McAfee's libel against open source
Over the weekend Stuart Hicks emailed the OSI about an odd statement made by McAfee in its white paper on botnets [PDF]:
Taking the bot controller offline may kill a botnet. As a result, many bots use a Dynamic Domain Name System (DDNS) or have a list of backup IP addresses to survive such an event. Bot technology is rapidly evolving, often aided and abetted, unfortunately, by the open-source movement. [Emphasis mine.]
Huh? No justification is made for this statement. No follow-on, explanatory comments are made.
Someone at McAfee thinks that the correlation between botnets and open source is clear, but I am struggling to grasp any connection between the two. Perhaps this is just one more example of McAfee's dubious grasp on reality when it comes to open source. Remember its statement that open-source licensing is a threat to its business?
Consider the definition of a botnet:
While the term "botnet" can be used to refer to any group of bots, such as IRC bots, the word is generally used to refer to a collection of compromised computers (called zombie computers) running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure. The majority of these computers are running Microsoft Windows operating systems, but other operating systems can be affected. A botnet's originator (aka "bot herder") can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes.
See any open source in there? I suppose it's possible that the programs used to manage the zombies could be open source, but the zombies themselves are generally Windows computers. Apparently open-source Linux is more impervious to bot attacks. Or maybe its users are simply not as gullible. Or something.
Regardless, McAfee needs to come clean and own up to its ignorance on open source. It's starting to look ridiculous. Too bad it can't keep that proprietary. No one likes to see their ignorance open sourced.
Matt Asay is general manager of the Americas and vice president of business development at Alfresco, and has nearly a decade of operational experience with commercial open source and regularly speaks and publishes on open-source business strategy. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure.
Windows boxes may be the perfect vector for the bots given the number of unpatched home computers out there (believe me, I've seen horrors) but as all other attack vectors for Linux are so much harder, there are a great number of rootkits and these are perfect for taking over a server which will be up for a long time with little, or no, interruption which makes vulnerable servers perfect for controlling botnets.
The only possible reason I can think of for McAfee's tack, is the boneheaded 'security through obscurity' ideal. There are many ways to prevent your server being taken over including a proper security update routine and hardened PHP with Suhosin and the MOPB patches if applicable, tripwire software, etc. but none of these require hidden code, just hidden passwords.
Simply put, open source is the cheapest and preferred way to develop software. Your IT staff knows it, and so do these malicious hackers.
http://www.darknetworks.org/2008/04/mcafee-botnets-libel-open-source-and-tax-day/
His conclusion: "Sorry Matt, McAfee is NOT your enemy, nor are the ignorant about open source."
Bot nets, and the creation zombie computers, are aided and abetted by the poor security in various Microsoft Windows versions.
or
Bot nets, and the creation zombie computers, are aided and abetted by the poor knowledge of Internet users who unwittingly click and install the software from the Internet.
Both statements are true and inflammatory, but employees of companies that depend on Microsoft products and don't want to offend potential customers of their Internet security software won't publish such statements.