Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Blames Open Source for Botnets

Posted by ryuzaki0 on from the how-conveeeeenient dept.

v3xt0r writes "It seems that 'the Open Source Development Model' is to be blamed for the recent increase in botnet development. 'We're not taking aim at the open-source movement; we're talking about the full-disclosure model and how that effectively serves malware development,' the spokesman for McAfee says. Why not just blame the IRC Protocol? Or simply admit that Proprietary vendors cannot keep pace with the Open Source Model?"

6 of 223 comments (clear)

  1. What? by NiteMair · · Score: 5, Insightful

    So, here is an article simply claiming that some "malicious developers" have found a way to collaborate using open-source tools...

    Wow, I've seen a lot of commercial vendors doing that in the recent years also - maybe they're all suspect.

  2. Load of BS by Wieland · · Score: 5, Funny
    From TFA:
    The current generation of bot software has grown to the point where open-source software development tools make a natural fit. With hundreds of source files now being managed, developers of the Agobot family of malware, for example, are using the open-source CVS (Concurrent Versions System) software to manage their project.
    If that's the best example they can come up with... Geezz, malware writers probably eat cereal, too. Why not blame Kellogg's?
    1. Re:Load of BS by TheOtherChimeraTwin · · Score: 5, Funny

      No, he really has a point here. Pass a law forcing Botnet developers to use SourceSafe and you'll see Botnet development slow to a crawl.

  3. They don't explain how the alternative is better by AmiMoJo · · Score: 5, Insightful

    Say there is an vulnerability, only known to black hats which is being exploited. Someone finds it, reports it to the vendor. The vendor sits on it for months while a massive botnet spams the hell out of us using it.

    Isn't it better to release info so people can do something about it? Network admins can use it to help block the attacks, or disable the vulnerable software. Users can stop using it. And people can ever make their own patches, or use the shared knowledge to look for similar flaws in other software.

    We have seen this happen. Can anyone provide a good alternative, because McAfee certainly can't?

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. Full disclosure != open source by Moraelin · · Score: 5, Insightful

    Basically it seems to me that McAffee _isn't_ complaining about OSS, and explicitly says they don't. There are two _very_ distinct and unrelated parts of the article:

    1. The open source part. Which doesn't contain any kind of anti-OSS slant. It just says that people now have a lot of F/OSS tools to manage their files and whatnot.

    2. The part about full disclosure. Where they basically whine that they'd like to have what we all call "security by obscurity." Basically McAffee would like a world where researchers keep a lot more stuff secret, because supposedly being public about that helps evil hackers. Which is as stupid as it gets, yes, but it also has nothing to do with OSS at this point.

    So why the fanboy slant in the summary?

    --
    A polar bear is a cartesian bear after a coordinate transform.
  5. From the experts... by helmutvs · · Score: 5, Interesting

    Who brought you an "update" the other month that categorized files from "IBM (Rational), GreenHills, MS Office, Ansys, Adobe, Autocad, Hyperion, Win MPM, MS Shared, MapInfo, Macromedia, MySQL, CA, Cold Fusion, ATI, FTP Voyager, Visual Studio, PTC, ADS, FEMAP, STAT" as viruses and promptly deleted them. Here's the story.

    --
    There are no uninteresting things. There are only uninterested people.