Anonymous-os project response

SourceForge is dedicated to making open source projects successful. We thrive on community collaboration to help us create the leading resource for open source software development and distribution. We strive to be, above all, trusted, both by the developers working on software, and the people downloading that software. Without trust, Open Source fails.

Yesterday we starting hearing some buzz about a new project called “Anonymous-OS” – people claiming that it was not affiliated in any way with the group referring to itself as “Anonymous” (See Wikipedia for further discussion of that group), and also that the software itself was full of a variety of trojans, malware, viruses, or backdoors.

We looked at the project, and decided that although the name of the project was misleading (we see no evidence that it is connected with Anonymous) it appeared, on initial glance, to be a security-related operating system, with, perhaps, an attack-oriented emphasis. We have, in the past, taken a consistent stance on “controversial” projects – that is, we don’t pass judgement based on what’s possible with a product, but rather consider it to be amoral – neither good nor bad – until someone chooses to take action with it.

This is even discussed in our hosting documentation, in the terms of service.

However, as the day progressed, various security experts have had a chance to take a look at what’s really in this distribution, and verify that it is indeed a security risk, and not merely a distribution of security-related utilities, as the project page implies.

SourceForge, and the Open Source community as a whole, values transparency, particularly where issues of security are involved. This project isn’t transparent with regard to what’s in it. It is critical that security-related software be completely open to peer review (i.e., by providing source code), so that risks may be assessed along with benefits. That is not available in this case, and the result is that people are taking a substantial risk in downloading and installing this distribution.

Furthermore, by taking an intentionally misleading name, this project has attempted to capitalize on the press surrounding a well-known movement in order to push downloads of a project that is less than a week old.

We have therefore decided to take this download offline and suspend this project until we have more information that might lead us to think differently. We’ll be in touch with the project admin, and let you know if and when we find out anything to contrary, but for now, that’s what we’re doing.

We always struggle with taking a project offline, even one that seems, on the face of it, to need it. The reason for this is that we have been entrusted with thousands of projects, by thousands of developers, and we are always at risk of making a judgement about a project that looks malicious, and isn’t. We don’t want to forfeit the trust of the developer community in exchange for the trust of the user community, or vice versa. It’s a tightrope we must walk every time we encounter a project that seems a little suspicious.

We believe that this is the right decision in this case, but will continue to dig into it, to ensure that we’ve gone the right direction.

18 comments
MsMuthu
MsMuthu

pls send me the link to download

BeroBro
BeroBro

hi, can you send me the link to: baraadnan1gmail.com   ???? plEaSe

Thong
Thong

Tools DDos :-s

4ld017
4ld017

how to downoad it?

ctsai
ctsai moderator

Greetings,

As this blog post implies, we (SourceForge) do not have, and are not distributing the distribution known as Anonymous OS. We are not able to send it to any users, if you ask us to send it to you, we will not be able to assist with that request. As a courtesy to those who mistakenly commented on this thread with their email addresses, I'm removing your comments to protect your privacy.

Regards,

Chris Tsai, SourceForge.net Support

sdf
sdf

Will not fit in an e-mail.

dlauren
dlauren

Thanks for bringing this up.

132 joe
132 joe

There's still ''anonymous-smcoon'' or a name that looks like that, that is still online is it possible to quickly review the source code? Because i dont know how it works :S but it could be great right? Or freaking bad :S

Trackbacks

  1. […] στην υπηρεσία της, για download της εν λόγω διανομής. Η ανακοίνωση που υπήρχε δεν κατονομαζε κάτι συγκεκριμένο, μα πιο […]