Slashdot Mirror


Slate On Worms That Plug Security Holes

gwernol writes "Slate has a well-written article on 'white knight" worms like Nachi that attempt to automatically patch security holes; Nachi try to patch the hole that MyDoom exploits. The article calls for Google and others to incent White Hat programmers to create better White Knights. But are 'good viruses' really a good idea? Nachi created almost as much bandwidth congestion as MyDoom. Do we really want programs jumping onto our systems and 'fixing' them without permission? What about a socially engineered worm that claims to be doing good?"

4 of 417 comments (clear)

  1. Probably.. by manavendra · · Score: 5, Interesting

    for most users, who experience bewildering slowdown of the internect connectivity, or the intranet access, which mysteriously disappears after a few days - for them, such "White Knights" may probably be useful. For grannys, gramps and other naive users it would be a blessing.

    For others, who have mission critical application or other extensions on the target OS, such "White Knights" may send a shiver down the spine:

    What if it plugs a hole, but breaks something else?

    From what I have seen, such socialist stuff doesn't really go down well with corporations. They don't give away things for free, and they don't expect anything given to them for free.

    --
    http://efil.blogspot.com/
    1. Re:Probably.. by Mr.Cookieface · · Score: 5, Interesting

      It would be interesting to see some trusted repair networks emerge which deliver fixes to unpatched vulnerabilities for users who want them, similar to those who maintain spammer lists. The patches could be delivered over a trusted P2P network which has as its only purpose to deliver these files and of course would use hashes to verify the integrity of the files it delivered. That way, the white worms would only travel where they are wanted and could be tested a lot better than by the lone hacker.

      The only problem is that the users who would most benefit from this type of service aren't the type to be proactive in their fight against viruses and would probably never use something like that unless it came preloaded and turned on by default and Micro$oft would never let that happen.

      Perhaps the ISPs need to take more responsibility for identifying viral network activity and block it, while notifying the end users. Something like when they go to connect to the internet, they get a page notifying them that their machine is infected and they need to call a certain phone number before they are let back on.

  2. Re:Viruses to attack Viruses which patch Viruses by FireFury03 · · Score: 5, Interesting

    The problem with patches (and this goes for the linux world as well) is that people who don't have DSL are stuffed - how am I going to convince my dad to download all 70 meg of WinXP-SP2 over his pay-per-minute 56k dialup?

    (and no, "White Knight" viruses are not the answer)

    If ISPs start taking a hard line against exploits instead of ignoring them then people might pay more attention - it's not rocket science for the ISP to detect the signatures of worms scanning the network and automatically pull the plug on anyone compromised. I favor a "internet rating" system in the same way you get a "credit rating" - if you're shown to repeatedly get compromised then it's clear you can't run a secure system and no ISP should allow you full unrestricted internet access.

    I'd also like network-connected software you pay for (e.g. Windows) come with free updates _on CD_ for a reasonable life of the product instead of requireing you to download it. If my car has a fault (e.g. the brakes don't work under some conditions) then the manufacturer writes to me and fixes it at their own expense - they don't quietly put a notice up somewhere out of the way saying that if I want to I can send off for the replacement part and then wait for the media to actually publicise it after a few people crash coz their brakes didn't work.

    Before anyone complains, the whole on-CD updates idea wouldn't apply to free linux downloads like Fedora since you're not paying for it in the first place, but quite rightly it should apply to stuff you do pay for like RedHat Enterprise, etc.

  3. Confusing situation - but use biology as a model by Corpus_Callosum · · Score: 5, Interesting

    Think of the net as a big organism. We have invading viruses and worms [and other nasties], but no real immune system to speak of...

    While there are certain to be real dillemas and dragons here, it seems that exploring the idea of white worms and whatnot is a good idea, after all, is there any other solution for the systems that are not managed? However, white worms should have oversight (e.g. registered source code to some oversight body, managed release into the wilderness, etc..) somewhat akin to oversight for the immune system in an organism..

    When in doubt, consult how nature does it - the more complex our systems become, the more similar our solutions look to natures.. Very intriguing..

    --
    The reason that it can be true that 1+1 > 2 is that very peculiar nonzero value of the + operator