September 21st, 2009

Open source does not work well for bad guys

Posted by Dana Blankenhorn @ 5:44 am

Categories: Applications, Development, General, Internet, Security

Tags: Malware, Malware Writer, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Open Source, Dana Blankenhorn

While some researchers expressfear of malware writers using open source to improve their work, a C|Net investigation shows it really does not help them.

Authors of the Limbo Trojan,. the most popular such program in the world in 2007, tried the open source model to reverse a slide in fortunes, Nick Heath wrote. It did not help. (Former ZDNet writer Richard Steinnon hosted the ThreatCast podcast, and I thought its logo was cute.)

The big problem? Revealing the code means delivering security companies everything they need to write an identifying virus “signature” for it. Even if you enhance the base program, the original signature will still identify it.

It’s in the nature of crime. A bad guy’s actions can only work if they are done in secret.

Secrecy, in fact, is behind the big new infection trend, “drive by” infections. A malware writer secretly gains control of a Web site address, places the malware there so it’s the first thing loaded by a visitor, then works to get page views as with any other web marketer.

Or, as The New York Times found out, a malware author may masquerade as a legitimate advertiser and place their work, as an ad, directly onto the pages of a widely-read site.

There is nothing open about any of this.

While malware writers are finding only limited success in open sourcing their work, the open source movement has been an enormous boon to the good guys. Programs like ClamAV, Snort, and BitDefender use the open source process for both development and distribution.

The bottom line here is that open source shines a light on code, and like cockroaches bad guys don’t like the light.