Slashdot Mirror
'Friendly' Worms Could Spread Software Fixes
An anonymous reader writes "Microsoft researchers are working out the perfect strategies for worms to spread through networks. Their goal is to distribute software patches and other friendly information via virus, reducing load on servers. This raises the prospect of worm races — deploying a whitehat worm to spread a fix faster than a new attacking worm can reach vulnerable machines."
If the mechanism exists, it will be compromised. Haven't you leaned anything yet? Better design a system that can't process a worm.
The temptation if this became a strategy, i.e. the system can run Microsoft Worms only, would in a very short time, run Microsoft like worms.
This seems more like and admission that their systems can't be secured.
Or "Who's finger is in the dike? Dammit, thats not my dike!"
More to the point, if you can quantify any damage that this worm does to your network, you have a nice big fat target to sue.
What's more, it'll make one hell of a fun class action suit.
If they had any sense, MS would nip this one in the bud...but then, they're the ones who gave us Windows Me, so...
In Xanadu did Kubla Khan
A stately pleasure dome decree
then we got hit with the anti-slammer worm. The slammer worm hadn't infected us, but the anti-slammer did, and wound up rebooting about 20 servers (which begs the question "why weren't they already patched?"), during the middle of the day. Pure panic mode as they started spontaneously rebooting.
"Sometimes a woman is a kind of religion, she can save your soul & set you free from all your sins" - Bad Examples
It's an interesting idea, but still causes some of the big collateral problems that worms cause. Welchia brought university and corporate networks to their knees because of high traffic just as well as Blaster did
You could program the worm to spread based on a random calculation, and assign it a threshold so the traffic isn't excessive. This would give the worm a very low probability to survive.
However, a better approach IMO would be to get rid of all the Genuine Advantage and activation crack, and allow boxes using old and famous activation keys (such as the "devil's own") to get updated with Windows Update.
It could be done right with the correct combination of hardware, software, and keys. Use TPM to verify that the worm is valid and to verify the keys, then standard use of certificates and signing can be used to ensure that the patches aren't tampered with before they hit the drive.
Unfortunately, without the infrastructure in place, it's going to be much harder to ensure that nothing goes wrong.
called Uplink *Spoiler alert* at the end of your regular hacker job you find out what the mega-corporation is doing and have to stop their ultimate bad worm with one that patches systems. It was a pretty fun game.
Maybe I missed something but if load on servers is a problem and you are going to try and push that problem off onto customers, why not just use the bit torrent way of distributing patches? Blizzard has done it with WoW since day 0 and it has worked out for them... especially on large patches. Seems like an easy integration into your software. If even a single person helps seed that isn't your server, that's already a bonus.
Crackin' Wise - Blogging about whatever we want
If you find it on your computer, you deserve it. You probably had or were in danger of becoming infected by the worm that exploited the vulnerability this was trying to fix. And I don't care if it's your computer or not, if you can't be trusted to keep it from polluting the Internet at large then someone will have to do it for you.
A well designed "white hat worm" could just sit and listen for a while until it got hit with a computer probing for the vulnerability and then infect and fix the computer that did the probing. Once it has fixed a certain number of computers, or a certain amount of time has elapsed, it removes itself.
Victory or awesome!
Unfortunately, my guess is that they'll never quite get to program for us. See http://en.wikipedia.org/wiki/Rice_theorem