Killing Others' Malicious Processes

Roland Piquepaille writes "This opinion is not mine, but the one of Tim Mullen, from SecurityFocus Online. In this story, he expresses some strong ideas regarding systems infected by worms. "I believe you should have the right to neutralize a worm process running on someone else's infected system, if it's relentlessly attacking your network. I've even written code to demonstrate the process. Though the initial news coverage of the concept was grossly inaccurate in conveying my ideas, it has stirred up a constructive dialog. I knew my idea was controversial, but I was wrong about something -- I figured everyone in the security biz would "get it" and that the hard part would be convincing everyone else that if they can't or won't secure their machines, we as the defenders would have the right to terminate the process attacking us. It has turned out to be the opposite." The author then looks at the criticisms about this strikeback idea raised by some security experts -- to dismiss them of course. Check this column for a summary or read the original story for more details."

More discussion at Counterpane

[Sheridan]

Bruce Schneier has more discussion of this in the latest Crypto-Gram issue, both in the main section and in the letters (including a letter from Tim Mullen).

There is a good justification in Mullen's letter as to why this proposal is different from the RIAA's proposed attacks on computers that they suspect of hosting unauthorised copyrighted material.