McAfee's recently–published Global Threat Report notes that malware authors are using Open Source development models to collaborate and make more effective malware. The tone and presentation of the report have prompted some reporters to criticise it as anti–Open Source. As the report has the sub-heading, “Paying a price for the open–source advantage”, and five of the seven articles discuss the open–source model, with titles including, “Good Intentions Gone Awry”, and “Open–Source Software in Windows Rootkits”, it is easy to get the impression that open–source equals bad.
However, closer reading of the articles reveals a familiar story: malware authors are increasingly professional criminals, and they are therefore using the most effective tools for the job. In this light, this is a resounding endorsement of the Open Source model: another group has recognised it as the most effective software development method. The implication that Open Source is somehow responsible for better malware is guilt by association, like noting that bank robbers have switched from horses to cars for their getaways, so taxi drivers have good intentions gone awry.
Why is McAfee putting this spin in its report? Is this a proprietry software developer trying to spread fear, uncertainty and doubt about Open Source?