Slashdot Mirror
'Friendly' Worms Could Spread Software Fixes
An anonymous reader writes "Microsoft researchers are working out the perfect strategies for worms to spread through networks. Their goal is to distribute software patches and other friendly information via virus, reducing load on servers. This raises the prospect of worm races — deploying a whitehat worm to spread a fix faster than a new attacking worm can reach vulnerable machines."
This is a very old idea. One of the earliest worm/viruses was actually of the "white-hat" variety. Nothing to see here, move along.
Curiosity was framed, Ignorance killed the cat.
You have a peer to peer protocol built in which'll happily accept Microsoft signed packages?
Deleted
"A friendly worm updated your computer which required a reboot."
CommentBot 0.7a running with args "-module irritate,disagree -target random"
What makes this any more legal than a black hat worm?
It keeps resurfacing every now and then. Get this through your thick skulls: It's my computer. Keep your God damned hands off of it. I don't care how good your intentions are, you have no right to infect MY computer with anything at all, good or bad.
If you use a tool like this on your own network, fine, but if I find it on my own you had better cover your tracks because I'll go ballistic.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Call me crazy but I do not see this as a good thing.
... a system that will further reduce transparency regarding MS updates...
The Schwartz space ain't from Spaceballs.
their way into your heart, so they're heart-worming welcomes.
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Anyone remember when someone did this for Blaster and created the "Welchia" worm variant? An article on it is located here: White Hat Worm and Microsoft even complained that it "generated excess network traffic". Now they are proposing to do the same thing? How are they going to make the worm spread, through vulnerabilities like Welchia did? Hope they don't use an RPC vulnerability and cause your system to crash like it did!
I guess this goes with all of the tags we've seen today on articles of "whatcouldpossiblygowrong?".
"To strive, to seek, to find, and not to yield." - Tennyson
I'm surprised this hasn't been slapped with the "whatcouldpossiblygowrong" tag yet.... seems like most stories are, pretty much regardless of content.
So Microsoft has found a way to push "updates" like WGA to those pesky users who fail to see the advantage. No surprise there.
And show me a way this can be done securely.
The only way I can conceive of is with public key signing, but this would reduce the security of nearly every windows computer down to the cracking of a single public key... Not a pleasant prospect.
The storm worm keeps sending me spam claiming it 'loves' me or something and inviting me to download an infected e-card.
Does that count?
Customer: Something's wrong, my computer's not acting right.
Tier1 Customer Support: Ok sir, I'd be happy to help you with that. Firstly, do you have the latest Microsoft Virus(tm) installed?
Customer: Yes.
Tier1 Customer Support: OK, do you have an Antivirus installed?
Customer: Yes.
Tier1 Customer Support: Ah, that's the problem. You'll need to remove the Antivirus in order for the Virus to function correctly. It's not safe these days to be running without the latest Virii!
That is if we're speaking about the management at Microsoft.
"To those who are overly cautious, everything is impossible. "
If the mechanism exists, it will be compromised. Haven't you leaned anything yet? Better design a system that can't process a worm.
The temptation if this became a strategy, i.e. the system can run Microsoft Worms only, would in a very short time, run Microsoft like worms.
This seems more like and admission that their systems can't be secured.
Or "Who's finger is in the dike? Dammit, thats not my dike!"
MS already sat on AUtopatcher because they said that they lost control of the distribution and a malicious patch could slip in. With the worm thing it is a bazzillion times worse. So many more potential points of infection.
Engineering is the art of compromise.
... a site owner who receives one of these "worms" doesn't decide to replace the payload with something nastier. The data could of course be encrypted and checksummed, but this would need access to a central repository again, and would also mean that every machine would need a port wide open to Internet to receive and transmit such data.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
So now Microsoft will have a new way to control legions of zombie PC's. Vista adoption numbers must be really bad
We had developed a "worm" that exploited the exact same holes as several of the common ones around at the time to release on the corporate network. The point of "worm" was to deliver the fixes for those exploits. We were calling the program a "white worm" (short for White Blood Cell Worm). It was quickly shot down by security at the time.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
"Always forgive your enemies; nothing annoys them so much." - Oscar Wilde
See? This is why M$ built in all of those insecurities, so they could build viral technology to fix your computer all up for you. Don't you wish all those OSS systems could be infected now?
You never really know how close to the edge you can go until you fall off.
