Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security IT

Good Network Worms Made Simple 137

Posted by samzenpus from the what-could-go-wrong dept.
grabbag writes "Dave Aitel is pitching new technology to create "nematodes," or beneficial network worms for use in large businesses. The idea is to set up a new language and structure to create "strictly controlled" good worms on the fly. A research-type demo was given as the Hack in the Box conference where Aitel talked about a world where "strictly controlled" nematodes are used by ISPs, government organizations and large companies to show significant cost savings."
This discussion has been archived. No new comments can be posted.

Good Network Worms Made Simple More

Good Network Worms Made Simple

Comments Filter:

  • distributed processing (Score:5, Insightful)

    by WiPEOUT ( 20036 ) on Thursday October 06, 2005 @08:06AM (#13728759)
    Distributed processing capabilities and distributed network monitoring capabilities would be great, but who gets jurisdiction over what governments/companies are allowed to execute code on my PC?
    • RTFS. This proposal is intended for use within large businesses: the idea is to automate and improve maintenance of their internal network, not something they'd just unleash on the Internet.
      • Yes, but it's only a matter of time before it's exploited and rewritten and unleashed on the Internet.
      • Sorry, I should have outlined the lead-up to my statement.

        The point is that programmers will make mistakes, and some of these worms will get out on the Internet. The stakes here are much higher than with regular software bugs. The author company/ies will be sued and the authors will be jailed. Intent is not a defence against unauthorised access to systems, at least not in Australia, and I don't imagine it would be in the USA either. Doubly so for corrupting/modifying data on without authorisation.

        If a gover

    • "... who gets jurisdiction over what governments/companies are allowed to execute code on my PC?"

      You do. If you don't want people exploiting holes in your PC, then patch them yourself.

      If you disagree you are entitled to try getting by without patching, instead suing those who take advantage of your PC for theft of resources, or some such, but isn't an ounce of prevention better than a pound of cure? It is surely cheaper to run apt-get update && apt-get upgrade nightly...

      • But, as you point out with your "theft of resources" comment, it's not their computer, it's mine. I know from the article that the worms are strictly controlled, and are supposed to exist on the corporate/ISP networks and shouldn't touch my system, but if they do, can I sue them? Under current laws would they be just as liable as the black hat worm writers? If their nematodes get out in the wild due to some bug or configuration error, do they get the same punishments as say, someone that wrote the slamme
        • Who knows and/or cares? My point is that it's cheaper to take responsibility for your own systems and keep them patched, than it is to attempt to recover your costs by going to the courts.
          • Well, whether I patch or not, who knows and/or cares? My point is that if I gey MY system the way I want it then no one has a right to mess with it. Black hat or white hat it doesn't matter. It's not their system. They have laws that include prison time and/or fines for the black hats. Will the fact that the white hats didn't MEAN to do something bad give them immunity? What about patches that break things? Automatically updating/upgrading a box can make for wonderful evenings of reinstalls/rebuilds.
            • I would tend to think that a "White Worm" that escaped to the wild would not likely do too much damage in the first place. That said, since the intent was not malicious (even if the result was) there is a good likelyhood that corp.s would only get a fine (and a small one at that) if one got to the wild.

              Honestly though, I would be more worried about government worms, as those employees are much harder to fire for incompetance, and as a result will likely pay less attention to detail when crafting one of the
      • Unless it has trusted computing built in then it is Microsoft or apple that decide what you should run on their^H^H^H^H^H your computer.
    • Distributed processing capabilities and distributed network monitoring capabilities would be great

      Correct me if I'm wrong, but isn't this the very thing that lead to the creation of the first worm? Some computer guys at Xerox PARC were looking for a way to distribute code/updates across a network, created a self-replicating program, then dubbed it "worm" after a John Brunner novel?

      So, not only is this not new... this is just what a worm was supposed to do in the fisrt place.

