Murphy's Law: Sometimes, an Open-Source Virus is Just a Virus
Posted 09/23/09 at 12:37:53 PM by David Murphy
Comments
Print
Email
The phrase "open-source" is such a sexy term.
It's so hip and fresh. Open-source singlehandedly represents the latest and greatest thinking in the modern-day technological movement. Drop it into a conversation and you're suddenly talking like a futurist. Throw it into a company's strategic roadmap and suddenly we've created innovation and depth. Suggest that virus-makers are embracing open-source, and you've got the attention (and clicks) of Web geeks worldwide.
Wait a minute. Open-source viruses? How does that work?
If you think about the actual definition of open-source for a moment, you'll wind up being as confused as I am about this latest bit of fad reporting to pass around the Web. According to an article from CNET, virus-makers are apparently transforming their wares into open-source projects and using the power of the group to achieve advancements in virus deployment, nasty features, and scanner obfuscation.
That's all well and good (for the virus-makers), but that's as open-source a situation as an apple is an orange. What's being described is an example of collaboration and communication based around a common or to-be developed piece of code. That sounds like open-source--an apple and an orange are both pieces of fruit, after all. But that's not really open-source because we're ignoring the critical elements that help define what open-source software truly is. Virus-makers aren't going open-source in the slightest. They're spinning derivative works from older viruses and developing free code while holding hands and singing the Pirates of the Caribbean song, but that's it. And it's hardly a new fad.
Since the beginning of geek time, the more nefarious members of the technology world have worked together to try and create newer means for achieving their less-than-upstanding desires. This notion of collaboration can be as simple as taking an older crack and retrofitting it for newer editions of a program, or as far-ranging and complicated as the operation of an entire distribution network for stolen CD images. Are either of these examples of open-source? No.
What makes a software project open-source is not the fact that people are teaming up during its creation. Open-source software conforms to a specific set of tenets for creation and distribution. In essence, the definition of open-source centers on the licensing issues that permit one to take code, modify code, and release code under a similar license for others to play around with. The licensing elements are critical to the open-source equation: They allow for one to meaningful contribute to a communal work without running afoul of the normal copyright law that protects all software code. Well, almost all.
The code for viruses, by their very nature, cannot be copyrighted. Or, at least, I have yet to read about a virus creator suing another code-monkey for violating his or her ability to independently build and release malware--if this ever comes up in the courts, please let me know. I'll be the one in the front row with the popcorn.
I jest, but it's a lot like calling the police to complain that someone stole your bag of cocaine. You might be able to get some sort of legal retribution against said thief, but that doesn't mean that your activities are in any way afforded the same legal protections as the types of property or possessions the law was designed to protect. Even if a virus maker wanted to craft a particular bit of software around the GPL, the absence of the underlying copyright function would render the whole point moot--not to mention that the inability (or lack of desire) to offer up the source code to all interested participants (like, say, law enforcement) would render said license void on its face. And those are just the two examples I can come up with off the top of my head. There are plenty more.
Is this a stupid semantics debate? Yes and no. Given the vitriol that can accompany the ages-old "open-source is not free" discussion, I don't think it's that far-fetched to call an "open-source virus" exactly what it is: a public domain program, at best. Reserving the correct phrase for its correct usage minimizes confusion and, more importantly, helps hold off the eventual transformation of "open source" into the next big synonym for "community-driven." It also gives us a chance to ponder what a closed-source virus program would look like.
And, of course, what would happen if someone listed one of those on The Pirate Bay.
David Murphy (@ Acererak) is a technology journalist and former Maximum PC editor. He writes weekly columns about the wide world of open-source as well as weekly roundups of awesome, freebie software. Befriend him on Twitter, especially if you have an awesome app or game you're dying to recommend!
A pile of horse hooey
Submitted by nightkiller on Wed, 09/23/2009 - 8:57pm
I agree with other posters that this article is just a semantic shell game of no real substance. Malware is code that installs itself without your permission. Licensing is installing code with someone else's permission because you agree to their constraints. As far as I'm concerned, malware has always been license free because no one claims ownership of the result and lives to tell the tale. Unless you are open about it.
