McAfee Blames Open Source for Botnets

v3xt0r writes "It seems that 'the Open Source Development Model' is to be blamed for the recent increase in botnet development. 'We're not taking aim at the open-source movement; we're talking about the full-disclosure model and how that effectively serves malware development,' the spokesman for McAfee says. Why not just blame the IRC Protocol? Or simply admit that Proprietary vendors cannot keep pace with the Open Source Model?"

Re:What?

[deathy_epl+ccs]

Certain vendors of anti-virus software appear to believe so. I wrote an exe-packer primarly so I could pack dotnet executables and distributed it for free. It got used by some malware author out there, and this anti-virus vendor decided then that anything packed with my exe-packer must be a virus.

I swear, it doesn't pay to share anything any more. ;-)

From the experts...

[helmutvs]

Who brought you an "update" the other month that categorized files from "IBM (Rational), GreenHills, MS Office, Ansys, Adobe, Autocad, Hyperion, Win MPM, MS Shared, MapInfo, Macromedia, MySQL, CA, Cold Fusion, ATI, FTP Voyager, Visual Studio, PTC, ADS, FEMAP, STAT" as viruses and promptly deleted them. Here's the story.

Dude, again, it's _not_ about OSS

[Moraelin]

RTFA, seriously. That disclosure that they mention is _not_ the disclosure of OS code. If you RTFA, at that point they explain very well what they mean by "full disclosure" and it has _nothing_ to do with OSS any more. Their "full disclosure" is about researchers disclosing a vulnerability, together with ample instructions and proof of concept code of how it can be exploited. It has _nothing_ to do with Linux vs Windows, Closed Source vs F/OSS, etc. It's about disclosing vulnerabilities.

Basically what McAffee says is, "I wish researchers stopped telling everyone everything about this and that buffer overflow. Telling people everything about a bug only helps the evil hackers use it in a virus!!!111one1eleventeen" Not an exact quote, but that's the general idea they're peddling there.

Which is, in the nutshell, just the old "security by obscurity" argument. Which has already been debated to hell and back and is known to not work that way. And, frankly, it's weird to see McAffee preaching that attitude, because the anti-virus makers should know the best that it never worked that way.

'scuse me, McA, but that's bollocks

[Opportunist]

Could be that they have to get that air of being against closed source off them after they found Excel to be a trojan (ok... some might claim it's not really a false positive, but still... a few companies didn't enjoy the idea of having their Excel removed...).

But quite seriously, could anyone please explain just HOW a malware author would benefit from open source? Because of the tools? Seriously, if you're writing software that's considered "illegal" in most places of this planet, would you care about licensing? Whether the software is free (as in beer and as in software) is pointless for him. If it's not free, he'll copy it illegaly.

Because they could learn how to write malware? The "real" malware projects are not open source, actually anything BUT it. First of all, major exploits are not shared, they're sold. Plain and simple. Malware is a business, just like a lot of other software, and they are by far the last to go for open sourcing, simply because it would cut into their revenue. Actually, the few snippets and code parts that ARE open source is one of the key sources for AV researchers, unless they want to go for the darker venues in the trade. And, finally, when knowledge becomes illegal, gimme a ring. Then it's time to leave the planet.

If you want to learn how to write malware, you needn't wade through open source projects. You won't find much worth finding.

So I don't really understand just why McA is targeting the OSS movement. There is little to be gained by malware writers through OSS, but a lot for those opposing malware. If anyone, it's the AV researchers who benefit from open sourcing malware. Because they would have a hard time explaining just why they would have sent money towards people wearing darker colored hats.