Finally Microsoft actually does something that can land them in hot water.
I actually hope they do this, then they can get their asses fined for computer trespass.
I saw this a few years ago when I was at Compaq/HP when the Blaster worm came out. One of the engineers wrote a worm that basically traversed the network and exploited every vulnerable Windows machine, only it disabled DCOM so that further exploitation was not possible by the Blaster Worm. The only problem was that corporate IT didn't bother to tell anyone what they did, so I spent a few hours troubleshooting an application that was broken until I figured out what had happened. Eventually an email went out...
"Give up hope, dreams are for suckers."
If I'm not mistaken according to Micro Soft's EULA you don't actually own the software they do. They are just giving you permission to use it. Though you do own the hardware the worm in question would only affect or change the Soft Ware. In addition you neither own your network connection or most likely the building you live in ( dorm, apartment, mortgaged home etc) so from a purly legal stand point you have no leg to stand on. Though I do completely understand and support the meaning behind yrou rant
I thought the exact same thing, minus the move along part.
The thing is, now we can "Let" access come from a good worm, and deny access from a good worm. Also, we now have the tech to have the good worm live a lifespan, for instance, terminating itself on a timer or home connection count, etc such as to reduce the potential hole it leaves open. Or it could be a "signed" worm.
It's definately an old Idea, but one that we now have a way to make it P2P.
How much is your data worth? Back it up now.
IANAL but it's interesting that they are conducting this research in England, at the very least this would require a change in the EULA that MSFT could be deemed an "authorised user" of the computer, from the Computer Misuse Act 1990:
At the very least, this would suggest to me that I would be perfectly within my rights to opt out of such a system.
A thistle is a fat salad for an ass's mouth...
This is old news. Lots of worms are in the wild that infect a machine and then close off it's vulnerabilities so others are unable to exploit it.
I can't remember which, but after the Code Red or one of them from that era, wasn't there a 3rd party modified version that automatically installed the remover and patches? Remember the outcry? I do, because it ended up screwing up a mission critical system.
I'm sorry, I have enough problem keeping Windows Update from trying to update my system before I'm able to test the patches. If things were truly "roll backable" perhaps I would feel differently. To many times I've been bit by this patch breaks this critical piece of software, and no recourse except to rebuild the machine.
Not my idea of a party. Besides, Black Hats are already doing this... Now a White Hat is going do to it... Now they they are both doing it, how do we know the difference anymore? Are the White Hats going to disclose what they are doing? How do we know the difference? What if a Black Hat poses as a White Hat?
It just sounds like yet another exploitable method of a phishing scam.
Quite honestly, keep the HE77 off of my computer, and don't think that just because you claim to be a White Hat you have the right to worm your way into my computer.
Cheers,
Xyst.
then we got hit with the anti-slammer worm. The slammer worm hadn't infected us, but the anti-slammer did, and wound up rebooting about 20 servers (which begs the question "why weren't they already patched?"), during the middle of the day. Pure panic mode as they started spontaneously rebooting.
"Sometimes a woman is a kind of religion, she can save your soul & set you free from all your sins" - Bad Examples
I remember when I worked for Penn State University during the Blaster outbreak. Ironically enough, we fielded more machines infected with Welchia, the white-hat worm for that particular vulnerability, than we did for Blaster itself. White-hat or Black-hat, "reducing loads on servers" is irrelevant because of the strain the worms will put on the routers and switches in the middle, let alone the clogged internet-facing pipes.
I don't care who implements this solution. It was a bad idea a few years ago and it's still a bad idea today. The delivery mechanism will be compromised, and just having this type of thing out there will create new interest in creating hazardous worms/virii. I don't know about you guys, but I don't want anybody touching any of my systems. Ever! How about differences in configurations? What if I have a highly modified registry because I'm doing some advanced package testing? Then you come in and 'fix' something based on default values and it corrupts my entire system? Who's going to fix it then?
What about all the security admins who filter traffic based on pattern matches and ports? So now when we see a spike in traffic from thousands of machines going to 1433 on successive IP's we're supposed to somehow make a diagnosis on whether it's good or bad traffic? It's unnecessary overhead on the network. Whatever it's intention, auto fixing of problems and specifically designed auto replicating extra internet traffic is a bad idea.
