Add the malware bazaar to the list of marketplaces being radically reshaped by the forces of globalization. That's the conclusion of Thomas Holt, a professor of criminal justice at the University of North Carolina at Charlotte, who says the marketplace for rootkits, Trojans and other software nasties increasingly transcends …
Possible achilles heel?
Perhaps security researchers could subvertly insert a bug into some of this common code... something that helps them track down the individuals actively using this code set to attack others. As code gets larger and more complex, with foreign language support and whatnot, the probability of the next criminal reading and understanding every line of code (and spotting the giveaway) becomes less likely.
Proprietary vs FOSS
This is why Proprietary software will eventually be set aside in favor of FOSS. There is simply no way for proprietary software vendors to keep up with security when competing with criminals who share their code.
The Linux FOSS model is built by people with a principled incentive to build and share their software. Even if so-called hackers get their hands on the code, the security has been vetted by hundreds if not thousands of programmers all over the world with different backgrounds and interests.
Not so with proprietary security regimes such as Windows. Even the Department of Defense acknowledges that security by obscurity doesn't work.
Apparently the malware writers understand that re-inventing the wheel isn't very economical and they're willing to share their efforts.
There is no doubt that they are working on finding ways to make viruses propogate on FOSS. But first they're going to have to chew their way through 30 years of combined software development from Unix to Linux, and an entirely different philosophy about programming and design from Windows. And then they're going to have to deal with systems that update themselves faster with greater reliability than with Windows in addition to the fact that FOSS programmers are more willing to admit flaws than Microsoft. How can they not admit to the flaws when the code is out there for all to see? MS Windows has security flaws going all the way to Windows 1.0 that still have not been plugged in XP (don't know about Vista yet).
Where Windows has for 30 years made convenience a priority, FOSS has made security a priority.
I'm not saying that virus writers will never figure out how to make viruses propogate easily on Linux or Unix. I'm saying that the life of a virus on Linux or Unix is slow hard death.
Thanks for the article.
FOSS or BAU?
>> Over the next two years, a program with the same name and containing identical source code turned up on boards in China, Guatemala, Russia and Argentina and then again in China. As the program moved, it gained new capabilities, including support for Spanish and Chinese languages.
Right, like Vista ..
>> windows vista ultimate lite edition its damn good version contain all vista extras and very speed version u gotta try it ..tested by me fixed the home premium reales i done
.. like the iPhone ..
>> This week homebrew hackers at the #iPhone IRC channel have enabled Apache, Python and other Open Source apps for the iPhone so you can a web server in your pocket.
.. like the Madonna "What the Fuck" P2P MP3 ..
>> This album was triggered by a small sound byte of speech left by Madonna as a decoy to frustrate users sharing her songs via Peer-to-peer (P2P) networks on the internet. Any holes a goal in this riotous wondrous fairy tale journey through 14.5 tracks of deep anal hilarity.
.. like etc ad nausea.
None of this is news
malware authors have always collaborated and probably always used open methodologies and it's been a global issue for at least the last ten years.
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
- Feast your PUNY eyes on highest resolution phone display EVER
- AMD demos 'Berlin' Opteron, world's first heterogeneous system architecture server chip
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update