There were worms that would target other worms....
on
Botnet on Botnet Action
·
· Score: 2, Informative
For the folks discussing having 'good' botnets, does anyone remember the Nachi worm? It's purpose was to use the same Windows RPC DCOM vulnerability that Lovesan (an 'evil' worm) used. It would then kill the lovesan processes and download the necessary patches from M$ to prevent further re-infection. It would then search out network segments for other machines to 'fix'
Nice in concept, but the amount of network traffic that this created when it was in search mode would overwhelm closet switches in a decent sized LAN environment (minded, Lovesan did as well...). A company I was with had a branch office whose network manager was slow on patches. They got infected with both worms successively. While Nachi wiped out Lovesan (eventually), the office network was still useless until Nachi was cleaned off as well.
Relying on autonomous software outside of your control to randomly secure machines is a bad idea.
IMHO - I find that the reason that Microsoft's products are insecure is because of the level of backwards compatibility that has been engineered into the product lines. While being able to run older applications is useful for many corporations that have difficulty in finding replacement apps, the sad state of affairs is that it is just that level of compatibility that hampers a full rewrite of the Windows core architecture. If Microsoft were to make a bold decision and create a truly new architecture that had the Windows look & feel but was based on sound secure coding practices, the possibility for exploits would be drastically reduced than with the current 'we have to make sure that the app written in Visual C ++ v2.0 still works' mentality. Backwards compatibility for older applications can be achieved with running the app(s) with a slim kernel & supporting services in a virtual machine that has very limited privileges. So my question is: Will Microsoft ever make the move to a newer, secure architecture, or can we expect Win9x compatibility with WinOS circa 2025?
Slashdot Mirror
For the folks discussing having 'good' botnets, does anyone remember the Nachi worm? It's purpose was to use the same Windows RPC DCOM vulnerability that Lovesan (an 'evil' worm) used. It would then kill the lovesan processes and download the necessary patches from M$ to prevent further re-infection. It would then search out network segments for other machines to 'fix' Nice in concept, but the amount of network traffic that this created when it was in search mode would overwhelm closet switches in a decent sized LAN environment (minded, Lovesan did as well...). A company I was with had a branch office whose network manager was slow on patches. They got infected with both worms successively. While Nachi wiped out Lovesan (eventually), the office network was still useless until Nachi was cleaned off as well. Relying on autonomous software outside of your control to randomly secure machines is a bad idea.
IMHO - I find that the reason that Microsoft's products are insecure is because of the level of backwards compatibility that has been engineered into the product lines. While being able to run older applications is useful for many corporations that have difficulty in finding replacement apps, the sad state of affairs is that it is just that level of compatibility that hampers a full rewrite of the Windows core architecture. If Microsoft were to make a bold decision and create a truly new architecture that had the Windows look & feel but was based on sound secure coding practices, the possibility for exploits would be drastically reduced than with the current 'we have to make sure that the app written in Visual C ++ v2.0 still works' mentality. Backwards compatibility for older applications can be achieved with running the app(s) with a slim kernel & supporting services in a virtual machine that has very limited privileges. So my question is: Will Microsoft ever make the move to a newer, secure architecture, or can we expect Win9x compatibility with WinOS circa 2025?