Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Worms IT

'Friendly' Worms Could Spread Software Fixes 306

Posted by Zonk from the perfect-way-to-make-a-rogue-ai dept.
An anonymous reader writes "Microsoft researchers are working out the perfect strategies for worms to spread through networks. Their goal is to distribute software patches and other friendly information via virus, reducing load on servers. This raises the prospect of worm races — deploying a whitehat worm to spread a fix faster than a new attacking worm can reach vulnerable machines."
This discussion has been archived. No new comments can be posted.

'Friendly' Worms Could Spread Software Fixes More

'Friendly' Worms Could Spread Software Fixes

Comments Filter:

  • Stupid Idea (Score:4, Interesting)

    by StillNeedMoreCoffee ( 123989 ) on Thursday February 14, 2008 @05:02PM (#22425732)
    If the mechanism exists, it will be compromised. Haven't you leaned anything yet? Better design a system that can't process a worm.

    The temptation if this became a strategy, i.e. the system can run Microsoft Worms only, would in a very short time, run Microsoft like worms.

    This seems more like and admission that their systems can't be secured.

    Or "Who's finger is in the dike? Dammit, thats not my dike!"

  • Re:This is an old idea (Score:2, Interesting)

    by KublaiKhan ( 522918 ) on Thursday February 14, 2008 @05:06PM (#22425808) Homepage Journal
    More to the point, if you can quantify any damage that this worm does to your network, you have a nice big fat target to sue.

    What's more, it'll make one hell of a fun class action suit.

    If they had any sense, MS would nip this one in the bud...but then, they're the ones who gave us Windows Me, so...

  • At one point, I liked this idea.... (Score:4, Interesting)

    by mbourgon ( 186257 ) on Thursday February 14, 2008 @05:08PM (#22425866) Homepage
    then we got hit with the anti-slammer worm. The slammer worm hadn't infected us, but the anti-slammer did, and wound up rebooting about 20 servers (which begs the question "why weren't they already patched?"), during the middle of the day. Pure panic mode as they started spontaneously rebooting.

  • Re:Prior Art (Score:5, Interesting)

    by Spy der Mann ( 805235 ) <`moc.liamg' `ta' `todhsals.nnamredyps'> on Thursday February 14, 2008 @05:33PM (#22426244) Homepage Journal
    It's an interesting idea, but still causes some of the big collateral problems that worms cause. Welchia brought university and corporate networks to their knees because of high traffic just as well as Blaster did

    You could program the worm to spread based on a random calculation, and assign it a threshold so the traffic isn't excessive. This would give the worm a very low probability to survive.

    However, a better approach IMO would be to get rid of all the Genuine Advantage and activation crack, and allow boxes using old and famous activation keys (such as the "devil's own") to get updated with Windows Update.

  • Re:Bad idea (Score:3, Interesting)

    by Sancho ( 17056 ) on Thursday February 14, 2008 @05:35PM (#22426270) Homepage
    It could be done right with the correct combination of hardware, software, and keys. Use TPM to verify that the worm is valid and to verify the keys, then standard use of certificates and signing can be used to ensure that the patches aren't tampered with before they hit the drive.

    Unfortunately, without the infrastructure in place, it's going to be much harder to ensure that nothing goes wrong.

  • Sounds like a game I used to play (Score:2, Interesting)

    by MrMunkey ( 1039894 ) on Thursday February 14, 2008 @05:46PM (#22426460) Homepage
    called Uplink [uplink.co.uk] *Spoiler alert* at the end of your regular hacker job you find out what the mega-corporation is doing and have to stop their ultimate bad worm with one that patches systems. It was a pretty fun game.

  • Why not use bittorrent? (Score:2, Interesting)

    by the4thdimension ( 1151939 ) on Thursday February 14, 2008 @05:49PM (#22426526) Homepage
    Maybe I missed something but if load on servers is a problem and you are going to try and push that problem off onto customers, why not just use the bit torrent way of distributing patches? Blizzard has done it with WoW since day 0 and it has worked out for them... especially on large patches. Seems like an easy integration into your software. If even a single person helps seed that isn't your server, that's already a bonus.

  • Re:This is an old idea (Score:2, Interesting)

    by Morkano ( 786068 ) on Thursday February 14, 2008 @05:52PM (#22426570)
    If you find it on your computer, you deserve it. You probably had or were in danger of becoming infected by the worm that exploited the vulnerability this was trying to fix. And I don't care if it's your computer or not, if you can't be trusted to keep it from polluting the Internet at large then someone will have to do it for you.

    A well designed "white hat worm" could just sit and listen for a while until it got hit with a computer probing for the vulnerability and then infect and fix the computer that did the probing. Once it has fixed a certain number of computers, or a certain amount of time has elapsed, it removes itself.

  • Re:Prior Art (Score:2, Interesting)

    by ArAgost ( 853804 ) on Thursday February 14, 2008 @08:56PM (#22428968) Homepage
    Unfortunately, my guess is that they'll never quite get to program for us. See http://en.wikipedia.org/wiki/Rice_theorem [wikipedia.org]

Slashdot Top Deals

Stellar rays prove fibbing never pays. Embezzlement is another matter.

Close