Slashdot Mirror

← Back to Stories (view on slashdot.org)

Good Network Worms Made Simple

Posted by samzenpus on from the what-could-go-wrong dept.

grabbag writes "Dave Aitel is pitching new technology to create "nematodes," or beneficial network worms for use in large businesses. The idea is to set up a new language and structure to create "strictly controlled" good worms on the fly. A research-type demo was given as the Hack in the Box conference where Aitel talked about a world where "strictly controlled" nematodes are used by ISPs, government organizations and large companies to show significant cost savings."

5 of 137 comments (clear)

  1. Wouldn't it be easier to fix things? by photon317 · · Score: 4, Interesting


    Rather than constructing a framework around the idea of building "beneficial" worms that work through the same exploits as real worms, and having to respond to security problems by passing around a disinfectant worm by the same (newly dicovered) vectors as the bad worms roaming your network, wouldn't it be a lot easier to fix the operating systems, networks, and the policies applied to them, such that you don't have a malicious worm problem to begin with?

    --
    11*43+456^2
  2. New word, old idea. by mustafap · · Score: 3, Interesting


    In my day we called the 'ants'. An idea created by some chap at BT over here in Blighty.

    "Old idea,
    New name,
    15 minutes of fame."

    --
    Open Source Drum Kit, LPLC deve board - mjhdesigns.com
  3. Re:Problem by leuk_he · · Score: 3, Interesting

    nearly all networks are full to the brim with idiots.

    The same goes for system administrators. The corporate network is full of idiots who think they are great admins because they can install product x. Giving these idiots self-replicating code could cause great damage beyond your imagination. Most damaging worms are damaging because some rate limiting code is not coded correctly, or simply not understood by their creators.

    Note to BOFH who is reading this with me: no i do not mean YOU.

  4. Patching by SumDog · · Score: 2, Interesting

    I've heard of security experts stopping some worms which received their updates from geocity sites but placing an update on the geocity site that removed the worm and locking the original creator for accessing the site. The worm in effect, downloaded updates that cleaned itself.

    Although this seems like a good idea, I can't imagine pushing out worms that are beneficial. Why? Because you're still leaving the security exploit in place! Unless the beneficial worm closes the exploit, and in that case why not just release a patch in a safe an controlled manor?

    Are we starting to confuse patching, a process every good security administrator should be familiar with, with "good worms"

  5. DUMB DUMB DUMB! by TENTH+SHOW+JAM · · Score: 2, Interesting

    Worms have a horrid tendancy to get out of control. I wrote one to modify some settings on my LAN. In 3 months time it had persecuted a national WAN. Fortunately it din't try to do anything that could not be fixed reasonably quickly, and I was eventually able to kill the blighter off using self extermination code. But a net worm, is NOT A GOOD WAY OF UPGRADING. the little beasies have a habit of getting out of control, no matter what you do.

    (yes I was young and stupid when I wrote the code in question and learned much from it)

    --
    A sig is placed here
    To display how futile
    English Haiku is