Slate On Worms That Plug Security Holes 417
gwernol writes "Slate has a well-written article on 'white knight" worms like Nachi that attempt to automatically patch security holes; Nachi try to patch the hole that MyDoom exploits. The article calls for Google and others to incent White Hat programmers to create better White Knights. But are 'good viruses' really a good idea? Nachi created almost as much bandwidth congestion as MyDoom. Do we really want programs jumping onto our systems and 'fixing' them without permission? What about a socially engineered worm that claims to be doing good?"
Probably.. (Score:5, Interesting)
For others, who have mission critical application or other extensions on the target OS, such "White Knights" may send a shiver down the spine:
What if it plugs a hole, but breaks something else?
From what I have seen, such socialist stuff doesn't really go down well with corporations. They don't give away things for free, and they don't expect anything given to them for free.
Re:No. (Score:2, Interesting)
To minimize the traffic (Score:2, Interesting)
The white worm should also uninstall itself after a predetermined length of time, say 10 days.
I understand the concern people have about auto-patching, however I am certain that none of those people would put themselves into a situation where they were vulnerable in any case - they would only see a benefit from this, in the overall lessening of net traffic.
Re:Probably.. (Score:5, Interesting)
The only problem is that the users who would most benefit from this type of service aren't the type to be proactive in their fight against viruses and would probably never use something like that unless it came preloaded and turned on by default and Micro$oft would never let that happen.
Perhaps the ISPs need to take more responsibility for identifying viral network activity and block it, while notifying the end users. Something like when they go to connect to the internet, they get a page notifying them that their machine is infected and they need to call a certain phone number before they are let back on.
Its NOT for Slash readers (Score:2, Interesting)
NO... this is for those Joe Sixpacks, grandmas and - worse of all - the selfish dumbasses who dont know OR CARE if their machine on their spanking new broadband connection is fouling the net for the rest of us.
If ISPs dont employ some kind of active blocking, then the combination of the worlds most used OS (STILL having gaping holes) + users who'll open any attachment and OK every install query + broadband means the battle will be lost without some "friendly agent" on our side.
And whats with these PCs you buy with one years free subscription to virus updates? Whaddaya think happens when that expires? The expiry warning dialogs get dismissed, the machines become increasingly vulnerable.
For these users, patching needs to be proactive, automatic and on by default.
Course the nay sayers will argue that an auto update mechanism creates a vulnerability in itself. This is arguable, but the fact is you're not gonna win trying to "educate" users.
You could just sit back until a nice cosy CLOSED internet standard is imposed on us by the powers that be when the frustration level reaches breaking point.
A REALLY black-hat one would be healthier (Score:2, Interesting)
The Big One, anyone taking?
no sig
Re:Viruses to attack Viruses which patch Viruses (Score:5, Interesting)
(and no, "White Knight" viruses are not the answer)
If ISPs start taking a hard line against exploits instead of ignoring them then people might pay more attention - it's not rocket science for the ISP to detect the signatures of worms scanning the network and automatically pull the plug on anyone compromised. I favor a "internet rating" system in the same way you get a "credit rating" - if you're shown to repeatedly get compromised then it's clear you can't run a secure system and no ISP should allow you full unrestricted internet access.
I'd also like network-connected software you pay for (e.g. Windows) come with free updates _on CD_ for a reasonable life of the product instead of requireing you to download it. If my car has a fault (e.g. the brakes don't work under some conditions) then the manufacturer writes to me and fixes it at their own expense - they don't quietly put a notice up somewhere out of the way saying that if I want to I can send off for the replacement part and then wait for the media to actually publicise it after a few people crash coz their brakes didn't work.
Before anyone complains, the whole on-CD updates idea wouldn't apply to free linux downloads like Fedora since you're not paying for it in the first place, but quite rightly it should apply to stuff you do pay for like RedHat Enterprise, etc.
a virus is a virus is a virus.. (Score:2, Interesting)
As a usually security minded person, I do what I can to keep my system up to date and to keep any non-requested traffic off my network. So.. most of these "white knight" viruses wont even get to my computer. Im sure most
As for the general public, These could be used for good.. but there is much more potential for evil, as is usual with situations like this.
"Hey, Im a program that unknown to you got onto your computer.. My intentions are good, I promise... You should click yes to fix the security hole that I got in through and distribute me to all your friends"(muahahaha)
Confusing situation - but use biology as a model (Score:5, Interesting)
While there are certain to be real dillemas and dragons here, it seems that exploring the idea of white worms and whatnot is a good idea, after all, is there any other solution for the systems that are not managed? However, white worms should have oversight (e.g. registered source code to some oversight body, managed release into the wilderness, etc..) somewhat akin to oversight for the immune system in an organism..
When in doubt, consult how nature does it - the more complex our systems become, the more similar our solutions look to natures.. Very intriguing..
Re:I don't know about that... (Score:3, Interesting)
However, is it really a divide of the rich and the poor on internet? and what are the criteria for being the rich or the poor? it surely can't be software or AV updates, since there are a number of tools out there that are free..
Wild West Vigilante-ism (Score:2, Interesting)
The Internet is a Wild West (or, to use 1990's terms, the Information Superhighway is overrun with Highwaymen) and those trying to make it a civil society (non-profit or for-profit) should not be expected to sit back and let maurading groups of Russia spammers and Nigerian Scammers ruin it for them and us. Once there is an authority in place to stop the MS-empowered superworms autopatching worms will necessarily be outlawed, too, but until then...some will do what they have to do.
Re:Probably.. (Score:2, Interesting)
Re:No. (Score:2, Interesting)
The problem is you're not even addressing the "good" viruses These could be Trojan. Well then they wouldn't be the *good* viruses anymore, would they.
Not only are these "good" virsues the perfect way to patch security holes that both the vendors and users are not patching, but they are the natural evolution of computer viruses. If we're to continute to use the biological metaphor in computing, we might as well exploit it to the fullest.
keeping the upside without the downsides (Score:2, Interesting)
Start with a small set of manually seeded machines that have the white hat virus installed.
1. The "white hat" virus sits quiescently on a machine and monitors its own infection vector passively, therefore not utilising any bandwidth. Upon receiving an attack from the virus it is programmed to protect against it will move to step 2 and remembers not to approach the attacker again within a week.
2. Using the same known vulnerability that the virus exploits it is able to put itself on the attacking, infected machine. It then pops up a dialog box saying "your machine is infected with a XXX virus, may I deal with it?" with a cancel button which cancels, but if OK is clicked then we move to step 3.
3. It installs its package so it can be removed by the control panel, it paches the system so it is not vulnerable, cleans the virus and starts itself scanning, adding itself to the group of machines waiting in step 1.
4. if a month goes by without detecting anything, uninstall itself.
Benefits : minimal network traffic since only validated victims are addressed, no changes without authorisation and if the OS is secured then the white hat virus cannot propogate.
Worst case scenario : if someone is infected and will not patch their machine or remove the virus they may get irritated by popups.