Slashdot Mirror
Does Open Source Encourage Rootkits?
An anonymous reader writes "NetworkWorld reports that security vendor McAfee places the blame for increased numbers of rootkits squarely on the shoulders of the open source community. Others, however, do not agree. From the article: 'Rootkit.com's 41,533 members do post rootkit source code anonymously, then discuss and share the open source code. But it's naïve to say the Web site exists for malicious purposes, contends Greg Hoglund, CEO of security firm HBGary and operator of Rootkit. "It's there to educate people," says Hoglund [...] It's a great resource for anti-virus companies and others. Without it, they'd be far behind in their understanding of rootkits."'"
Simply because they use a domain name and the site is known does not make the information malicious. If you don't think rotating sites on rotating server exist to share compromised media and discussion about server cracking then you don't know anything. Rookit.com is open and out there, but the malicious people don't just stop here. Removing rootkit.com off the face of the earth would do zero to stop server compromises and rootkits.
And don't get me started about the quote..." make it advisable "to throw the computer away" if you want to be sure you got rid of the rootkit". Talk about scare tactics...sheesh. How often do you see a BIOS rootkit? And if you did, why don't you just reflash the BIOS? Or is this a sinister plan to make companies throw out old hardware to buy new so they buy new faster stuff to run Vista. That's it! It's all Microsoft's fault. Amazing how fast we can go do the jump off the bridge path.
Quality Hosting e3 Servers
McAfee places the blame for increased numbers of rootkits squarely on the shoulders of the open source community
That's like saying Edison and Tesla are to blame every time someone gets electocuted.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
"Rootkits... you say it like it's a bad thing" -Sony
This report looks like a marketing ploy by McAfee to counteract Microsoft's OneCare Live product and Microsoft's reported move into stand-alone antispyware. As noted in a Cnet article on the same report, the report states that the term rootkit should be used in relation to malicious software only and not apply towards technology like Sony's DRM rootkit.
What is McAfree afraid of? Being bashed on rootkits.com just like Lavasoft? I think it's very important for the general public to know the information about virus and anti-virus technologies. Big companies try so hard to protect their secrets so that nobody else could get into the market. We often have no idea what kind of pieces of crap are running on our computers which we rely so much upon. Well, let the worms come out of the can!
Also, the majority of the article is not about this issue, despite it being both the title and the Slashdot title. Instead, it's about current trends in rootkit design.
As much as Closed Source prevents them.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
Full disclosure is the best way to force the holes that make the rootkits possible to be addressed sooner rather than later. McAfee should be grateful that these things are getting posted where they can use them to make their offerings more secure. Instead, they come off as a bunch of whiners.
I mean, how is this any different than say all the resources on how to make bombs on the internet (oh no, I just got my traffic flagged since I think it passes through AT&T networks). Anyways, just because the info on how to make weapons is online does not directly lead to people using that info for bad things. The people who truly want to do bad things will get their info from elsewhere. This is just a bad marketing attempt to screw people out of freedom of information/speech.
Wow. A security vendor, who has a critical financial interest in creating FUD, claims that disclosing security flaws creates security problems. Forgive me if my eyeballs don't explode with surprise.
Security by obscurity has been proven time and again not to work. Nobody would find a security hole if it didn't exist. Likewise, if one does exist, if one person can find it so can someone else. The responsibility lies squarely with the developers.
Time for a bad analogy (seeing as how this is Slashdot and all): If the door of your house/apartment/room/basement was made of balsa wood rather than a decent hardwood (or a reinforced steel-belted Faraday Cage for you tinfoil-hatters), it would only be a matter of time before someone worked this out. And regardless of whether they boot your front door in and make off with your home entertainment system, or simply leave you a note that says "This door is so thin I can hear you whacking off to Buffy reruns from across the hall (by the way your dinner's getting cold, son)" you can bet if one person can work it out, so can someone else. And the next person might not just leave you a note. So, if the door is your responsibility you better fix it ASAP, or risk the consequences. And if not, you better fry the ass of whoever is responsible, or you'll still risk the consequences yourself.
Landlord won't give you a secure premises? Move out, and tell everyone about it. Or get a gun and a pit bull. Or barricade the door and use the kitchen window for access. Or all three. Windows has more holes than half a dozen slices of Jarlesberg? Switch to a more secure O/S, and add your voice to the complaints. Or install malware detection/removal tools. Or lock it down behind a firewall. Or all three. But don't just stick your head in the sand and hope nobody will notice, that approach just doesn't work.
> What percentage of open source code is rootkits?
0.01%
> What percentage of honda drivers are mass murderers?
80%
hope that helps you.
+----------------- | What is the question!
Mod McAfee down -1, Troll.
How are sites slashdotted when nobody reads TFAs?
"Does Open Source Encourage Rootkits?"
MS: Oh let me asnwer, me me me me!
Every possible action in the world has an economy surrounding it.
Don't like it? Change the economy of whatever vexes you.
I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
ask Sony.
I always find it interesting how they blame open source users for viruses and spyware, or in this case, rootkits. Last time I checked, isn't it the Microsoft (R) Windows that has the problems with these things? How much malicious code do you see for Linux, BSD, etc... I'm sure the answer is much less than for Windows.
When there's a problem in the open source community, they blame each other. When there's a problem in the proprietary source community, they blame the open source.