You choose a flightless bird as a mascot and wonder why it doesn't take off?
So, essentially, by saying
Submitted by TheMurph on Thu, 09/24/2009 - 10:10am
So, essentially, by saying the same things in your post that I'm saying in the column -- malware is license-free (and, thus, not open source) -- that somehow makes your post relevant and my article lack substance.
Huh?
Submitted by nightkiller on Thu, 09/24/2009 - 5:43pm
Why bother stating the obvious to begin with?
You choose a flightless bird as a mascot and wonder why it doesn't take off?
Submitted by TheMurph on Thu, 09/24/2009 - 10:17pm
Because it isn't quite so obvious if other people are obviously reporting it incorrectly.
Submitted by TheMaverick on Wed, 09/23/2009 - 5:16pm
Finally! These were the comments I was talking about on that other thread!
Submitted by Deanjo on Wed, 09/23/2009 - 4:59pm
There seems to be a misunderstanding as to what opensource is. Opensource is not GPL. GPL is a form license for opensource. A virus can most definiately be released as opensource (actually there have been a lot of them floating around already for decades. Just visit any security site like 2600.). Public domain source code for example is "opensource" as well. It could also be licensed under something like a BSD license which is offers far more freedom then the politcally motivated GPL.
Opensource takes many forms and no one license is the definition of opensource.
Submitted by TheMurph on Wed, 09/23/2009 - 7:59pm
Also:
"'Public domain' will never be a license. It actually means 'No license required,'" Rosen said (Rosen is an attorney with Rosenlaw and Einschlag who previously led OSI's legal work and who still is involved.) "Software that is 'dedicated to the public' or 'to the public domain' is pretty safe. I just worry a bit when people or companies give software away in such an amateurish way, without understanding that licenses or covenants are far more efficient and effective."
Submitted by TheMurph on Wed, 09/23/2009 - 7:56pm
Wrong. Open-source is not GPL, that's correct -- that was just an example. However, open-source is, in part, definied by whatever licenses are attached to the software at-hand. Otherwise, the original creator of the work retains copyright and the modification of said work sans permission is in violation.
Anyway, here's the tried-and-true definition of open source that one can refer to in these matters.
hmm...
Submitted by 1337Goose on Wed, 09/23/2009 - 3:28pm
I think it is really just a semantics debate. A purist definitely would not consider these viruses as open source, but to the average layman, if the code is available for download, then it must be open source. (I was the average layman before Murphy's Law)
I think you hinted at that:
"Reserving the correct phrase for its correct usage minimizes confusion and, more importantly, helps hold off the eventual transformation of "open source" into the next big synonym for "community-driven.""
~Goose
Submitted by linkmaster6 on Wed, 09/23/2009 - 11:38am
...and tooth paste was created by the goverment to brainwash millions.
I think this guy wears a tin foil hat
a bizarre thought
Submitted by Wildebeast on Wed, 09/23/2009 - 10:41am
It's a shame that McAfee, Symantec, and the others can't just copyright the viruses, and use the DMCA to punish people who actively use viruses for malicious purposes.
Of course ---if they did try it, all it would take is one guy defending himself by showing they had the code, before the copyright holder had recognized that particular virus.
I'm not sure anyone would actually use that Defense though, as the Feds would then be going after them as the Originator of the Virus.
Been a long time since
Submitted by AntiHero on Wed, 09/23/2009 - 9:25am
Been a long time since someone covered viruses in a manner that didn't make me turn on Vista's UAC and create a backup. Someone could get the name registered as a copyright, however if someone were to use the same name, how could they pull a lawsuit without letting slip that it's a virus. Also once the virus gets out there, the name would be registered with someone, and therein getting them caught. So calling it an Open Source project is not really true since it cannot get a name, even though it can be a collaborative project, and a project that people can take, manipulate and recreate as they wish.
