I might know what I'm talkin' about, but then again, this is Slashdot...
SEO bullshit.
If you want to place blame for the outbreak of rootkits lay it at the feet of Sony and company for releasing their poor attempt at DRM.
Rootkits wouldn't be half as popular as they are if the juevenile deliquents of the internet hadn't been so exposed to it.
IMAGE VERIFICATION IS EVIL!
The problem is that people don't understand that the founding fathers intended individuals to have the weapons necessary to fight a full fledged war with a world power. That was the point of the 2nd amendment. Suggesting that people have the right to bear arms for the purpose of hunting, sport, or to defend your home against burglers would have made as much sense to them as making a law today that guarantees the right to drink water, breath air, and eat a hamburger.
... Sony was part of the open source software movement.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
The entire purpose of the 2nd Amendment is to ensure the general populace is just as well armed as the government.
And that was meant to include full military weaponery - the entire populace IS the "militia".
Which explains why those that love to suck at the teat of big government hate the 2nd Amendment - big governments can't accumulate the power to enable them to become dispensers of public welfare (read: wealth redistribution!) if the government doesn't have the firepower to overwhelm the populace.
That first number, at least, is really someone's number. *ahem*
What if the discussion were about making nuclear bombs? What if it were about making custom biological agents or virii? What if the discussion was about any type of WMD?
I'm not trying to be sensationalist. I do understand that vulnerabilities in systems need to be pointed out before anyone will spend the money on corrective action. I also understand that if the knowledge is kept 'secret' that only two groups of people will have the knowledge -- the 'good ones' and 'the bad ones.' It does little to nothing to stop the bad ones from having the information, but it does a lot to prevent the public from knowing they are in danger.
We don't live in an ideal world. The vendors who make money by publishing software as a product or service do not often care about the quality of their work to the extent that it is safe for their customers and even if then did, are still typically unwilling to decrease the profits by spending time and money on fixes.
But still... it's hard to know which release of information will lead to good or lead to disaster.
I am in favor of the release of such information. The net result is that people (consumers) are trusting Microsoft less and less as a compounded result of their inattention to security and stability concerns. They can fight but I think the damage is done.
or to look at it another way, we would need a lot less computer techs and anti-virus companies wouldn't exist. Yah... A world without rootkits (read- not open source) is the way to go.
OSS is responsible for rootkits???? Really? May GOD that company has just completely lost touch with reality. They have forgotten to pipe their processes from AV to anti-spam, to....whatever other crap it needs to go to. I call that a serious design flaw. But somehow OSS is responsible for Windows flaws. It kind of seems to me the problem lies solely on Microsoft and Microsoft fostered "computer/internet illiterates" and not on OSS.
Saying something like that...were I in charge of any site that posted rootkits for learning purposes, I would block off any McAfee's access to it. After all, if I'm responsible for rootkits, they shouldn't have access to the knowledge I would be providing them, should they?
I think it's time McAfee worries about the flaws in their software and licensing model before they worry about someone else's activities.
Does closed source encourage vulnerabilities?
That's like blaming guns for creating murderers.
Or blaming burger shops for making Fat People.
Except that the rootkit makers have always passed information around on their own private networks. Forcing them underground would change absolutely nothing on their side, and would mean the AV companies would have less info on the rootkits to base their signatures and detection code on. In fact, the nastiest stealthed, encrypted, polymorphic viruses were developed when there was no public circulation of information about the techniques involved.
The problem is that saying that circulation of information helps the rootkit makers has the implicit assumption that anyone outside that community can hinder circulation of information within it. This happens not to be the case.
"Any group outside the hegemony will be demonized". Okay, somebody probably said it before me, but that doesn't make it false. :P
Aha! You have stumbled onto the secrets of the unforementionable Marketing Association of Network Engineers and their methodology of increasing their product publicity and thusly their sales.
Every intrusion detection, anti-virus, malware detector, trojan detector, rootkit detector companies are trying to outfox each other with their shining new widgets that can normalize, filter, block malicious payloads. It is like the Holy Grail. There can only be ONE.
Fear, Uncertainity and Doubts is the primary driver of this vertical (and horizontal) market segments.
Me? Just fix the OS and be done with all that crap.