Let's just give these script kiddies more possible exploits into an already buggy and secureless OS.
http://blanu.net/curious_yellow.html/
Brandon Wiley proposed a scenario in which a future internet would be consumed by the warfare between several (black or white) worms that feature node-coordinated efforts to prevent detection and removal. For those too lazy to read the link, "Curious Yellow" is basically a modular worm in which zero-day exploits can be added as they are discovered allowing for unchecked growth across the 'net. The worm can then work with other nodes to attack targets by dropping all their traffic, or by subtly modified whatever they receive. The best way to fight such a worm is with fire, a similarly designed "white" worm that goes around patching hosts as quickly as it can.
IMO, remote exploits are rare enough that I don't see this ever happening. On the other hand, with enough infected bot nodes to work with the data mining potentials of some of the more sophisticated extant work networks does worry me...
At least the war on the environment is going well
I'm no expert in such things, but why couldn't they release a Microsoft Update P2P client that:
1) Checked Microsoft's servers for a list of needed updates with MD5 hashes for those updates.
2) Check bittorrent or some other P2P network (perhaps even a custom one) for those updates.
3) Download the file, compare it against the MD5 hash.
4) If it doesn't match, delete it and find it on another computer. If it does match, alert the user to install the update. (Or install it automatically if that's the setting the user chose.)
This would reduce demands on their servers (except for the checking for updates part) and wouldn't open the possibility of someone turning the Patch The Bug Virus into an Pose As A Patch To Gain System Access Virus.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
If its made by M$ whats the difference between it and a black hat worm?
"Stop using condoms!"
Every year it's the same old story.
Some entry level programmer thinks they can save the world from themselves, by forcing the latest patch by the code monkeys on people's computers.
Patches are not perfect, sometimes they break stuff, sometimes they can break critical stuff.
Lesson:
1. It's my computer.
2. Any unauthorized access, is ILLEGAL access.
3. Break a critical system, people can die, you get caught == you get sued.
This is why I sometimes wish that people who create OS's would be licensed engineers. It would keep stupid ideas like this from propagating.
Don't matter if your intent is good, its still a crime and i hope they get caught and sent to prison for life and have a cell mate called bubba.
---- Booth was a patriot ----
... and what if [we] don't want to be fixed?
without my permission? Go to hell.
You want to distribute the distribution of patches? Use Bittorrent. But you can still go to hell, since I'm not paying for bandwidth to distribute patches for your shoddy software.
How on earth are antivirus programs supposed to distinguish between "good" and "bad" viruses/worms? Unless this is meant specifically to attack the issue of botnets and repair them I can't see this as actually being useful in any way. If they convince Symantec, Trend Micro, etc. to treat MS worms as legitimate then the virus writers will figure out how those products do this and mirror it to avoid detection. If the anti-virus programs don't then either these fixes will be rejected by everybody who has a virus scanner (not to mention floods of false reports from people thinking MS is releasing infected software). And if they are targeting the botnets then wouldn't this run afoul of various computer hacking/trespassing laws?
I don't see how they can pull this off effectively in any manner.
MS limits their liability for using their software to $5, as specified in the EULA. However, this would open them up to severe liability concerns. Unless you explicitly opt in, or it's mentioned in the EULA already, you'd have a hard job deflecting liability when a botched patch nukes half the NHS.
With most viruses, you haven't a clue where they come from, so you can't sue. This one will likely be cryptographically signed.
Sean Ellis
Follow OfQuack's antics on Twitter.
a Microsoft authored worm? And how many pop-ups would we get. Not to mention wormholes.
Two roads diverged in a wood, and I - I took the one less travelled by. (Robert Frost, 1916)
Because M$ is soooo very good at normal updates:
http://blogs.msdn.com/ie/archive/2007/12/18/post-install-issues-with-ms07-069-ie6-on-xpsp2.aspx
(Among others) That they'll be a perfect candidate to create this type.
For that matter, I'd really like to know how someone/people who might do this, would get around that whole illegal thing.
And thus SkyNet was born.
n/t etc etc.
"...reducing load on servers."
While increasing the load on my own computer?
There are no friendly worms. Compromising the security of a system, REGARDLESS OF PURPOSE, is a hostile and criminal act. There is no excuse for it. In addition, an agile black hat could hijack the worm and put its own malcode in there.
Anybody proposing this nonsense just shows they do not even have elementary security knowledge and did not research the topic at all. Incompetents.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Till the script kiddies use this delivery mechanism to bypass all security and deliver their own custom payloads.
