I found this article as I was stumbling around the void that is the internet. Back on April 17th “Does open source encourage rootkits?” was published on Network World. The core of this article is that McAfee believes that rootkits are a direct result of the open source community. You have got to be kidding me with this garbage.
“The predominant reason for the growth in use of stealthy code is because of sites like Rootkit.com,” says Stuart McClure, senior vice president of global threats at McAfee
The website he was referring to discusses code for rootkits. Now, if I was a ill intentioned bad guy I would not be posting my source code on a publicly available website. I’d be certain to keep it to myself. The assertion that this helps in the spread of rootkits is absurd. The same website can be used to help educate users and even anti virus companies. Lord knows that McAfee could use some help explaining the difference between Microsoft Excel and Adore rootkit.
[tags]McAfee, Rootkits, Malware, Open Source, Stuart McClure[/tags]
if you were a bad guy you might not post your source code there, but you certainly might download their source code…
more importantly, you might download the compiled binaries they include with the source code…
according to greg hoglund (founder of the site in question), the ‘rootkit’ that his co-author (james butler) wrote and made available on the site has become one of the most deployed ‘rootkits’ in the world, and quite often the people who deploy it are using the exact binaries that are available for download from the site…
regardless of their intentions (the road to a very hot place is paved with good intentions), they are arming the bad guys…
True enough. I just feel that bad people are going to do bad things irrespective of anyone’s intentions. I’m partial to having it out in the open to help better educate the user base. More often than not, the biggest vulnerability in computer security sits between the chair and the keyboard. If they can be better educated this can help to mitigate problems and hopefully avoid future scenarios such as the Sony rootkit debacle.
Thanks for the comment.
cheers
frankly, the user base can be educated to the point of being able to protect themselves without sharing source code or compiled binaries for actual attack tools… the user base is not going to be writing their own search routines, they’re going to be using pre-built security tools… they need to know the nature of the threat but not necessarily the implementation of it…
Fair point. I’ve always been one for open dialogue. I’ve always been privy to exploit code and source code for most tools that I use. As a result I have not really been viewing this through the eyes of John Q User. The biggest problem is that I can see both sides of this issue. I guess I’ll have to agree to disagree. A point well taken nonetheless.