Let me say, speaking as a developer, the rootkit.com site is a give and take system for both rootkit and anti-rootkit developers alike. As new anti-rootkit software is released, the community evaluates it, figures out the weaknesses and publishes the results. This allows rootkit developers to gain new insights into the inner workings of anti-rootkit software and Windows itself. In turn anti-rootkit developers learn from their mistakes and can come up with new ways to overcome their weaknesses. Without each other, the types of protection offered would stagnate until some unknown programmer creates a very nasty rootkit that nobody is prepared for. It's the people that aren't publishing their source code that you really need to worry about. Because they are only interested in one thing, owning you.
you're kidding, aren't you? If you're not, I'm sorry for you. Fortunately the world is changing, in the sense you seem to fear so much. I'm afraid of people like you, who consider that we are not prepared to handle information, and it's your, the government's, or whoever's duty to hide it from us to keep society working.
And related to that, maybe regarding the free as in free spech side of Open Source, I hope that the idea that sharing and cooperating is good transcends the computer software world, so when we teach our children to share they don't get so confused when they see what's going on in the outside world.
croto
I think McCafee engineers are pulling their hair out - on how to fix
the rootkit problems.
Where does Switzerland figure into that rant of yours?
Analogies don't equal equalities, they are merely somewhat analogous.
I'm not saying that the private networks would disappear. However, if there are private networks, they are, by definition, private, which raises the entry barrier for new rootkit writers. To get access to the code, they must first get access to the private network. If everything is distributed above-board, that barrier disappears.
My point isn't that communication will go away if this distribution were to stop, and I don't even think it should stop, but it does make it easier on the rootkit writers. My point is simply that the two things are related - the harder it is for rootkit owners to communicate, the harder it will be for the antivirus people to track what's happening, and the easier it is for them to communicate, the easier it is for them to be tracked. I wasn't trying to suggest that all communication would cease if it were outlawed, just as I wasn't trying to suggest that all tracking would cease in that same scenario. Both would just become harder.
startkeylogger
http://outcampaign.org/
Tread lightly on the topic of "illegal information". It's one step from making info illegal to censorship. Because you make one information "illegal", the next follows and soon you only have information that you're "supposed to know".
I'm in the security biz. Yes, pages like this make our work a bit harder. At the same time, they make it easier, telling us what to expect. Yes, they certainly open a can of worms, giving freeloaders and copycats the ability to create rootkits as well. But those kits aren't of concern. Yeah, they're a nuisance, but no more than the average scriptkid is for a nominally secured network. The kits an untrained person can create with the information given there aren't the main problems.
The problems are the kits from IT experts. And they can create those kits, with or without that information. By obscuring this information, you do not create higher security. You only make it less controllable.
Currently, the "good guys" can use this information to forsee a "trend" in the development of kits. You go there and you know what holes future (and current) kits will exploit, what approach they will take and you can already start to develop counter strategies without even having the kit. Without pages like this, the next kit hits you unprepared. You'll have to start countering when it is already here, not before its release.
In other words, silencing such info pages would take away from the defender. But certainly not from the attacker.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
The founding fathers did not intend for the 2nd Amendment to allow individuals the ability to bear arms to defend themselves against a world power - they designed the 2nd Amendment to guarantee the citizen's right to revolt against their government. Look up some George Washington quotes and get your facts straight, please.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
So people who make root kits share their source, how should that reflect at all on the open source community?
This is like complaining about education in prison. Because inmates pass on the knowledge of how to hot wire cars or pick locks to other prisoners does that mean legitimate education in prisons is also bad. Typical FUD.
I'm damned if it doesn't say something about the militia being "well regulated" somewhere in there...
My turnips listen for the soft cry of your love
Being able to read source code makes it easier to find flaws in said code. Details at 11.
Join Tor today!
How dumb do they think people are, anyway? If open source is the cause of rootkits, why is it so easy to plant one on a proprietary Windows machine and so hard to plant one on a Linux machine?
Whether McAffee's people are stupid or they think I am, either way I'm not giving them any business.
Again, wtf? This can only hurt their credibility, and thus their business as well.
Spoken like a true Anonymous Coward.
I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
What more does McAfee want??? They get to see the source code of rootkits without having to disassemble them...