Yay Microsoft! They have such good instincts when it comes to security!
- For the complete works of Shakespeare: cat
In Soviet Russia, worm patches YOU!
Hot Grits
But does it run Lin OUCH!
Imagine a beowlf cluster of OW! OW! OK I'LL STOP!!!
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Parasites Lost.
God spoke to me.
We have SkyNet and a bunch of cyborgs running around.
If they don't want to burden their servers, maybe they could share the fixes between clients.
I think thats already happening. except we subscribe to this worm called MS Update
1)Every time a "P2P patch" is detected, Windows calculates the patch's MD5 Hash and sends it to Microsoft. If Windows recieves an OK message from Microsoft it's allowed in. And not just a standard "okay" packet, but an encrypted one. You could also have a whitelist on microsoft's site and Windows goes out to it and checks its hash against it.
2)Encrypt the patch, and require Windows to go out to microsoft's site to get a key for it.
That would be a lot more hoops to jump through then simply copying a certificate.
Released that virus to take care of promiscuity and the 'gay' problem. That worked well.
Even with a fully patched Windows, it's still full of holes. If security is your top priority, don't even touch windows.
A very interesting idea... Use a known vulnerability to "infect" a system, and close that very same vulnerability.
I foresee legal problems, trojans, network bandwidth being wasted, and new bugs introduced. "No Sir, I don't like it."
--Pathway
A hash of the code is encrypted with MS' private key, which stays at HQ, the hash can only be decrypted with the public key. (google asymmetric cryptography, if you'd like more info)
Because I can just see the numerous lawsuits that will appear when their stupid worm-composed of that "innovative" buggy Microsoft code we here so much about-is hijacked by malicious people or the worm itself screws up end-users computers.
think of the potential for a full scale NUKE fest
but seriously why not start a company that writes worms that eat other worms, etc.?
I'd do it but I'm afraid my knowledge of the windows kernel and process hooking isn't up to snuff
"But does it run Lin OUCH!
Imagine a beowlf cluster of OW! OW! OK I'LL STOP!!!"
You're new here aren'....ok ok, I didn't even take my coat off!
This space is intentionally left blank
So there will be even more traffic as a "whitehat" worm tries to patch up a "blackhat" worm spraying from several infected servers/workstations. And whats to say someone maliciously alters the "whitehat" worm??
I heard this exact story several years ago, possibly right here on /. (I'm too lazy to hunt for it, and figure Google would produce the recycled story, not the original).
Everything old is new again cuz the problems haven't gone away?
Laughter is the Spackle of the Soul.
called Uplink *Spoiler alert* at the end of your regular hacker job you find out what the mega-corporation is doing and have to stop their ultimate bad worm with one that patches systems. It was a pretty fun game.
Only just got the Christmas decorations down and it's April 1 already...
Oh, wait... they're serious?!?!?!?
I meant to hit preview, I only meant to emphasize "do", not shout the whole end of the thing. I also apologise for responding to my own post.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Maybe I missed something but if load on servers is a problem and you are going to try and push that problem off onto customers, why not just use the bit torrent way of distributing patches? Blizzard has done it with WoW since day 0 and it has worked out for them... especially on large patches. Seems like an easy integration into your software. If even a single person helps seed that isn't your server, that's already a bonus.
Crackin' Wise - Blogging about whatever we want
if you see the WGA popup unusually you should know what happened
Just stop. It's not a good idea. It has never been a good idea, it will never be a good idea. There is no such thing as a "white-hat worm". No matter what the intentions of its writers are, the worm itself will never be "white-hat". It's going to cause problems on a technical level. It's going to cause problems on a legal level.
And even if you accept, for a moment, the premise that this worm could actually work without any collateral damage (which is unacceptable), do you REALLY want Microsoft (or any entity for that matter) deciding what gets distributed this way ? Is it "just" a fix for the vulnerability, or is it a "fix" that will break half of your infrastructure ? Will Microsoft update other, unaffected components of the system with this ? (How do YOU know they won't ?)
There is a reason company IT departments don't just let Windows Update rip into their systems and test updates first.
And besides being old, this is also a bad idea for two reasons:
Beware of bugs in the above code; I have only proved it correct, not tried it.
Microsoft can use some of the well know vonbiles to fix the boxes that are no longer having new fixes being sent out for them.
