|
NetBus Maker to Sue AntiVirus Firms?
OSAll Staff
MSNBC
Discuss NetBus at the OSAll BBSYstem
NetBus has traditionally been seen as something as an annoyance rather than a remote administration tool. The trend as of late, as exemplified by the latest release of Back Orifice, has been to go mainstream, however. The NetBus Web site even seems to refer to the software more as a fun prank than anything else -- but NetBus creator Carl-Fredrik Neikter claims that it´s a true remote administration tool that deserves to be able to do business in todays´ computer industry.
According to Neikter and his partner Judson Spence, the antivirus firms are stifling the ability of NetBus to make money by terming it a virus. They say that NetBus is a true remote administration tool and as such should be viewed by the antivirus companies not as a threat but as something of a partner. That is where, according to Spence, the problem arrises.
Antivirus software is often made by firms which sell other products -- often remote administration software. Symantec, for instance, sells PC Anywhere. This is where Spence sees a major problem -- he says that Symantec (and other companies) are acting anticompetitively by removing a competitors´ product from mainstream use. Typically antivirus software has to be totally disabled to allow the use of NetBus or Back Orifice 2000.
Back Orifice maker cDc seems to agree with the anticompetitive premise. Says one member, "we´re not out to make money. At the same time we´d like to see more people using our software. It´s just not going to happen if it leaves them wide open to viruses."
Symantec has claimed that if NetBus were not so stealthy it would not detect it. According to them, because NetBus doesn´t identify itself clearly on system startup, it is meant as a hacking tool to be used against the will of the server machine. NetBus makers disagree, saying that it´s simply a matter of convenience and speed.
At one point, an antivirus firm had its software ignore NetBus, but changed its policy after customers complained. Symantec claims that its customers are scared of NetBus and want it to be detected.
Computer security experts are on both sides of the argument, some claiming that they use NetBus for legitimate purposes -- but many don´t consider it a serious remote administration tool. "It´s nice as a prank," says one employee of ISS, "but when it comes right down to it I´d rather use Back Orifice or Timbuktu."
Back Orifice is also detected and removed by AV software, and cDc says they´ve thought about filing suit. The costs of such litigation, however, has been deemed prohibitive. As something of a solution, according to one cDc member, BO2k was made open source to allow metamorphisis, thus making it harder to detect as something of a protest.
An author of the popular Timbuktu remote administration software, which is widely accepted as one of the best remote admin tools, says that he admires both Back Orifice and NetBus. "They´re too good to be considered viruses. They shouldn´t be detected, although I can understand the argument to make them less stealthy," he said.
The NetBus authors have yet to make a final decision as to whether to sue. It seems that it would be somewhat difficult convincing a virus-phobic court of the legitimacy of the software, but that isn´t going to stop NetBus. The decision will more likely be based on the cost of litigation. |
