Print
The phrase "open-source" is such a sexy term.
It's so hip and fresh. Open-source singlehandedly represents the latest and greatest thinking in the modern-day technological movement. Drop it into a conversation and you're suddenly talking like a futurist. Throw it into a company's strategic roadmap and suddenly we've created innovation and depth. Suggest that virus-makers are embracing open-source, and you've got the attention (and clicks) of Web geeks worldwide.
Wait a minute. Open-source viruses? How does that work?
If you think about the actual definition of open-source for a moment, you'll wind up being as confused as I am about this latest bit of fad reporting to pass around the Web. According to an article from CNET, virus-makers are apparently transforming their wares into open-source projects and using the power of the group to achieve advancements in virus deployment, nasty features, and scanner obfuscation.
That's all well and good (for the virus-makers), but that's as open-source a situation as an apple is an orange. What's being described is an example of collaboration and communication based around a common or to-be developed piece of code. That sounds like open-source--an apple and an orange are both pieces of fruit, after all. But that's not really open-source because we're ignoring the critical elements that help define what open-source software truly is. Virus-makers aren't going open-source in the slightest. They're spinning derivative works from older viruses and developing free code while holding hands and singing the Pirates of the Caribbean song, but that's it. And it's hardly a new fad.
Since the beginning of geek time, the more nefarious members of the technology world have worked together to try and create newer means for achieving their less-than-upstanding desires. This notion of collaboration can be as simple as taking an older crack and retrofitting it for newer editions of a program, or as far-ranging and complicated as the operation of an entire distribution network for stolen CD images. Are either of these examples of open-source? No.
What makes a software project open-source is not the fact that people are teaming up during its creation. Open-source software conforms to a specific set of tenets for creation and distribution. In essence, the definition of open-source centers on the licensing issues that permit one to take code, modify code, and release code under a similar license for others to play around with. The licensing elements are critical to the open-source equation: They allow for one to meaningful contribute to a communal work without running afoul of the normal copyright law that protects all software code. Well, almost all.
The code for viruses, by their very nature, cannot be copyrighted. Or, at least, I have yet to read about a virus creator suing another code-monkey for violating his or her ability to independently build and release malware--if this ever comes up in the courts, please let me know. I'll be the one in the front row with the popcorn.
I jest, but it's a lot like calling the police to complain that someone stole your bag of cocaine. You might be able to get some sort of legal retribution against said thief, but that doesn't mean that your activities are in any way afforded the same legal protections as the types of property or possessions the law was designed to protect. Even if a virus maker wanted to craft a particular bit of software around the GPL, the absence of the underlying copyright function would render the whole point moot--not to mention that the inability (or lack of desire) to offer up the source code to all interested participants (like, say, law enforcement) would render said license void on its face. And those are just the two examples I can come up with off the top of my head. There are plenty more.
Is this a stupid semantics debate? Yes and no. Given the vitriol that can accompany the ages-old "open-source is not free" discussion, I don't think it's that far-fetched to call an "open-source virus" exactly what it is: a public domain program, at best. Reserving the correct phrase for its correct usage minimizes confusion and, more importantly, helps hold off the eventual transformation of "open source" into the next big synonym for "community-driven." It also gives us a chance to ponder what a closed-source virus program would look like.
And, of course, what would happen if someone listed one of those on The Pirate Bay.
David Murphy (@ Acererak) is a technology journalist and former Maximum PC editor. He writes weekly columns about the wide world of open-source as well as weekly roundups of awesome, freebie software. Befriend him on Twitter, especially if you have an awesome app or game you're dying to recommend!
Comments are closed on this article
nightkiller
September 23, 2009 at 9:57pm
I agree with other posters that this article is just a semantic shell game of no real substance. Malware is code that installs itself without your permission. Licensing is installing code with someone else's permission because you agree to their constraints. As far as I'm concerned, malware has always been license free because no one claims ownership of the result and lives to tell the tale. Unless you are open about it.
You choose a flightless bird as a mascot and wonder why it doesn't take off?
TheMurph
September 24, 2009 at 11:10am
So, essentially, by saying the same things in your post that I'm saying in the column -- malware is license-free (and, thus, not open source) -- that somehow makes your post relevant and my article lack substance.
Huh?
nightkiller
September 24, 2009 at 6:43pm
Why bother stating the obvious to begin with?
You choose a flightless bird as a mascot and wonder why it doesn't take off?
TheMurph
September 24, 2009 at 11:17pm
Because it isn't quite so obvious if other people are obviously reporting it incorrectly.
TheMaverick
September 23, 2009 at 6:16pm
Finally! These were the comments I was talking about on that other thread!
Deanjo
September 23, 2009 at 5:59pm
There seems to be a misunderstanding as to what opensource is. Opensource is not GPL. GPL is a form license for opensource. A virus can most definiately be released as opensource (actually there have been a lot of them floating around already for decades. Just visit any security site like 2600.). Public domain source code for example is "opensource" as well. It could also be licensed under something like a BSD license which is offers far more freedom then the politcally motivated GPL.