  • Problem (Score:5, Insightful)

    by mysqlrocks ( 783488 ) on Thursday October 06, 2005 @08:06AM (#13728762) Homepage Journal
    Isn't the problem with most worms the network traffic it causes by spreading, not the payload? I'm not sure how they plan on keeping something that's designed to spread from spreading too quickly.

    • Re:Problem (Score:2, Insightful)

      by SimilarityEngine ( 892055 )
      The idea is to only spread to machines with the particular vulnerabilitly you're attempting to patch. But nevertheless, this still uses up a lot more bandwidth than would be used by people simply bothering to download the patches they need, due to the scanning networks for vulnerabilities. Also, rather than having people download at their conveinience (spread over a long period of time), I presume that a nematode infecting a network would cause a large surge in demand on the patch server. I can see what
    • The key here is control.

      If you make "Nematodes" like this you surely should as well make a control mechanism so they spread nicely and without saturating the networks they're living on.

      It's not like you're designing these things and then letting them to wantonly "infect" machines like their malign relatives.
      • But how is this system better than simply having the OS automatically check for updates and download them silently?
        • from reading the article I'm guessing that this is for in house security experts to create their own worms to disinfect systems rather than wait for patches to be released, and I'm sure there will be other uses for them rather than just on security. On our network all the machines are meant to be told by one of the servers to automatically download updates, but that doesnt seem to be the case. Of course someone probably just set it up wrong and I should look into it, but I think the idea of searching for vu

          • if the concept is proven to work well, then governments could maybe use worms such as these to patch up the machines of idiots who let their machines be turned into tools for spammers/zombies etc, which just clutter up the internet for everyone.

            I wonder what less ethical administrations could abuse this system for? Anyway, tinfoil hat aside, I still don't understand why each PC can't periodically query the server to see if relevant updates are available and then download said updates without the user's

            • What would be more efficient would be for users to run an OS that only allows user-approved code to be run on their systems so that there would never be any need for 'patches'. Though there would still be social engineering and idiots (I use the term lovingly) to contend with.. As for governments using the exploits abusively.. well the hackers are already doing that, and if there is even a single 'good' worm getting into the systems and patching up the exploit, then the 'bad' ones will no longer be able to

              • though I guess the bad ones could also patch up the exploits themselves and create easier ways for hackers to get into the systems.. but again a friendly automated system could be created to access machines via these backdoors and patch them up

                And of course the malicious crackers will then create a worm to close that hole and replace it with another one - maybe one that requires special authentication to gain access to, locking out the white-hats. Cue all-out warfare, with network bandwidth being the v

        • But how is this system better than simply having the OS automatically check for updates and download them silently?

          Who's offering a comprehensive system for doing this? Sure, MicroSoft offers silent system updates in their more recent OSes, but it's obvious that they aren't on top of all of the security holes in their products past and present. Users routinely turn off automatic updates (or never turn them on in the first place). Is MicroSoft planning on fixing all the zombied Windows 98 machines out
          • If I understand you, you're talking about releasing these worms on the internet at large. Immediately you have to worry about bandwidth consumption (from probing) and the potential for abuse. I know how annoying it is that people don't secure their machines, but maybe this solution isn't the best possible one.
            • I'd agree with you if it weren't for the fact that there are already tools out there using bandwidth to probe for vulnerabilities. There are already people out there abusing this technique of software dispersal.

              I'm just saying that while it's being done, we might as well encourage people to do it who *might* have some chance of doing the right thing.

              When making worms is outlawed, only outlaws will make worms.

              • Okay, but still have issues with this idea.

                It proposes to waste even more bandwidth. It hopes that this worm will be able to cope with a multitude of differently configured systems (malicious worms don't care if they accidentally break something, including existing security solutions, but nematodes must be benign). It takes away people's control over their own machines (it's still unauthorized use and access of resources, and against the law in many countries). In addition, how will this solution cope wit

        • But how is this system better than simply having the OS automatically check for updates and download them silently?

          That's a very good point.

