Do Open Source rootkits help malware or anti-malware writers
There has been much debate recently regarding the availablity of rootkits on the internet like FU and other hard to find rootkits. The debate centres on the fact that they are available, are they being used by malware writers and hackers to write harder to find malware or are they being used by anti-malware writers to scan for new threats.Most of the rootkits available are more proof of concept programs that show how it is possible to hide software and data on a computer. A rootkit author who makes the rootkit publicly available with the source code can be seen by some people as a person who is helping malware writers. The authors themselves will tell you that they are making it available to big anti virus companies also. Many of the large anti virus companies like Symantec, McAfee do not have specific rootkit finding engines. Many rootkits can hide easily from most anti virus software.
McAfee executives have recently come out againt rootkit.com for helping spread rootkits around the world. Greg Hoglund of rootkit.com then came out with his own blast against the McAffee executive, an apparent friend of Hoglund. See the rant here on Greg Hoglunds Blog, interesting reading indeed.
The users over at rootkit.com are people with a lot of knowledge of the kernel and thus come up with many interesting new ideas and methods for hiding programs and data on computers. McAfee and other anti-virus software vendors have an entire community of developers and research and development that they have at their dispose. They should embrace the information that the site comes up with and use it in their software to find rootkits that are ultimately hiding viruses and spyware they are trying to find
rootkit