OR
Microsoft could open source the old Win ME/98/95/.. source code. In less then a week two things will happen. The Open source community will fix all the old thing that Microsoft stop fixing, and someone will find a way to kill all boxes that are not fixed.
The people who don't fix their boxes, will do one of three things. junk the boxes, go to Linux, or fix the boxes.
W32/Bolgimo.worm is a Win32 worm created by Phil Gibbons (Apophis of WDMA.biz Fame) which attempts to repair unpatched Windows computers on a network.
http://en.wikipedia.org/w/index.php?title=W32/Bolgimo.worm_(computer_worm)&oldid=11459694
Th3y just w4nt t0 p4wn 4ll t3h n3tw0x! B1llyG mu$t b3 0n3 3l1t3 k1dd13...
;-)
No seriously...they're now writing the virus?!!! I guess they've given up on actually producing relatively secure software then...
Just like the old saying - if you can't beat them, join them.
Yet another reason to go to Linux, Mac, or something else.
Truth is like the sun. You can shut it out for a time, but it ain't goin' away. - Elvis Presley (source: imdb.com)
What's going to stop a worm from using the vulnerability MS opens for a whitehat worm for nefarious purposes? It will be found.
I hate sigs.
If you have a means for a worm to tell a computer that it is really a fix, all a hacker has to do is spoof that, and the machine will accept a virus as the fix.
END COMMUNICATION
What if the worm mutates, halfway through the network. So that it does contain malicious code, to wreak havoc among the computers it reaches. A worm could be intercepted, it's code altered, and then redistributed into that network the same way, the 'friendly' worm was intended to. How do I know, that this worm I just received, is indeed the worm that the admin send through the network to apply a patch? I'd say trusted mirror sites are a better way to reduce load on servers. You just need enough mirrors, so you can scale the load onto them.
EOF
been there, done that and dumped the idea as incredibly stupid and pretty dangerous, together with everyone else who's been doing research in that area several years ago.
What's MS at? Reinventing old, bad ideas, again?
Assorted stuff I do sometimes: Lemuria.org
This was called the cheese worm a few years ago. I think it's a good idea. There are a lot of irresponsible admins out there, especially, I'm afraid, those running Windows. I recall vividly in the mid 90s when these things started emerging, I was getting "attacks" from Windows hosts on my network. I tracked down the origin and went to the effort of contacting the admins - I even telephoned a couple, since I got interested in what was happening. The response, unanimously, was they were content to wait until Microsoft came out with a solution. That's right, they were running compromised hosts, that were busy infecting other hosts and polluting the net, but they were going to wait until someone came out with an automatic solution.
Nowadays it's a lost cause. So many people are just lazy. I told a family member her IM (MSN) was sending fake invites to people in her contact list, and she said she didn't have time to deal with it. I could have told her that she's going to be infecting people exponentially, but it wouldn't matter.
So i'd guess that to save bandwith, Microsoft prefer to choose the bad reputation of worms more than the bad reputation of Torrents?
Because using bittorent to send the updates, they could save quite a lot of bandwith, just like Blizzard does with 10 million suscribers...
But, off course, they must prefer doing things behind our backs than being legit and let us choose if we want to update or not...
...really pisses me off about Windows?
Why do typical user accounts have permission to join another fucking wireless network? They can't change their IP address or any other settings, why should they be able to switch networks?
Stupid as fuck. Research a local machine's security before researching network security, Micropenis.
Say hello to my little sig.
Microsoft... worm... what could possibly go right...
my upload bandwidth is a small fraction of my download bandwidth
i will not accept becoming a server for Microsoft's customers so that Microsoft can save a dollar a month on its IT bills
there are far better and smarter ways to spread out the update downloads, like actually using the scheduled-execution capabilities built into the operating system
Oh yeah, just wait until they use them for evil--... er, what? You mean they already-- oh. Okay then, nevermind.
"Let's face it, it's a good story. Accuracy would kill it."
First thing that came to mind when reading this title? The Dune II game with some dude yelling: "Warning, worm sign!" :D
What's next? News stories featuring Apple hackers and Linux gamers?
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
Hypothetical situation:
Say enough worms are out out there, and they each patch the system after propagating, denying the same vulnerability. Well, since there are finite lines of code and finite resources, then there are finite vulnerabilities.
Ironically, then the most virus and worm-laden computers would be the most secure computers on the planet, since there would eventually be no more bugs for the Microsoft worm to exploit and patch the system.
