Slashdot Mirror

← Back to Stories (view on slashdot.org)

Does Open Source Encourage Rootkits?

Posted by ryuzaki0 on from the no-ulterior-motives dept.

An anonymous reader writes "NetworkWorld reports that security vendor McAfee places the blame for increased numbers of rootkits squarely on the shoulders of the open source community. Others, however, do not agree. From the article: 'Rootkit.com's 41,533 members do post rootkit source code anonymously, then discuss and share the open source code. But it's naïve to say the Web site exists for malicious purposes, contends Greg Hoglund, CEO of security firm HBGary and operator of Rootkit. "It's there to educate people," says Hoglund [...] It's a great resource for anti-virus companies and others. Without it, they'd be far behind in their understanding of rootkits."'"

17 of 200 comments (clear)

  1. Scare Tactics and Get Real by WebHostingGuy · · Score: 5, Insightful
    If this site/domain name was not well know the hackers would just type in an IP like Click for Rootkit and get what they need.

    Simply because they use a domain name and the site is known does not make the information malicious. If you don't think rotating sites on rotating server exist to share compromised media and discussion about server cracking then you don't know anything. Rookit.com is open and out there, but the malicious people don't just stop here. Removing rootkit.com off the face of the earth would do zero to stop server compromises and rootkits.

    And don't get me started about the quote..." make it advisable "to throw the computer away" if you want to be sure you got rid of the rootkit". Talk about scare tactics...sheesh. How often do you see a BIOS rootkit? And if you did, why don't you just reflash the BIOS? Or is this a sinister plan to make companies throw out old hardware to buy new so they buy new faster stuff to run Vista. That's it! It's all Microsoft's fault. Amazing how fast we can go do the jump off the bridge path.

    --
    Quality Hosting e3 Servers
    1. Re:Scare Tactics and Get Real by Lumpy · · Score: 5, Funny

      Man what a great IDEA! I am certified for hazardous rootkit infected computer disposal.. this month only my normal $250.00 disposal fee is reduced to
      $100.00 per Pentium 4 computer or laptop infected with a dangerous rootkit. Our trained professionals will seal each infected PC in a hypo allergenic bag and savely transport them to our facilitity for disposal and recycling.

      I get paid AND get gobs of good gear to sell on ebay!

      Thanks for the tip! this will go great with my DVD rewinding service!

      --
      Do not look at laser with remaining good eye.
    2. Re:Scare Tactics and Get Real by IntelliAdmin · · Score: 5, Interesting

      Lets also remember that some of the people associated with this site were the first to notice the Sony DRM RootKit. The research that has been done on this site has really made it hard for rootkit developers to install their wares unnoticed - if you have the right tools. I could be wrong, but I think that Mark Russinovich from sysinternals has been there contributing to this site. It has led to the development of some really great tools such as the SysInternals RootkitRevealer - a really great tool by the way (http://www.sysinternals.com/Utilities/RootkitReve aler.html)

  2. Baloney by Spazmania · · Score: 4, Insightful

    McAfee places the blame for increased numbers of rootkits squarely on the shoulders of the open source community

    That's like saying Edison and Tesla are to blame every time someone gets electocuted.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
    1. Re:Baloney by Ucklak · · Score: 4, Insightful

      This is another 'blame the tool, not the user' type of mentality.

      Guns are evil, drugs are bad, rootkits are bad, P2P is evil, etc...
      We've heard this all before.

      Concrete is bad because it could be used to make a shoe and keep a victim from struggling whilst they are dropped at the bottom of a lake.
      Knives are bad because they may be used to kill someone.
      2x4 pieces of lumber are bad because you could use it to knock someone off a motorcycle.
      Baseball bats are really evil becuase gangs can use them for intimidation.
      Crowbars, they should be illegal anyway, who uses them? We need to have nails that dissolve with water instead of trying to pry them up with this lethal weapon.

      --
      if you steal from one source, that is plagiarism, if you steal from many, well, that's just research.
    2. Re:Baloney by 0123456 · · Score: 4, Interesting

      "I'm as close to a 2nd Amendment purist as one is likely to find"

      No you're not.

      "But even for me, there are limits. Should people be allowed to own fully automatic weapons? RPGs? Artillary? Landmines?"

      Do you really think that the founders would have been worried about individuals owning RPGs when they were quite happy for individuals to own warships?

      Hint: read Article 1 section 8 sometime, and look up 'letters of marque and reprisal', if you don't know what that means.

  3. Phhhbt... by UbelievablyLame · · Score: 5, Funny

    "Rootkits... you say it like it's a bad thing" -Sony

  4. Business protection? by microbee · · Score: 4, Interesting

    What is McAfree afraid of? Being bashed on rootkits.com just like Lavasoft? I think it's very important for the general public to know the information about virus and anti-virus technologies. Big companies try so hard to protect their secrets so that nobody else could get into the market. We often have no idea what kind of pieces of crap are running on our computers which we rely so much upon. Well, let the worms come out of the can!

