Comments on: Open Source Blamed for Rootkits? http://www.darknet.org.uk/2006/05/open-source-blamed-for-rootkits/ Ethical Hacking, Penetration Testing & Computer Security Tue, 14 Feb 2012 00:17:07 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: GEEMODO http://www.darknet.org.uk/2006/05/open-source-blamed-for-rootkits/#comment-11281 GEEMODO Sun, 10 Sep 2006 20:40:04 +0000 http://www.darknet.org.uk/2006/05/open-source-blamed-for-rootkits/#comment-11281 <strong> Spyware Attacks on the rise! Are you taking care of your PC?...</strong> Then again I read that McAfee has come out with a inaccurate report (according to well laid out article by Security Curve) that put th blame squarely on open source community. According to Darknet's article blaming Open Source, is a load of sh*t.... Spyware Attacks on the rise! Are you taking care of your PC?…

Then again I read that McAfee has come out with a inaccurate report (according to well laid out article by Security Curve) that put th blame squarely on open source community. According to Darknet’s article blaming Open Source, is a load of sh*t….

]]> By: kurt wismer http://www.darknet.org.uk/2006/05/open-source-blamed-for-rootkits/#comment-1172 kurt wismer Mon, 15 May 2006 04:20:41 +0000 http://www.darknet.org.uk/2006/05/open-source-blamed-for-rootkits/#comment-1172 if, as i contend, the ability to support stealth is inherent to the general purpose computing platform, then no it's not the fault of poorly designed security architectures or bad OS implementations... it's inherent, it can be done no matter how the OS is designed... an inherent vulnerability is one that is <b>not</b> the result of any mistake, so exploiting it can have no redeeming value... it doesn't improve security anymore than it would if someone were to come up with new types of weapons to smuggle through airport security... if, as i contend, the ability to support stealth is inherent to the general purpose computing platform, then no it’s not the fault of poorly designed security architectures or bad OS implementations… it’s inherent, it can be done no matter how the OS is designed…

an inherent vulnerability is one that is not the result of any mistake, so exploiting it can have no redeeming value… it doesn’t improve security anymore than it would if someone were to come up with new types of weapons to smuggle through airport security…

]]> By: Darknet http://www.darknet.org.uk/2006/05/open-source-blamed-for-rootkits/#comment-1170 Darknet Mon, 15 May 2006 03:41:05 +0000 http://www.darknet.org.uk/2006/05/open-source-blamed-for-rootkits/#comment-1170 <strong>kurt:</strong> Well I wouldn't go as far as to call them paragons of virtue, but I far from disagree with what they are doing. All the linux rootkits have been open source and available on various sites for YEARS, just the authors didn't write books or dedicate whole domains to them, I don't see anyone crying about it, I see people using HIDS and chkrootkit to fight them, I see people reading the code to see how they work and learning about LKM's so they can counter them. Now the same thing happens in the Windows world, it's the fault of the coders? Not poorly designed security architectures? Or bad OS implementations? The ethical conflict happens all the time, McAfee do the same thing by spreading FUD, I'm sure other AV companies have had hands in various 'virus scares' too. Full disclosure is not always good, it's not a magic blanket, with that I agree, but in this case I think it's fine. Perhaps there should be some control, the rootkit thing may have gone a little far (providing pre-rolled malicious code). For example in the realm of exploits, they are obfuscated (the shellcode RET address is often removed or wrong) for the purpose of preventing skiddies from using it. Meaning if you can't code, and at least understand how the exploit works, it's useless. Perhaps the same thing could be done in some way for the rootkits? kurt: Well I wouldn’t go as far as to call them paragons of virtue, but I far from disagree with what they are doing. All the linux rootkits have been open source and available on various sites for YEARS, just the authors didn’t write books or dedicate whole domains to them, I don’t see anyone crying about it, I see people using HIDS and chkrootkit to fight them, I see people reading the code to see how they work and learning about LKM’s so they can counter them. Now the same thing happens in the Windows world, it’s the fault of the coders? Not poorly designed security architectures? Or bad OS implementations? The ethical conflict happens all the time, McAfee do the same thing by spreading FUD, I’m sure other AV companies have had hands in various ‘virus scares’ too.

Full disclosure is not always good, it’s not a magic blanket, with that I agree, but in this case I think it’s fine. Perhaps there should be some control, the rootkit thing may have gone a little far (providing pre-rolled malicious code). For example in the realm of exploits, they are obfuscated (the shellcode RET address is often removed or wrong) for the purpose of preventing skiddies from using it. Meaning if you can’t code, and at least understand how the exploit works, it’s useless. Perhaps the same thing could be done in some way for the rootkits?