          Theoretically speaking, however, all this "nematode" idea is quite interesting
        • But how is this system better than simply having the OS automatically check for updates and download them silently?

          Suppose, in addition to current automatic OS updates, a machine was placed on the network and listened for attacks. In response to a particular attack, it would send back a response to patch the vulnerability and clean the system.

          That doesn't tie up network resources looking to see if machines need patched. It could be argued that until a security hole is exploited, it's not a liability.

          Of cou

    • Re:Problem (Score:4, Insightful)

      by KiloByte ( 825081 ) on Thursday October 06, 2005 @08:22AM (#13728848)
      Simple. Just don't include any spreading code in the payload; send the worm from your own machines.
      As these "nematodes" are supposed to be used only by large companies and ISPs, their owner already possesses the network, and thus can apply the exploits to valid targets only.

      This is not such bad a concept -- with VERY few exceptions, nearly all networks are full to the brim with idiots. Setting policies can help, but often you have no real way to enforce them. Try telling your clients that that Weather Bug or M$ Outlook is not something they should be using... But if you use controlled exploits right, you can fix the problems without having to deal with just the symptoms.
      • Simple. Just don't include any spreading code in the payload; send the worm from your own machines.

        How is this any different then setting up a server responsible for pushing out patches? I thought the idea of a worm was to spread from computer to computer. If it stops after one hop, how is it a worm?

        • Re:Problem (Score:3, Insightful)

          by brennz ( 715237 )
          Most update tools are not cross-platform to the degree that a "smart" worm can be.

          Smart worm = a framework. Think of an exploitation framework as merely a component of this worm framework.

          Scanning - identify hosts within allowed networks.

          Reporting - Hey, we found vulnerabilities XXXX

          Exploiting - compromising those hosts

          Reporting - Hey, we exploited vulnerabilities XXXX

          Patching - Remediating the vulnerabilities on each host

          Reporting - Hey, we patched vulnerabilities XXXX

          Cleanup - Cleaning up everything

          Scanm
          • It still isn't a worm in the traditional computer sense because it does not burrow through the network. This is more like tentacles that reach out, muck around with a computer, then pull back and look for a new target.

      • Re:Problem (Score:4, Interesting)

        by leuk_he ( 194174 ) on Thursday October 06, 2005 @09:19AM (#13729222) Homepage Journal
        nearly all networks are full to the brim with idiots.

        The same goes for system administrators. The corporate network is full of idiots who think they are great admins because they can install product x. Giving these idiots self-replicating code could cause great damage beyond your imagination. Most damaging worms are damaging because some rate limiting code is not coded correctly, or simply not understood by their creators.

        Note to BOFH who is reading this with me: no i do not mean YOU.
    • That has indeed been a problem in the past (and no doubt will be again for malicious worms). Surely a properly-written "good worm" would have to avoid choking networks - perhaps by having some central store of vulnerable and/or patched systems? Or using only idle/available bandwidth (BITS in Windows maybe)? etc... who knows, I don't write them...

      Whether you pull or push the security patch, the transfer bandwidth would be roughly the same. The problems come in with the "polling/spreading" attempts... eg. if
      • if you set every Windows PC in the world to poll Windows Update at the same rate that worms try to find vulnerable hosts, you'd make the Slashdot effect look like a single ping packet...

        Wow, that's a cool idea! Can some hacker please get on this right away?
        • They're trying to find a secure implementation of Windows.

          However, Windows seems to be impervious to this. It just lies there with slime oozing between its legs. (Painst an attractive picture of the kind of fucker who spreads viri, worms and other creepy crawlies.)
    • Well, you're right, but that's only because worms that do damage, in order to hide the author's identity, do not communicate with any central server. If you have a "worm" designed for patching systems, you can add a central control to them so they are coordinated better and don't waste nearly as much bandwidth as the uncoordinated worms would. It's certainly more like an automated patching system than a worm at this point, but it would be interesting to see what ideas come out of this.
    • #include <nematodeutils.h>

      int main () {
      if (anyRemainingUnpatchedSystems()) {
      spreadToTwoMachines();
      sleep(300); // Make sure we don't clobber the network
      }
      return 0;
      }
  • "The goal has always been to build the network that protects itself automatically with automated technologies.

