Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Blames Open Source for Botnets

Posted by ryuzaki0 on from the how-conveeeeenient dept.

v3xt0r writes "It seems that 'the Open Source Development Model' is to be blamed for the recent increase in botnet development. 'We're not taking aim at the open-source movement; we're talking about the full-disclosure model and how that effectively serves malware development,' the spokesman for McAfee says. Why not just blame the IRC Protocol? Or simply admit that Proprietary vendors cannot keep pace with the Open Source Model?"

5 of 223 comments (clear)

  1. Re:They're missing the real culprit. by blcamp · · Score: 2, Informative


    It could have been the Chinese that are to "blame":

    http://en.wikipedia.org/wiki/Abacus

    --
    The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
  2. Re:Full disclosure != open source by dzfoo · · Score: 4, Informative

    They *are* complaining. Its called "planting the seed of distrust":

    From the article:
    "Over the last year and a half, we've noticed how bot development in particular has latched on to open-source tools and the open-source development model,"

    Further down:
    Marcus said his company is drawing attention to the open-source trend to educate users, and not as an attempt to discredit open-source alternatives to its own proprietary software products. "We think [open-source antivirus products] are fine. They've never been something that was really in the same class as ours, but we've always been big supporters of open-source antivirus," he said.

    In other words, McAfee is saying "Bot writers are using Open Source tools to develop, maintain, collaborate on, and distribute malware. We're just saying, you know. Not that we're accusing them of anything; we're just saying."

    Then later in the article they start bad-mouthing Full Disclosure. That's, as you say, a separate topic.

        -dZ.

    --
    Carol vs. Ghost
    ...Can you save Christmas?
  3. Re:Corral Cache damn you guys by kennedy · · Score: 2, Informative

    Try the Slashdotter plugin for firefox...

  4. Misleading title by HangingChad · · Score: 2, Informative
    It makes it sound like virus writers are using open source software to launch botnets. They're using open source software development techniques to create botnet software for Windows.

    Sheesh.

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
  5. On locks and Open Source by crono_deus · · Score: 4, Informative
    Dammit, I've heard just about enough of these arguments. About 150 years ago, this man called Charles Tomlinson published a paper regarding how the mechanical workings of all locks should be public knowledge because, he reasoned, if the public knew about the weaknesses and strengths of each lock, they could 1) force the lockmaker into making a better lock, and 2) choose the one that suited them the best.

    Below are two excerpts from the paper, found, interestingly enough, using the "fortune" program. Yes, I know that the making of locks isn't exactly like the creation of software, but the principle remains the same. Security through obscurity is no security at all; however, if the standards and techniques are open and available to the public, we, the "experts" in the field, will actually be hold companies accountable for problems and shortcomings in their software.

    "A commercial, and in some respects a social, doubt has been started within the last year or two, whether or not it is right to discuss so openly the security or insecurity of locks. Many well-meaning persons suppose that the discussion respecting the means for baffling the supposed safety of locks offers a premium for dishonesty, by showing others how to be dishonest. This is a fallacy. Rogues are very keen in their profession, and already know much more than we can teach them respecting their several kinds of roguery. Rogues knew a good deal about lockpicking long before locksmiths discussed it among themselves, as they have lately done. If a lock -- let it have been made in whatever country, or by whatever maker -- is not so inviolable as it has hitherto been deemed to be, surely it is in the interest of *honest* persons to know this fact, because the *dishonest* are tolerably certain to be the first to apply the knowledge practically; and the spread of knowledge is necessary to give fair play to those who might suffer by ignorance. It cannot be too earnestly urged, that an acquaintance with real facts will, in the end, be better for all parties."

    -- Charles Tomlinson's Rudimentary Treatise on the Construction of Locks, published around 1850

    "In respect to lock-making, there can scarcely be such a thing as dishonesty of intention: the inventor produces a lock which he honestly thinks will possess such and such qualities; and he declares his belief to the world. If others differ from him in opinion concerning those qualities, it is open to them to say so; and the discussion, truthfully conducted, must lead to public advantage: the discussion stimulates curiosity, and curiosity stimulates invention. Nothing but a partial and limited view of the question could lead to the opinion that harm can result: if there be harm, it will be much more than counterbalanced by good."
    -- Charles Tomlinson's Rudimentary Treatise on the Construction of Locks, published around 1850.

    If you ever wanted to send anything defending OSS to anyone, this would be a very good thing to send.

    --
    Ne Cede Malis.