McAfee attacks open source

Is it time for someone, a foundation say, to launch a project in this area, to distribute their code free, and to update it free as well? Something like, say, Firefox, only for security?

A recent McAfee report on rootkits reads like an attack on the open source process.

It is no doubt true that an open source process is helping malware authors get more done quickly. This has always been the case. I remember covering "pirate bulletin boards" in the 1980s, and they were essentially an open source process. Pirates would post their latest exploits, and other pirates who reached the sites could use that code to do their own.

But here is what is interesting. The security software business, including McAfee, is mainly run on a proprietary base. You can't see the code of McAfee or Symantec or Trend Micro security software. You can't change it or adjust it to your needs, even if your copy is running on a Linux system. You are dependent on these companies for your updates, and you hope they can keep up.

The latest report is an admission that they cannot.

So, do we need to look now toward open source tools for our security? Is it time for someone, a foundation say, to launch a project in this area, to distribute their code free, and to update it free as well? Something like, say, Firefox, only for security?

I am certain McAfee would protest that. But does their own research contradict them?

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All