    How about Network Immune System"? Using "good worm" or "Nematode" will confuse the PHBs or worse alarm them.

    Ex. NET ADMIN: "Boss, I want to put a good worm on the system."

    PHB (Hearing only the worm part):"No fucking way! No worms on my system!"

  • And distinguish themselves how? (Score:3, Insightful)

    by DenDave ( 700621 ) * on Thursday October 06, 2005 @08:10AM (#13728779)
    So how is the unsuspecting pc (user) supposed differentiate between worms and "nematodes"? This is an interesting idea but best not let out of the lab.
    Also, how does this chap expect to get these things to work on *nix environments? does he propose "benevolent" rootkits?
    • The unsuspecting PC user doesn't distinguish between the two. This is being touted as a tool for businesses and the like, where they will presumably be limited to company computers. It's not entirely dissimilar to a dedicated software update distribution tool. (This raises the question why they're bothering to spread these things via exploits but that's another matter...)

    • RFC 3514 (Score:3, Funny)

      by scovetta ( 632629 )
      Easy, according to RFC 3514, the bad worms would set the evil bit in the IP header, and the good worms would not. The admins could probably have just filtered traffic by detecting those evil bits, but I think having a visual display of the good worms vs the bad worms would be more exciting.

      Of course, sooner or later, the good worms are going to turn into bad worms themselves and then we'll all be screwed.

  • Intelligent managed networks? (Score:4, Informative)

    by jeffs72 ( 711141 ) on Thursday October 06, 2005 @08:13AM (#13728797) Homepage Journal
    It would be cool if you could have these worms each perform certain functions (one to better manage spanning-tree for instance, so when a link fails spanning tree rebuilds faster for example) with some sort of AI, or really even a really good base line vs current activity comparison machine, to intelligently manage WANs and LANs.

    Be nice to have worms that watch for machines all the sudden opening ports that they never have before, all the sudden opening up multicast or what not, or even finding that bad machine sending out bad frames on the network.

    I can see a lot of flexibility with this, particularly if they are written in some sort of open source scripting language. I guess what I'm getting at is that they could be sort of like an open source distributed IDS/IDP system.

    Granted you can do all these things now with a mix of expensive monitoring tools and a lot of config work with tools like ethereal and mrtg and big brother/big sister, etc. But this might be an easier way to do the same thing.

    neato

    • Worms infect a machine, then jump to the next. (Score:4, Insightful)

      by khasim ( 1285 ) <brandioch.conner@gmail.com> on Thursday October 06, 2005 @09:00AM (#13729082)
      Why would you want to use a worm for that? A worm will install itself on each machine.

      Why not just run the centralized scanning tools that you mentioned?
      It would be cool if you could have these worms each perform certain functions (one to better manage spanning-tree for instance, so when a link fails spanning tree rebuilds faster for example) with some sort of AI, or really even a really good base line vs current activity comparison machine, to intelligently manage WANs and LANs.
      Why would I want to infect my switches and routers with this? I already have SNMP. Spanning tree kicks in almost instantaniously.
      Be nice to have worms that watch for machines all the sudden opening ports that they never have before, all the sudden opening up multicast or what not, or even finding that bad machine sending out bad frames on the network.
      The only way a worm would do that would be if it had infected the problem machine (in which case, why not just run a firewall on it) or if it had infected your switchs/routers.

      Why not just write the app to run on those in the first place? Why make it a worm?
      Granted you can do all these things now with a mix of expensive monitoring tools and a lot of config work with tools like ethereal and mrtg and big brother/big sister, etc. But this might be an easier way to do the same thing.
      What "expensive" tools?