Again, when viruses were rampant in the 80s and early 90s it was all private networks with that same supposed barrier, yet it didn't appear to be a significant barrier to new virus writers. They had easy access to the private networks through a completely different community that could provide them with the connections they needed. The only apparent barriers were to the AV companies and other "good guys".
As I noted, the fallacy in your arguments is an unstated one: that what people outside the rootkit-writer community do can hinder communication within the rootkit community in a significant way. This has not been the case in the past, and nobody can point out any changes in the private networks that would change this in the future. When you say "Both would just become harder.", I have to respond "But both haven't become harder any other time your scenario's occurred.".
Slashdot: Where anecdotes and generalizations can be freely substituted for facts, logic, or intelligence
How about the DoJ investigate Network Associates, McAfee, etc. to see what viruses they've been cooking up, either internally or through offshore Russian contractors? I'm sure there would be some very interesting findings regarding virus, worm, and rootkit appearances and money trails leading from the major antivirus vendors straight to virus creators.
That's my crackpot conspiracy theory FUD of the day, and I stand by it!!
(hey if those guys can sling FUD so can we!)
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
oddly enough, i think your 2nd paragraph is the answer to the first one.
bad overstated scenario one: WMD/virii/etc drops and protected people go "ha ha, we saw that coming and were prepared. our country has engineers that anticipated the scenario", scenario two: "hey, that's a pretty flash, lets go see what it is."
in addition to the above simplification - the "bad guys" have tabs on a lot of "secret" goings on, in undisclosed situations it's mostly just everybody else or the future victims that are taken by surprise
"these quotes are here just so I can use up my quota for the day"
I have never written a piece of malware. I am capable of doing it, though, as I am familiar with the Windows API, have programmed plenty of network applications, and have used things like keyboard hooks and such, so I could rather easily write a key logger, a spam bot, or a DDoS bot.
I could do all of this, but I don't know anyone who is in the malware business. If I decided I wanted to write a piece of malware, I'd have to resort to the freely available information on various sites. I don't know anyone on a private network, so, if the open information I'm talking about didn't exist, there'd be a barrier for me. I'd need to have connections with people in the network in order to get access to it.
Therefore, for me, it would lower the entry barrier. As I said, it doesn't make it impossible. If I were determined, I could track down people who were in the network and get myself added, and the antivirus companies could probably do the same, under a pseudonym. However, as I've been saying, all that has happened is that the same barrier has been erected for both new malware writers and the antivirus companies.
I'm well aware that viruses existed long before the Internet was widespread, back when everything was distributed via BBS. The job of an antivirus was mostly to scan floppy disks for boot sector viruses. Even then, communication happened, but it's nowhere near the ease with which people can get rootkit and virus code today.
If you don't agree that getting yourself added to a private network is a higher barrier to entry than simply downloading information from a web site or P2P network, then I really don't see any point in arguing further. Anyone in the network will have all the information he needs. It's the ability to get yourself added to that network that's the problem for many would-be malware authors.
The only question in my mind is this: can the malware authors even be forced underground anymore? Taking down obvious malware sites probably won't even affect them a lot because there will always be new ones popping up, just like P2P servers. Lots of countries will have poor (or no) enforcement of such rules, so those will be havens for servers. That point, however, is ancillary to my argument. My point is that, if you could force the malware writers underground, it would hinder them.
Anyway, I'm done arguing. I disagree with your statement that it wasn't harder when my scenario did happen. Simply saying that viruses were rampant in the 90s is not a rebuttal of that. They were a lot less rampant than they are now. That they were there in the 90s seems to be the basis of your argument, and I don't think that proves anything.
Why would anyone take McAfee seriously? They royally screwed up a recent update and deleted many important files. At least Open Source rootkits give people a chance to fight the problem.
Dan
The thing is, getting in isn't a problem... for those involved in that sort of thing in the first place. Your problem with the barrier is that you aren't the sort who's involved in malware. I see the same thing as a computer programmer. I constantly boggle people with my ability to come up with the most obscure information about computer systems when they've spent literally days searching and haven't found anything. This was true even back 25 years ago when I was in school. What's an insurmountable barrier for a complete outsider evaporates quickly for anyone who's even begun to be involved in the field, mainly because one of the first things you develop is a network of people you can ask about where to look for things.
The thing about walls is that they often depend on your perspective, and one of the hardest things to learn and remember is that your perspective isn't neccesarily the only one.