Opensource takes many forms and no one license is the definition of opensource.
TheMurph
September 23, 2009 at 8:59pm
Also:
"'Public domain' will never be a license. It actually means 'No license required,'" Rosen said (Rosen is an attorney with Rosenlaw and Einschlag who previously led OSI's legal work and who still is involved.) "Software that is 'dedicated to the public' or 'to the public domain' is pretty safe. I just worry a bit when people or companies give software away in such an amateurish way, without understanding that licenses or covenants are far more efficient and effective."
TheMurph
September 23, 2009 at 8:56pm
Wrong. Open-source is not GPL, that's correct -- that was just an example. However, open-source is, in part, definied by whatever licenses are attached to the software at-hand. Otherwise, the original creator of the work retains copyright and the modification of said work sans permission is in violation.
Anyway, here's the tried-and-true definition of open source that one can refer to in these matters.
1337Goose
September 23, 2009 at 6:29pm
Wow, that actually makes sense.
So Open-source is any software that has it's source code openly available?
~Goose
1337Goose
September 23, 2009 at 4:28pm
I think it is really just a semantics debate. A purist definitely would not consider these viruses as open source, but to the average layman, if the code is available for download, then it must be open source. (I was the average layman before Murphy's Law)
I think you hinted at that:
"Reserving the correct phrase for its correct usage minimizes confusion and, more importantly, helps hold off the eventual transformation of "open source" into the next big synonym for "community-driven.""
~Goose
linkmaster6
September 23, 2009 at 12:38pm
...and tooth paste was created by the goverment to brainwash millions.
I think this guy wears a tin foil hat
Wildebeast
September 23, 2009 at 11:41am
It's a shame that McAfee, Symantec, and the others can't just copyright the viruses, and use the DMCA to punish people who actively use viruses for malicious purposes.
Of course ---if they did try it, all it would take is one guy defending himself by showing they had the code, before the copyright holder had recognized that particular virus.
I'm not sure anyone would actually use that Defense though, as the Feds would then be going after them as the Originator of the Virus.
AntiHero
September 23, 2009 at 10:25am
Been a long time since someone covered viruses in a manner that didn't make me turn on Vista's UAC and create a backup. Someone could get the name registered as a copyright, however if someone were to use the same name, how could they pull a lawsuit without letting slip that it's a virus. Also once the virus gets out there, the name would be registered with someone, and therein getting them caught. So calling it an Open Source project is not really true since it cannot get a name, even though it can be a collaborative project, and a project that people can take, manipulate and recreate as they wish.
I don't like Microsoft, I associate with it.
WarCrime342
September 23, 2009 at 11:30am
Your point was very clear and well written. It's been quite a bit of time since I've seen a comment of this quality. Nowadays, anyone with an internet connection can post a comment. It's not very exclusive anymore and those with expertise now have to stand out of a crowd to make a valid statement.
periodhyphenund...
September 23, 2009 at 10:22am
Quote:
"It also gives us a chance to ponder what a closed-source virus program would look like."
It looks EXACTLY like Windows 7! Duh
mattman059
September 23, 2009 at 11:42am
OH theres no arguing with this dip shit..just go read some of his other comments....guys a ass hole.
periodhyphenund...
September 24, 2009 at 11:47am
People like me who have evidence to back up our statements get nothing but grief for our trouble.
We spend thousands of hours without pay to help slobs like you protect your own computer and all we get from you is name calling and cyber bullying from people who cannot get even one single piece of evidence to counter my claims!
Fine, let the Government spy on you!
Your stupidity only hurts you!
nekollx
September 24, 2009 at 11:50am
IF you have evidence you shoulnd't be fraid to provide it...
------------------------------
Coming soon to Lulu.com --Tokusatsu Heroes--
Five teenagers, one alien ghost, a robot, and the fate of the world.
lunchbox73
September 23, 2009 at 12:39pm
Is this the guy who's always spouting off about how Windows 7 is spyware? What's his deal? What's your deal dude?
periodhyphenund...
September 24, 2009 at 11:49am
The deal is Windows 7 is spyware AND WE HAVE THE PROOF in case Max PC would like to do an honest article on the subject!
Once again WE HAVE THE PROOF to back up our claims!
You only have cyber bullying and name calling to back up your claims
nekollx
September 23, 2009 at 11:22am
*walms up my pimp slappin hand* Please keep your agendas out of serious virus discussions.
The Murph makes some good points though, what makes O-S shine is that you can't just make it into a virus. Since that wound involve hoding the code and violating the GPL, if you do reveal the code then the vius can be cleaned before it launches.
------------------------------
Coming soon to Lulu.com --Tokusatsu Heroes--
Five teenagers, one alien ghost, a robot, and the fate of the world.
TheMurph
September 23, 2009 at 9:00pm
To note: GPL was but an example, not a requirement to define software as "open-source." ; )