      All you'd need is SNMP and the knowledge to setup your firewall correctly and a machine to receive the syslog messages from your firewall and parse them.

      It's far more efficient to have the choke points do the monitoring than to have worms running around on your network.

      Worms are only useful for spreading crap to machines you don't control. Once you have control there are so many more efficient ways to push code to them or monitor them.
      • Why would I want to infect my switches and routers with this? I already have SNMP. Spanning tree kicks in almost instantaniously.

        I guess it depends on your environment.

        The only way a worm would do that would be if it had infected the problem machine (in which case, why not just run a firewall on it) or if it had infected your switchs/routers. Why not just write the app to run on those in the first place? Why make it a worm?

        Because if it's a worm I don't need to dedicate hardware to network monitoring

        • I guess it depends on your environment.

          But if your environment is already broken, then why not fix it instead of trying to patch it with worms?

          Because if it's a worm I don't need to dedicate hardware to network monitoring, the network pcs that run at 5-10% cpu and have a couple hundred meg free of physical memory can do it

          And when someone trips over the power cord? The purpose of dedicating hardware is so you can maintain that system at a higher level of availablity.

          Having random workstations do the mon

      • Yes, if you can create a paved-with-good-intentions worm that uses a given exploit, patches the hole, and propagates itself, there are some kinds of problems you can sometimes prevent, while risking destroying your network and infecting the people you do business with.

        But anything that can do, a well-behaved cleanly-managed patch server can do much better and you don't have to

        • include worm propagation code in your patch system,
        • swamp your network with unpredictable traffic loads,
        • trash your users' mach

  • "strictly controlled" == hubris (Score:4, Insightful)

    by G4from128k ( 686170 ) on Thursday October 06, 2005 @08:14AM (#13728799)
    This sounds like a great way to create malware with privileges.

    It's a very worthy goal, but they need to be extremely careful in the coding. One accidental (or malicious) tweak and these worms could overwhelm network resources, DoS the system, or damage valid systems (autoimmune disease).

    • The Morris worm [wikipedia.org] wasn't supposed to cripple the Internet. But it ended up being too agressive and crippled systems for days. A tiny change in reproduction rate can have a huge effect on a population's size, and getting it right the first time isn't something people are good at.

      Speaking of that, the sandbox these nematodes run in has to be perfect, or else it's just another malware vector.

      • Speaking of that, the sandbox these nematodes run in has to be perfect, or else it's just another malware vector.

        Exactly! But its worse than that because the nematodes must live outside the sandbox and inside the OS at the highest level of privilege. Catching and removing malware means running at a privilege higher than that of the malicious worms. Because malware tries (and succeeds) in attacking at user and admin levels, nematodes must operate even higher levels. Otherwise the malware can simply dea

    • Indeed. Good viruses are bad [librenix.com] for quite a few reasons.

      For example, how do you 'control' a brilliant white-hat worm when the code is in the hands of a black-hat?

  • Wouldn't it be easier to fix things? (Score:5, Interesting)

    by photon317 ( 208409 ) on Thursday October 06, 2005 @08:14AM (#13728802)

    Rather than constructing a framework around the idea of building "beneficial" worms that work through the same exploits as real worms, and having to respond to security problems by passing around a disinfectant worm by the same (newly dicovered) vectors as the bad worms roaming your network, wouldn't it be a lot easier to fix the operating systems, networks, and the policies applied to them, such that you don't have a malicious worm problem to begin with?
    • No, that would be harder. It would be better and it would make more sense but we wouldn't want that to get in the way of the latest craze now would we?

    • wouldn't it be a lot easier to fix the operating systems, networks, and the policies applied to them, such that you don't have a malicious worm problem to begin with?

      If I understand your argument correctly, it also applies to patches. Problem being, "to err is human".

