stefan.waidele.info

or

McAffee blames OpenSource for rise in malware-quality

PCAdvisor published an article with the healine “Hackers learn from open source“, in which they quote McAffee’s Dave Marcus on the topic of malware. He makes the following statements, which are pure FUD:

• “Unlike viruses of the past, bots tend to be written by a group of authors, who often collaborate by using the same tools and techniques as open-source developers”
  Wow. Collaboration is a technique probably as old as humanity. I have “collaborated” with my friends in 5th grade on software. We were trying to understand how “sprites” would work on the C64. We should have patented the “software developement by collaboration” process - we would be rich today!
  Don’t forget: The people at Microsoft (and probably even at McAffee) do collaborate. Software is not written by single individuals anymore. People use tools. People exchange ideas. Get over it.
• “Over the last year and a half, we’ve noticed how bot development in particular has latched on to open-source tools and the open-source development model,”
  Let me rephrase this for clarity “Until 6 months ago, blackhats bought (or probably stole) their tools from respectable companies. Proprietary Software is losing market-share everywhere, even in malware-developement market.” This has to be scary for closed-source shops! Nobody blames MS or Borland for enabeling black-hats to compile bots!
• “The current generation of bot software has grown to the point where open-source software development tools make a natural fit. With hundreds of source files now being managed, developers of the Agobot family of malware, for example, are using the open-source CVS (Concurrent Versions System) software to manage their project.”
  This just has to mean that CVS is the preferred source-code management system for this group of developers. Even if we don’t like this, we will have to live with it. Kitchen-knives and chain-saws are also the preferred tools for some twisted mass-murderers. Let’s ban them together with CVS and OSS!
• “the publication features a cover story entitled ‘Paying a price for the open-source advantage’ in its inaugural issue.”
  They even acknowledge that there is an advantage in open source. We all agree that there is a price we have to pay for that (there is no such thing as a free beer… :). If they don’t have something better to write in a magazine, they should stick to writing software.
• “Marcus said his company is drawing attention to the open-source trend to educate users,”
  So, that’s the real problem: Users who are educated are a threat to proprietary software vendors, especially to anti-virus vendors. That’s right: Educated users are less prone to virus infection than stupid users. Users who know their way around their PC are not as dependent on vendors to sell them more icons to click on. Smart users don’t buy crap. (Maybe they do, but not as often :)

Also, note that Dave Marcus is “security research and communications manager” with McAfee’s Avert Labs. If my newsspeak-dictionary is up-to-date, “communications” stands for “public relations and advertizment”. It really looks like these statements that Marcus’ made are a desperate attempt at pushing the public opinion away from open source.