Skip to main content

Posts

Showing posts from April, 2006

McAfee out of ideas - blames internet for rootkits.

The recent article Does open source encourage rootkits? [NetworkWorld] discusses a McAfee report, "Rootkits", in which McAfee lays the blame for rootkits at the door of the open source community by name, security researchers by implication, and unwittingly at the very doorstep of information sharing -- books, libraries, and printed material. The report was issued due to a large jump in the number of rootkits they detected (nine times as many this quarter as the year ago quarter - a dramatic increase). They specifically blame rootkit.com. The unstated basis for their argument is a classic tension between open sharing of information about security vulnerabilities on the one hand and secret cabals of security research on the other. McAfee is clearly coming down for the "keep it secret to be safe" camp. Most independent security researchers reject this argument, because industry has a very long track record of totally ignoring security issues until they are made pu…