    • Yes, it would. Instead of having to

      1. find the vulnerability
      2. write an exploit
      3. write a patch
      4. write a program that uses the exploit and applies the patch
      5. test it
      6. let it do its work

      you would have to

      1. find the vulnerability
      2. write a patch
      3. apply the patch using existing infrastructure

      But hey, writing worms is cool! (at least, so think these "researchers")

      See also my other post Fighting the Symptoms, Not the Problem [slashdot.org].
      • What you said does not work for extremely large organizations.

        Example: DoD.
        • Exactly...if a simplistic approach worked, you'd be able to walk into any organization and install a Win2k SP0 box and use that as your desktop. Instead, if you install anything less than SP4+updates you'll be owned in minutes by some random malware roaming the corporate network. Try asking the network admins why there's still worms on the internal networks and they shrug their shoulders.

          If you understand why they shrug their shoulders, you'll understand the serendipity we're trying to harness by building o

  • Yes, but... (Score:5, Funny)

    by aurb ( 674003 ) on Thursday October 06, 2005 @08:14AM (#13728805)
    ... will these worms produce Spice?

  • Beneficial worm?? (Score:5, Insightful)

    by pesc ( 147035 ) on Thursday October 06, 2005 @08:17AM (#13728821)
    So government worms can be beneficial? What government? The US? the Chinese?

    "Beneficial" according to what point of view? Does the owner of the system get any say in this? If he does, why do we need a worm instead of a normal program that can be voluntarily installed?

    If not, then this is just a normal malware worm with added propaganda and spin.
    • I think there is a vast amount of misunderstanding exemplified in this post.

      I do security fulltime. I often see flaws where an organization has a stated policy, and administrators have contravened that, or joe-user has. Or the infamous MS patch reversed a security update and reopened an old vulnerability.

      Now, if the CIO of a cabinet level agency dictates that vulnerability XYZ will be remediated across his entire infrastructure and it does not happen by date X, his engineered worm can identify the host, p
      • There's a big difference between reading the article and believing it. This is still vaporware, the bugs, holes, etc. aren't visible, but I have a great difficulty believing that a sufficiently powerful language will be "strictly controlled". That's almost true for Java, but Java can only run because of an interpreter that's installed to enable it to run. Since he's calling these things "worms" I'm assuming that they can directly manipulate the network protocols. That's a dangerous place to mess around,

  • Bob (Score:3, Funny)

    by FoxDude0486 ( 920496 ) on Thursday October 06, 2005 @08:18AM (#13728824)
    Can we keep them as pets? Give them an interesting little worm gui to show you have a worm squirming around the different computers on your network. People in the company will just love to talk about how they seen bob pop up on their computer for a few.
    • That would be more interesting as an AI project than a visulation interface for the "good worm." Think about some distributed AI that crawls around a network. Each participating client would be able to visualize its progress around the network. It would be able to visit computers one at a time, crawling onto different machines while taking its experiences from the previous machine with it. Weird idea, but it might be a fun little project.
  • Hey, at least it will be a pentiful source of bait to go phishing [wikipedia.org] with. :) Sometimes I wonder if the people who coin all these network/security terms are leading secret lives as professional bass phi^H^H^H fishermen.
  • This is really a another slant/use for mobile agents, http://agents.umbc.edu/ [umbc.edu] has some good links in the mobile agents category.

    However, some of the (intuited) graph theory looks good, they walk, rather than bouncing backwards and forward to make 'star' shapes and consume resources locally rather than continually use network bandwidth. But all the problems of authentication, permission, capability remain. Don't put one of these on your network at home, kids!

  • New word, old idea. (Score:3, Interesting)

    by mustafap ( 452510 ) on Thursday October 06, 2005 @08:29AM (#13728891) Homepage

    In my day we called the 'ants'. An idea created by some chap at BT over here in Blighty.

    "Old idea,
    New name,
    15 minutes of fame."