  5. Semantics by caffeination · · Score: 4, Informative
    The linked article and the Slashdot summary twist McAffee's report to invoke images of someone blaming the likes of KDE for the existence of rootkits, which is misleading. They are in fact blaming increasing effectiveness on the fact that people are collaborating. If anything it's a glowing advert for the Open Source development model.

    Also, the majority of the article is not about this issue, despite it being both the title and the Slashdot title. Instead, it's about current trends in rootkit design.

  6. Does Open Source Encourage Rootkits? by vertinox · · Score: 4, Insightful

    As much as Closed Source prevents them.

    --
    "I am the king of the Romans, and am superior to rules of grammar!"
    -Sigismund, Holy Roman Emperor (1368-1437)
  7. Hello, McAfee? We're trying to help you! by Rex+Code · · Score: 4, Insightful
    OK, I'll admit that there are a lot of rootkits being passed around in the open. More than in the past, and most of them include the source code. The only reason this should be a problem for McAfee is if they aren't able to keep up with the volume. Would they rather that these things circulated underground so that 10x more sites would fall victim before McAfee managed to capture an example to analyze?


    Full disclosure is the best way to force the holes that make the rootkits possible to be addressed sooner rather than later. McAfee should be grateful that these things are getting posted where they can use them to make their offerings more secure. Instead, they come off as a bunch of whiners.

  8. Access to info == Potential to do bad things by licamell · · Score: 4, Insightful

    I mean, how is this any different than say all the resources on how to make bombs on the internet (oh no, I just got my traffic flagged since I think it passes through AT&T networks). Anyways, just because the info on how to make weapons is online does not directly lead to people using that info for bad things. The people who truly want to do bad things will get their info from elsewhere. This is just a bad marketing attempt to screw people out of freedom of information/speech.

  9. Security vendor FUD by hotdiggitydawg · · Score: 5, Insightful

    Wow. A security vendor, who has a critical financial interest in creating FUD, claims that disclosing security flaws creates security problems. Forgive me if my eyeballs don't explode with surprise.

    Security by obscurity has been proven time and again not to work. Nobody would find a security hole if it didn't exist. Likewise, if one does exist, if one person can find it so can someone else. The responsibility lies squarely with the developers.

    Time for a bad analogy (seeing as how this is Slashdot and all): If the door of your house/apartment/room/basement was made of balsa wood rather than a decent hardwood (or a reinforced steel-belted Faraday Cage for you tinfoil-hatters), it would only be a matter of time before someone worked this out. And regardless of whether they boot your front door in and make off with your home entertainment system, or simply leave you a note that says "This door is so thin I can hear you whacking off to Buffy reruns from across the hall (by the way your dinner's getting cold, son)" you can bet if one person can work it out, so can someone else. And the next person might not just leave you a note. So, if the door is your responsibility you better fix it ASAP, or risk the consequences. And if not, you better fry the ass of whoever is responsible, or you'll still risk the consequences yourself.

    Landlord won't give you a secure premises? Move out, and tell everyone about it. Or get a gun and a pit bull. Or barricade the door and use the kitchen window for access. Or all three. Windows has more holes than half a dozen slices of Jarlesberg? Switch to a more secure O/S, and add your voice to the complaints. Or install malware detection/removal tools. Or lock it down behind a firewall. Or all three. But don't just stick your head in the sand and hope nobody will notice, that approach just doesn't work.

  10. Mod McAfee by Firehed · · Score: 4, Insightful

    Mod McAfee down -1, Troll.

    --
    How are sites slashdotted when nobody reads TFAs?
  11. Depends who you ask by suv4x4 · · Score: 4, Funny

    "Does Open Source Encourage Rootkits?"

    MS: Oh let me asnwer, me me me me!

  12. Proliferation of rootkits mean opensource works by poopie · · Score: 4, Funny

    Instead of users being limited in their choices of rootkits, users now have many different rootkits that are community supported to choose from. *THIS* is exactly why opensource is so important.

    Who wants to be stuck with a closed source rootkit when your IRC channel and server change and you have no way to update it? Opensource empowers the user to take the best features of different rootkits to ensure that they get the rootkit that meets their needs.

    Users can strip down rootkits to run on older hardware that would otherwise be discarded, or they can enable many new features that make these rootkits competitive with all of the current commercial rootkits currently being used. ... Seriously, though, all of this just means that security patches continue to become more critical and that deployment of patches on servers cannot wait for months or years like we used to do back in the good old days.

    With the proliferation and expansion of UNIX desktop software that tries to emulate more and more windows (mis)-features, I think the rootkits and opensource actually do a lot to ensure that the basic applicatio n and OS security model in Linux and GNOME and KDE desktop environments remain secure.

  13. open source == freedom by IchBinEinPenguin · · Score: 4, Insightful

    freedom encourages all sorts of things, some of them bad.

    Live with it, it's better than the alternative.