I don't like Microsoft, I associate with it.
Valid
Submitted by WarCrime342 on Wed, 09/23/2009 - 10:30am
Your point was very clear and well written. It's been quite a bit of time since I've seen a comment of this quality. Nowadays, anyone with an internet connection can post a comment. It's not very exclusive anymore and those with expertise now have to stand out of a crowd to make a valid statement.
Submitted by periodhyphenund... on Thu, 09/24/2009 - 10:39am
Thank you
Submitted by periodhyphenund... on Wed, 09/23/2009 - 9:22am
Quote:
"It also gives us a chance to ponder what a closed-source virus program would look like."
It looks EXACTLY like Windows 7! Duh
Please go back to MacLife.
Submitted by gendoikari1 on Wed, 09/23/2009 - 2:02pm
Please go back to MacLife.
Submitted by mattman059 on Wed, 09/23/2009 - 10:42am
OH theres no arguing with this dip shit..just go read some of his other comments....guys a ass hole.
Submitted by periodhyphenund... on Thu, 09/24/2009 - 10:47am
People like me who have evidence to back up our statements get nothing but grief for our trouble.
We spend thousands of hours without pay to help slobs like you protect your own computer and all we get from you is name calling and cyber bullying from people who cannot get even one single piece of evidence to counter my claims!
Fine, let the Government spy on you!
Your stupidity only hurts you!
IF you have evidence you
Submitted by nekollx on Thu, 09/24/2009 - 10:50am
IF you have evidence you shoulnd't be fraid to provide it...
------------------------------
Coming soon to Lulu.com --Tokusatsu Heroes--
Five teenagers, one alien ghost, a robot, and the fate of the world.
Is this the guy who's always
Submitted by lunchbox73 on Wed, 09/23/2009 - 11:39am
Is this the guy who's always spouting off about how Windows 7 is spyware? What's his deal? What's your deal dude?
Submitted by periodhyphenund... on Thu, 09/24/2009 - 10:49am
The deal is Windows 7 is spyware AND WE HAVE THE PROOF in case Max PC would like to do an honest article on the subject!
Once again WE HAVE THE PROOF to back up our claims!
You only have cyber bullying and name calling to back up your claims
Submitted by mattman059 on Wed, 09/23/2009 - 3:30pm
LOL - *See above post regarding MacLife*
Submitted by nekollx on Wed, 09/23/2009 - 10:22am
*walms up my pimp slappin hand* Please keep your agendas out of serious virus discussions.
The Murph makes some good points though, what makes O-S shine is that you can't just make it into a virus. Since that wound involve hoding the code and violating the GPL, if you do reveal the code then the vius can be cleaned before it launches.
------------------------------
Coming soon to Lulu.com --Tokusatsu Heroes--
Five teenagers, one alien ghost, a robot, and the fate of the world.
Submitted by TheMurph on Wed, 09/23/2009 - 8:00pm
To note: GPL was but an example, not a requirement to define software as "open-source." ; )
Must Read Articles
Feature
Review
Feature
Feature
Feature
Most Popular Articles
This Month's Issue
FEATURE How to Get FREE Programs, Services, Software & MoreFEATURE Digital Photo Printer RoundupHOW TOBuild a 3D CameraFEATUREDIY Arcade PCWHITE PAPERHow TRIM Works
Technology News
Computer Cooling Fans
Computer Cases
PC Game Controllers
PC Games
Computer Hardware
Headphones
MP3 Players
Stream Video
Computer Mouse
Monitors
Motherboards
NAS Storage
Networking
Laptop Computers
DVD Burner
Digital Cameras
Portable Storage
Computer Accessories
Smartphone
Antivirus Software
Sound Cards
Speakers
Computer Systems
Thumb Drives
Video Cameras
Video Card Reviews
Water Cooling
Gadgets
- Keyboards
© 2009 Future US, Inc. All Rights Reserved.