  • Fighting the Symptoms, Not the Problem (Score:5, Insightful)

    by RAMMS+EIN ( 578166 ) on Thursday October 06, 2005 @08:30AM (#13728897) Homepage Journal
    This sounds to me like they're fighting the symptoms, not the problem. Worms can only spread successfully because of the sorry state of software security. If we fix that, we will not only get rid of worms, but also of other problems, such as targeted attacks for information theft. Using better languages [nyud.net] to write software in can eliminate the bulk of security problems we're currently seeing. Security through diversity [virginia.edu] and not relying on known insecure software [microsoft.com] also help.
    • If you fix all the problems of software security (meaning bugs) you still won't fix all the problems in security as a whole.

      Why?

      Complexity/ignorance

      You can remediate every vulnerability in existence and a mis-configuration will lead to a compromise. One wrong ruleset on an access control device and *BAM*. Owned.

      To date, in all my security work, I have never seen a host that was hardened, lacking vulnerabilities, with proper permissions for everything, proper usage of least privilege, etc. It doesn't happ
  • Before we get too excited about personnifying software, the idea of giving it motives and the will to self-replicate, the romantic image of itinerant
    programs wandering around computer systems doing good for people, I have two words:

    Bonzai Buddy.
    • Bonzai Buddy.

      If I could take Bonzi Buddy, stick it in a really small container and carefully chop bits off it with very small scissors, that would be very cool. I could produce a bizarre midget version. Without all the evil. Bonsai Buddy, yeah, that works.

      Even better would be Banzai Buddy. Just a window sitter on top of your favourite editor, which watches and whenever you pull off a particularly nifty hack it waves its arms in the air and cheers you.

  • "We already have a proof-of-concept that can take a very simple exploit, go through a few steps and, in a matter of minutes, create a working nematode," Aitel said. He took the name for the concept from the pointy-ended worm used to control pests in crops. "We can generate a nematode any way we want. You can make one that strictly controls, programmatically, what the worm does," Aitel explains."

    The true world will be revealed when the nematodes finally realize their place in society and are convinced
  • Ah yes, introducing Nemmy, the lovable laughing policeman and cousin to Clippy. Nemmy will automagically patrol your network and seek out those pesky villains who try to evade our "strict controls". Are those mp3s Nemmy's found on that hard disk? Don't worry! Nemmy will pop up a friendly "hello hello hello" and suggest the user goes off for a soothing cup of coffee while he deletes every file and sends an alert to the RIAA. Now what could be easier and more affordable than that?

  • Return of the Evil Bit? (Score:1, Funny)

    by Anonymous Coward
    It will be easy to distinguish "good" worms from bad ones. Just make sure the TCP "Evil" bit is clear in all traffic generated by good worms.
  • Bringing all the non-vulnerable to Windows malware systems to a crawl while opening up new portals to exploits (ala ActiveX controls), doesn't sound like a good idea to me.
  • a framework to bundle happyware, it's like spyware, it logs your keys but send all valuable information to /dev/null...

  • Obligatory simpsons quote (Score:5, Funny)

    by HansF ( 700676 ) on Thursday October 06, 2005 @09:17AM (#13729199) Journal

    Skinner: Well, I was wrong. The lizards are a godsend.
    Lisa: But isn't that a bit short-sighted? What happens when we're overrun by lizards?
    Skinner: No problem. We simply unleash wave after wave of Chinese needle snakes. They'll wipe out the lizards.
    Lisa: But aren't the snakes even worse?
    Skinner: Yes, but we're prepared for that. We've lined up a fabulous type of gorilla that thrives on snake meat.
    Lisa: But then we're stuck with gorillas!
    Skinner: No, that's the beautiful part. When wintertime rolls around, the gorillas simply freeze to death.

  • It's a simple rule to get your "discovery" hyped. Take an old, established technology (in this case, software agents) and tie it to a media-friendly term ("worms").