]]> By: kurt wismer http://www.darknet.org.uk/2006/05/open-source-blamed-for-rootkits/#comment-1167 kurt wismer Sun, 14 May 2006 19:51:55 +0000 http://www.darknet.org.uk/2006/05/open-source-blamed-for-rootkits/#comment-1167 i hate to burst your bubble but the folks behind rootkitDOTcom are not the paragons of virtue you seem to think they are... it's not just source code that's shared on that site but also compiled binaries... in fact greg hoglund admits that the '<i>rootkit</i>' james butler wrote and distributed via rootkitDOTcom has become one of the most deployed '<i>rootkits</i>' in the world and the people deploying it are using the very binaries that are available for download from that site... the ethical misconduct doesn't end there, either - i blogged about the <a href="http://anti-virus-rants.blogspot.com/2006/04/ethical-conflict-in-anti-rootkit.html" rel="nofollow">ethical conflict</a> before (i know you don't like comment spam, but since i have no ads and no product to peddle i hardly think this qualifies, and i don't see why i should repeat the entire thing when i can just provide a link)... there's a very wrong-headed notion that anything done under the banner of <i>full disclosure</i> is automagically a good thing, but that's patently absurd (see <a href="http://www.schneier.com/crypto-gram-0111.html#1" rel="nofollow">bruce schneier's thoughts on full disclosure</a>, and pay particular attention to what he has to say about responsible disclosure)... in cases where we're dealing with a vulnerability caused by a software defect public disclosure helps improve security by pressuring the affected vendor(s) to fix the bug and illustrates to the rest of us what not to do in the future... however in the case of malware such as rootkits (or the things that pass for rootkits nowadays) there is no possibility of closing the window of exposure without profound changes to the underlying model of computation that we use (ie. there's good reason to believe that the ability to support stealth functions is inherent to the general purpose computing platform)... public disclosure always arms the bad guys to a certain extent, what makes it ok is when it's balanced out by a greater good... arming the bad guys with ready-made attack tools (not just the information needed to create their own) with no way to close the window of exposure (and therefore no greater good) is a <b>bad</b> thing, not a good thing... i hate to burst your bubble but the folks behind rootkitDOTcom are not the paragons of virtue you seem to think they are… it’s not just source code that’s shared on that site but also compiled binaries… in fact greg hoglund admits that the ‘rootkit‘ james butler wrote and distributed via rootkitDOTcom has become one of the most deployed ‘rootkits‘ in the world and the people deploying it are using the very binaries that are available for download from that site… the ethical misconduct doesn’t end there, either – i blogged about the ethical conflict before (i know you don’t like comment spam, but since i have no ads and no product to peddle i hardly think this qualifies, and i don’t see why i should repeat the entire thing when i can just provide a link)…

there’s a very wrong-headed notion that anything done under the banner of full disclosure is automagically a good thing, but that’s patently absurd (see bruce schneier’s thoughts on full disclosure, and pay particular attention to what he has to say about responsible disclosure)… in cases where we’re dealing with a vulnerability caused by a software defect public disclosure helps improve security by pressuring the affected vendor(s) to fix the bug and illustrates to the rest of us what not to do in the future… however in the case of malware such as rootkits (or the things that pass for rootkits nowadays) there is no possibility of closing the window of exposure without profound changes to the underlying model of computation that we use (ie. there’s good reason to believe that the ability to support stealth functions is inherent to the general purpose computing platform)…

public disclosure always arms the bad guys to a certain extent, what makes it ok is when it’s balanced out by a greater good… arming the bad guys with ready-made attack tools (not just the information needed to create their own) with no way to close the window of exposure (and therefore no greater good) is a bad thing, not a good thing…

]]> By: Martin Macok http://www.darknet.org.uk/2006/05/open-source-blamed-for-rootkits/#comment-1162 Martin Macok Sun, 14 May 2006 15:46:20 +0000 http://www.darknet.org.uk/2006/05/open-source-blamed-for-rootkits/#comment-1162 Maybe they just updated their rootkit signature detection according to "new" information from the server ... and surprise! Number of rootkits detected jumped nine times!!! :-)) (just joking... but who knows?) Maybe they just updated their rootkit signature detection according to “new” information from the server … and surprise! Number of rootkits detected jumped nine times!!! :-))

(just joking… but who knows?)

]]>