Hrrm... I think I see where they're going with this. They can force the virus makers to do all their operating system security work for them! Genius! Now, just to figure out how to get rid of the viruses and worms afterward...
This is going to end badly. The company that can't seem to get a number of critical fixes in place is going to setup a system that uses a virus to propagate patches? This has to be a plot to really bad B movie coming soon to a theater near you.
"It had to happen eventually...They said it would make things better...Microsoft Virus 1.0...Initially it looked benign...Even helpful...But then it was subverted and changed...Within days 100% of all Windows systems were infected...Users data was compromised and exposed on the Internet...Nothing could stop it!...Oh the humanity of it all!
This summer at a theater near you, no one can hear your computer scream on the Internet!
Why not just make the Windows patches run in a native Bit Torrent client and be done with it?
has noone seen I Am Legend: crazy cures for cancer _just_dont_work_!
---- Design. Invent. Cheese.
Wait now... Peer-to-peer is an evil tool used only by hackers, pirates and other miscreants. /sarc
Why use a worm for this? If the over all concern is that users do not upload patches in a timely manner and as a result blackhat worms muck up their computers, why not make a more mandatory update system. I've seen the P2P comments flash by over and over again as well as comments on how Blizzard utilizes them for WoW; wouldn't a more useful means to an end be creating a Patch Updater in a similar manner to what Blizzard uses only for security features? Irritating, but more effective than random whitehat worms spreading about the computer, waiting to be manipulated by blackhat creators.
Why not just use Bittorrent to distribute patches, and not create MORE problems by introducing new vulnerabilities into a system?
That would be the ultimate whitehat worm, as the 60% of people that don't care about linux/windows are the same people that don't patch. Unfortunately i don't think that's what ms are planning.
Perhaps its because it took slashdoters about 30mins to use an exploit to fix the latest kernel bug that ms think it would work for them, but they don't understand its that only they are going to be able to write the worms!
IranAir Flight 655 never forget!
This sounds pretty good to me. A P2P patching system makes perfect sense, as long as they used an appropriate type of encryption. The security thing will be the biggest issue to keep people from creating malicious "double-agent" worms. Although, another issue should be that it's voluntary, or at least make it trivial to disable. And by that I also mean by it can be disabled remotely by Microsoft, in case a double-agent is starting to make the rounds or something goes terribly wrong. But also because some people just may not appreciate using their bandwidth to seed patches.
What's the value of information that you don't know?
I mean, seriously. Before 1997 and Active Desktop the whole idea of mail software that would deliberately accept and execute code from any random yahoo, deliberately, was bad SF. It was something that people made jokes about. Programs wandering around in computer networks and being given the right to execute an any system they came across, that was a Saturday morning cartoon for kids before .NET. But at least that kind of problem was limited to Windows... nobody ran native unsandboxed code from web pages until recently.
So it's no wonder they want to send TRON and Bob out after Sark and Megabyte. They really believe in special effects.
Actually the BSDs would be more likely to be used because of their permissive license and better reputation.
Semi-automatic amateur armchair Australian philosopher; conjecture ready at any moment...
Kind of like the battles being fought by micro-organisms and virusses and our natural lines of defense in our body
So decades from now we don't know what is happening in our computer systems; thousands of mutated forms of virusses are figthing for life and death.
If you mod this up, your slashdot background will turn into a beautiful sunset!
I'm surprised no one talks about following the path back to the source. I.e. Bad worm attacks my computer. I have the good worm sitting dormant on my computer, detects and stops the attack and propagates to the source that the worm attacked me from. If someone up-line has patched their computer already, the good worm dies/ goes dormant. Yes, this wouldn't necessarily stop bad worms but could prevent re-infection. (I have this brother in law who never has a problem with Microsoft or viruses... Yes, one of those.) It would work as well as AV does now... maybe a little better. You'd need like a Fireworm.
Semi-automatic amateur armchair Australian philosopher; conjecture ready at any moment...
I don't know about the US, but in the UK, the word 'fix' can be used to describe a vasectomy.
Is that an appropriate observation in this case?
Max.
Kid's voice from your computer at 4am:
Hello! I am your kind little fairy! I come to your computer to
clean it and fix its broken parts! You will be feeling safer now!
Don't forget Tuxissa!
Blizzard did this the intelligent way with World of Warcraft, and looked at how p2p was being used successfully in the real world. BitTorrent. Problem solved - and I dare a "pull" model is a bit less risky than worms "push"ing out patches.