    This is not new. Distributed software agents are tried and true. We're using one [landesk.com], and it's working out rather well. Of course, there are countless shell scripts and such that provide similar utility. Ours happens to be able to propagate at our command.
  • This solution would be similar to putting drugs in the drinking water to protect the entire population against a disease. It's costly and you might kill a bunch of people who suffer side effects. And, as one bright poster has already pointed out, as the value of spreading security patches by worms is in the continuous random network scanning to discover other vulnerable systems, you're creating the same problem in network load.

    I propose that the ISPs install vulnerability and infection sniffers. When your

  • On August 8th, 2010, nematodes running on government networks became self aware.

    Well, do they have a plan for that?!
  • Wouldn't it be nice to have some starlings in the Central Park Shakespeare garden?

    I'll bet we could use some rabbits here in Australia.

    Wow, this kudzu would be great for stablizing soil.

    These "nematodes" could really be useful.
  • "We should make a gun that only kills bad people."

    Yeah... let's automate/simplify remote execution of code under the guise that it'll only be "used for good" and "by the right people." 8P
  • The second, current, vaccine for Polio was a live virus vaccine (the first one was a dead virus vaccine). That is, it was a weakened Polio virus that was easy for the immune system to fight off.

    What also happens is that the weakened vaccine is communicable. Some children who are not vaccinated catch the weakened virus from the children that are vaccinated, and the vast majority of them are also innoculated.

    But a very small miniority of children who "catch" the weakened virus don't develop immunity fast en

  • "takes exploits and turns them into worms" (Score:3, Funny)

    by lildogie ( 54998 ) on Thursday October 06, 2005 @11:02AM (#13730195)
    This goes against my attitude that an "opt in" service is better than an "opt out" service.

  • Just a worm creation toolkit... (Score:3, Insightful)

    by dolmen.fr ( 583400 ) on Thursday October 06, 2005 @12:54PM (#13731772) Homepage
    1. Learn how to code a worm
    2. Create a "worm creation toolkit"
    3. Create a GUI for the toolkit
    4. Find a good buzz name such as "nematodes"
    5. Feed the press with your buzz words
    6. Sell your product to entreprises
    7. ...
    8. Profit!

    Theese guys are just black hats that want to profit from a technology only useful to black hats.

    Have a look to http://www.agentland.com/ [agentland.com] for 'smart' programs that can do good.
  • That was actually the original idea behind worms [owled.com], which, like so many other things, came from Xerox PARC [parc.com]

  • Patching (Score:3, Interesting)

    by SumDog ( 466607 ) * on Thursday October 06, 2005 @02:51PM (#13733020) Homepage Journal
    I've heard of security experts stopping some worms which received their updates from geocity sites but placing an update on the geocity site that removed the worm and locking the original creator for accessing the site. The worm in effect, downloaded updates that cleaned itself.

    Although this seems like a good idea, I can't imagine pushing out worms that are beneficial. Why? Because you're still leaving the security exploit in place! Unless the beneficial worm closes the exploit, and in that case why not just release a patch in a safe an controlled manor?

    Are we starting to confuse patching, a process every good security administrator should be familiar with, with "good worms"

  • DUMB DUMB DUMB! (Score:2, Interesting)

    by TENTH SHOW JAM ( 599239 )
    Worms have a horrid tendancy to get out of control. I wrote one to modify some settings on my LAN. In 3 months time it had persecuted a national WAN. Fortunately it din't try to do anything that could not be fixed reasonably quickly, and I was eventually able to kill the blighter off using self extermination code. But a net worm, is NOT A GOOD WAY OF UPGRADING. the little beasies have a habit of getting out of control, no matter what you do.

    (yes I was young and stupid when I wrote the code in question
  • OK.. So we have some good worms which help admins. Now what if some cracker hacks into the Nematode network? He will be virtually owning the network! This can be very dangerous if an important (even not so important) network is hacked a advance mechanism.

Slashdot Top Deals

"Look! There! Evil!.. pure and simple, total evil from the Eighth Dimension!" -- Buckaroo Banzai

Close