They really have no argument against the rootkit sites. I mean, imagine if terrorists were talking about secret terrorist plans on a certain forum/wiki on some public website. Do you really think law enforcement would shut down the site and ignore it? I doubt it, it's out in the open, so police would want to read as much of it as possible so they can learn and be prepared. If they shut down the site, everything becomes secret and they have no useful information to work with.
Same goes for the rootkits. If it's public, security companies can study it and learn from it and prepare for the worst. If they shut it down, they won't even know it exists until it's already hit some companies.
Do not mark in this space. For official office use only.
From the article: "The predominant reason for the growth in use of stealthy code is because of sites like Rootkit.com," says Stuart McClure, senior vice president of global threats at McAfee.
Again, to me, this isn't an "open source" problem as much as an "Internet/can we stop bad guys from getting together and working on bad things" problem.
I somehow doubt rootkit.com is that dangerous (or I have no idea if it's even malicious), but I think we're likely to see this general issue come up again with websites on bomb making techniques, biological weapons etc... What should the government/society do if there is a public website that researches technology that can be used to make mass casualty weapons?
There is another side to this, too. It's like bacterial conjugation. If there are certain bits of DNA (code) in the wild that do certain things, that code can be passed around and inserted into other organisms (rootkits) to help them survive. If they were forced underground, it would make it harder for both groups - for the rootkit makers to create better products and for McAfee to track the rootkit makers.
That's not to say that spreading this information is a bad thing, but you have to realize that McAfee is right about one thing - it does help the rootkit makers in addition to helping the anti-rootkit people.
Instead of users being limited in their choices of rootkits, users now have many different rootkits that are community supported to choose from. *THIS* is exactly why opensource is so important.
... Seriously, though, all of this just means that security patches continue to become more critical and that deployment of patches on servers cannot wait for months or years like we used to do back in the good old days.
Who wants to be stuck with a closed source rootkit when your IRC channel and server change and you have no way to update it? Opensource empowers the user to take the best features of different rootkits to ensure that they get the rootkit that meets their needs.
Users can strip down rootkits to run on older hardware that would otherwise be discarded, or they can enable many new features that make these rootkits competitive with all of the current commercial rootkits currently being used.
With the proliferation and expansion of UNIX desktop software that tries to emulate more and more windows (mis)-features, I think the rootkits and opensource actually do a lot to ensure that the basic applicatio n and OS security model in Linux and GNOME and KDE desktop environments remain secure.
freedom encourages all sorts of things, some of them bad.
Live with it, it's better than the alternative.
If the journalist or her editor possessed the proper level of subject knowledge and/or integrity required for true journalism to occur, then this patently absurd question would never be asked in an article.
Problems with the article abound, but this lone article is far from the problem. Never the less, it is a quintessential example of the kind of absurd misunderstanding of the landscape of the subject matter combined with the complete disregard for the principle of the pursuit of truth as a core element of journalistic principle that is endemic to the disease of misinformation which fosters misinformation in society today.
A few points that should be obvious, but are missed completely by this article:
I could go on, but it is the misinformation propogated by piss poor journalism coupled with the lackluster education levels of the vast majority of the members of society in the free world that is the cause of most problems in the world today.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
The reason the AntiVirus vendors keep producing this kind of inflamatory FUD is because it works.
Every time an AntiVirus company issues a fear mongering white paper, press release, or paid article placement in a magazine they get explosive coverage, dozens or hundreds of free articles written about them or their topic of interest, nearly all with links back to their original article. Within limits, bad publicity is publicity and publicity is good.
Meanwhile, companies like mine that are building next-generation network security systems (shameless link to Intrinsic Security AntiWorm) and who try to be good network citizens must work a thousand times harder for links back to our web sites, don't get slashdot stories about us, don't get bazillions of blog entries linking back to us.
Mine is not the only company that suffers this problem. Every time a story by one of these highly bogus AntiVirus FUD spreading companies ticks you off, you should include at the end of your rant about it in your blog a few links to non-bogus internet security companies. We would greatly appreciate it.
Honestly, there are days when I feel like whipping up a FUD press release or scare mongering white paper. It would be easier than taking the publicity high road.
If you mod me down, I shall become more powerful than you could possibly imagine.
He actually roasted an elephant to show how dangerous his competitor's AC current really was.
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
The problem is that people don't understand that the founding fathers intended individuals to have the weapons necessary to fight a full fledged war with a world power. That was the point of the 2nd amendment. Suggesting that people have the right to bear arms for the purpose of hunting, sport, or to defend your home against burglers would have made as much sense to them as making a law today that guarantees the right to drink water, breath air, and eat a hamburger.
Let me say, speaking as a developer, the rootkit.com site is a give and take system for both rootkit and anti-rootkit developers alike. As new anti-rootkit software is released, the community evaluates it, figures out the weaknesses and publishes the results. This allows rootkit developers to gain new insights into the inner workings of anti-rootkit software and Windows itself. In turn anti-rootkit developers learn from their mistakes and can come up with new ways to overcome their weaknesses. Without each other, the types of protection offered would stagnate until some unknown programmer creates a very nasty rootkit that nobody is prepared for. It's the people that aren't publishing their source code that you really need to worry about. Because they are only interested in one thing, owning you.
The founding fathers did not intend for the 2nd Amendment to allow individuals the ability to bear arms to defend themselves against a world power - they designed the 2nd Amendment to guarantee the citizen's right to revolt against their government. Look up some George Washington quotes and get your facts straight, please.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.