1) MS salesguy... duhhh, nice company youse got here Mr. CEO, wit all dem computers running XP. Youse wouldn't want something terrible to happen, like the BSA discovers that they're all running Vista and sues the daylights outta youse. For only a million dollars in protection... oops...errr... I mean Vista site licence, we can see to it that nothing terrible happens to your company.
2) CEO... Get the F*** out of here. I'm *NEVER* switching from XP to Vista.
3) MS "upgrade worm" comes along and "upgrades" systems from XP to Vista
4) Federal marshalls raid the company after an anonymous tip
5) Every PC at the company is found to be running Vista
6) Big lawsuit by BSA
7) Profit
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
http://it.slashdot.org/comments.pl?sid=186302&cid=15376270
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
File download from Microsoft's own Sharepoint Portal Server was damaged by an Windows update. Would those auto-update worms fix more than they break?
And that will mean "friendly" to whom? The end user? I don't think so! Microsoft? That's more like it. I suspect the fact that I, and many others have told our legitimate copy of XP not to download Windows Genuine "Advantage" (pffff) notification tool etc has lead Microsoft to think up new ways to distribute their "advantageous" patches...
In fact what surprises me is that Microsoft are admitting that they are working on this - it makes it hard to deny responsibility for various kinds of obnoxious worms that they might wish to distribute
Instead you will just be asked to reenter your original Windows(TM) CD and type your registration code to continue to safely use your PC with your Windows(TM) OS (and would also be reminded to upgrade to the latest version and/or to repurchase the OS if you exceeded your limited number of reactivations).
is a system that uses user bandwidth to propagate their fixes like world of warcraft has been doing since it's beginning.
New job positions: Microsoft Master Fedaykin.
If you had the lucky of not having contact with Disk Knight, take a quick look at this.
I was plaged by this s*it some months ago. I have at home 4 computers, 2 digital cameras, 4 MP3 players, 5 pendrives, one wife and 3 teenagers. It was almost impossible to get rid of this damn piece of software. It would replicate itself by USB flash devices and install itself into the computers when the device was inserted, without asking first. And when we tried to uninstall it, it would just erase its icons and Program Files folder, but it would keep running and replicating itself. A real annoyance.
Disk Knight author's intention might be good, but I think I prefer to take care of my computers myself.
So say we all
If they want to reduce server load why don't they take a hint from Linux. I know it's almost unheard of that Microsoft would take advice from an Open Source community of users, but still they chould give it a go. What I'm talking about of course is the way many Linux distros use Torrents to get their .iso's out there without large strain on their servers. This way Microsoft will reduce load on their servers and fixes will get out alot easier instead on a swarm rush on every patch Tuesday.
M$ just outright sucks and this proves it, just come out with a free sp3 patch for everybody that doesn't trigger the piracy validation process, and just patches everyone's machines, if I can download a copy and burn it, I am providing it to all my friends that are computer illiterates.
This just goes to show you, it is a smoke screen for what will happen after the fact, and they will be smart enough to hide their tracks. They will go further then just provide a patch, they will
install something that validates your windows and bam, oops, your not legit. Then they log you and from there you will be blacklisted with friendly reminders to get a real copy.
Mark my words, first they do what they say, then slowly it morphs into something it wasn't intended to do, but by then it's too late everyone has accepted M$ new way of doing things and doesn't raise any alarms as to what else it could be doing.
I wonder if they will give out a signature so you know which is which with your AV. Let this one by as it is M$...at the same time I hope all AV will be smart enough to include this on'es signature in the DBs.
A worm is just a autonomous P2P sharing program. This means by using a P2P program, Microsoft is by default engaging in illegal activities right? According to RIAA anyway.
I spend enought time an energy trying to keep bandwidth usage minimal, there is no way in HELL I'll let a company that I pay a fortune to start using my bandwithh the pass their bug fixes on to other people. Companys spend enough in site licences, MS can afford to spend a little to keep their patch system running properly, without needing to move to a Peer-to-peer virus setup!
YHBT
=P
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
I have another idea. Me and 10 of my friends are going to go around the city at night and fix the brakes on people's cars. I promise, I know what I'm doing. Sounds good right?
