I read with some interest a recent story at ComputerWorld, McAfee: Open-source encourages rootkits. To which I have to say, Bah, Humbug.
The basic logic is that open-source rootkits make it easier for people to hack in to other systems, by merely making rootkits easier to get and use than ever before. Further, open-source rootkits on the Internet help the bad guys continue to "improve" their rootkits and make them better and better by sharing ideas & code.
The growing fear in the security world is that it won't be long before someone creates a worm that can scan networks for vulnerabilities and then effectively deliver a malicious payload -- such as something that can wipe out files, change data or spy on organizations -- that can be kept hidden by a well-made rootkit.
On the flip side of the coin, open-source rootkits can be more easily analyzed by the "good guys," and can help find vulnerabilities in existing systems. My personal opinion is that this outweighs the negative. Sure, the bad guys are making better tools, but everyone has complete access to them.
"We need those open-source people," says David Perry, global director of education at Trend Micro. "They uncover things. It's a laboratory of computer science. They demand the intellectual right to discuss this."
So, who benefits most from open-source rootkits? The good guys or the bad guys?
Good guys. As open source allows for a wider audience, the "good guys" will find more of the security holes, especially the obvious ones. The bad guys would then have to work harder to find holes they can use.
Who benefits the most from this? In my opinion, the bad guys.
In theory, nobody should come out ahead. However, in my experience, the "bad guys" tend to be smarter, faster, and more driven than the "good guys", so they get a greater benefit from this.
This is generally due to the nature of the creature. The good guys are the product of a training and certification system that no longer even pretends to be 'education', whereas the bad guys generally have a more well-rounded and effective skillset gained from experience. This, and bad guys tend to be the active party, whereas the good guys are more reactionary, so they're always at a disadvantage -- the new hack is first created and used before the good guys can start to craft a defense.
I think my favourite part of all of this, though, is that in practice, open source fails to a spectacular degree. But the bad guys are able to use it quite effectively. I wonder if there's a fundamental difference in mindset, because mindset is what inevitably works against open source.
"I think my favourite part of all of this, though, is that in practice, open source fails to a spectacular degree. But the bad guys are able to use it quite effectively."
Huh? The "bad guys" are able to use of failed software effectively? And what do you mean that, "open source fails to a spectacular degree," I don't see it failing in many more places than closed source. I find my open source alternatives come out a head of many commercial apps. (Then again, most commercial apps. are more user-friendly, and I have a hard time figuring out how to get what I want, done) (kinda ironic)