Yep, new idea, use a so called whiteworm. How many old Stargate SG1 watchers here. Remember the episode where Amanda Carter had a guy reprogram a stargate dialing device with a virus meant to harm the Goald snakemen. Remember how Baal s people found this virus and recoded it to attack the humans. Well the same could happen with any so called whiteworm. Even the great monster microsofts own servers could be hacked to spread the blackhatted whitehat worm to machines all over the world. Besides, the Chinese having gained the source code for windows bz coercing microsoft to give it to them in exchange for an empty promise to be able to sell vista to China, are probably right now subverting this program by distributing worms of their own, each bearing the appearance or being as white and pure as the old soap Ivory Snow and its old advert spokeswoman......you know, the one who starred in Behind the Green Door! The only safe way to own a pooter now is to cut it off from the internet. Ya wanna surf! Use a laptop as a stand alone machine. Download files to it if you must. Save them on floppies or CDs. Virus check the CDs....over and over again. Quarantine those disks until enough updates to antivirus software have come out to detect all the new and unupdated to virus checker programs...scratch that, virus checker software is polluted with pro microsoft code and usin it will be like the fox watchin the chicken house. Get the updates from specific sites...thousands of them...aww hell. Windows and all its crooked friends is rotten to the apple core. Use linux and open source and open document. All the software most folks will ever need is already written and out there. No new stuff has been made for over ten years, ever since microsoft took over with the passage of the DammMCA. Just try to find new streetmapping software. New phone listing software using the taxpayer paid for Tiger Database without going to that foreigner who bought and put out of business all his competitors with foreign money is unavailable on a CD at any price. How about voice rocognition software from more than one supplier......morphing software.....educational software....CAD software.. the list goes on. Just go to your local sooooperstore and try, just try to find anything but MMORPGs, DRMgames, and microsoft products on the shelves. Norton sucks your resources and is NOT the same norton that you bought in the eighties that actually could be used to fix your files and see what is on your system or shred confidenttial data. McAffee is extreme nagware that sinks your operating windows system when you get tired of the nagging an try to remove it...also a microsoft sockpuppet just like norton. All the so called CD authoring programs are no better...DRMed to the max and unusable. Bottom line. Todays software is junk at inflated prices and totally undocumented. Todays hardware is no better. Look at the comic books masquerading as installation guides, and look at all the required internet connections to even make it work. This is so hardware manufacturers in cahoots with microsoft and others can force the downloading of corporate malware to customers machines by extortion, holding the customers non working hardware as hostage. Hewlett Packards multifunction printers are a case in point. Their installation process requires the customers to purchase Vista and its latest Internet Explorer version before allowing installation. This requirement is not on box in print and neither is it in print on the comic book direction bedsheet. Failure to comply by using microsofts unwanted children or bastard products will result in failure of the printer to print in any other color than yellow and black....and its scanner NEVER will work. We know. We bought one. It failed in this way when we did not buy veeeesta nor download IE malware....twice. At a cost of sixty dollars payable only by credit card HP would replace it if we shipped the so called bad one back ..our cost. There was yet another sting in the tail even in this so c
What about those of us with tight security? Do we not get the patches?
... applies whether or not I'm running software
I own or somene else's, so merely owing the
software they hack with the virus dosn't
necessarily protect Microsoft against a
charge that they've hacked my machine.
-dave
davecb@spamcop.net
I find it mildly curious that they're not using something like a bittorrent network to distribute updates. Even on my network of 30 to 35 workstations it would make a difference.
There is, however, a "Windows Update" client / server to allow administrators to distribute Windows Update material on their local network. It saves everyone a lot of bandwidth and time. The local server grabs updates from MS and the workstations look to the local server for their Windows Updates. At 100 or even 1000 mbit, you could distribute Windows Updates hugely faster than getting them over the internet for 500 workstations.
Makes me wonder if anyone is working to build BT distributed updates into a Linux distro like Ubuntu. There are schools now that are running hundreds of Ubuntu workstations. Though I imagine Ubuntu Server has a similar updating feature that MS employs for Windows Update.
No sig for you. YOU GET NO SIG!
but only during peak times.. right?
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
Apart from the fact that it is an old idea, it is too easy to exploit such a mechanism. Gullible users open any attachment, regardless of flashing red lights and warning boxes, so it won't be too hard to spoof a legitimate worm, just imagine how fast it can spread if people believe that the worm is harmless. No there are too many ignorant and stupid users out there, so forget about using something like this.
www.cybertopcops.com