Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Security Worms IT

'Friendly' Worms Could Spread Software Fixes 306

An anonymous reader writes "Microsoft researchers are working out the perfect strategies for worms to spread through networks. Their goal is to distribute software patches and other friendly information via virus, reducing load on servers. This raises the prospect of worm races — deploying a whitehat worm to spread a fix faster than a new attacking worm can reach vulnerable machines."
This discussion has been archived. No new comments can be posted.

'Friendly' Worms Could Spread Software Fixes

Comments Filter:
  • Prior Art (Score:5, Informative)

    by orclevegam ( 940336 ) on Thursday February 14, 2008 @04:55PM (#22425596) Journal
    This is a very old idea. One of the earliest worm/viruses was actually of the "white-hat" variety. Nothing to see here, move along.
    • Re:Prior Art (Score:5, Insightful)

      by deadzaphod ( 699097 ) on Thursday February 14, 2008 @04:59PM (#22425660) Homepage Journal
      Very, very old idea. The first worm of this type was called "Reaper" and was created to kill the "Creeper" worm. http://www.viruslist.com/en/viruses/encyclopedia?chapter=153310937 [viruslist.com]
      • Re:Prior Art (Score:5, Informative)

        by nmb3000 ( 741169 ) <nmb3000@that-google-mail-site.com> on Thursday February 14, 2008 @05:05PM (#22425786) Journal
        Very, very old idea.

        And still being used occasionally. The most recent one I recall is Welchia [wikipedia.org] which used the same RPC exploit as Blaster but tried to help the user by installing patches to prevent further use of the exploit.

        It's an interesting idea, but still causes some of the big collateral problems that worms cause. Welchia brought university and corporate networks to their knees because of high traffic just as well as Blaster did - perhaps even moreso since it was also doing a lot of HTTP requests to Microsoft's servers. I think a better solution would be a more surefire way to make sure users get patched when such a critical vulnerability is found. That's the ironic part of the Blaster/Welchia RPC exploit, there was a patch available for months before the worm was released.
        • Re:Prior Art (Score:5, Interesting)

          by Spy der Mann ( 805235 ) <spydermann,slashdot&gmail,com> on Thursday February 14, 2008 @05:33PM (#22426244) Homepage Journal
          It's an interesting idea, but still causes some of the big collateral problems that worms cause. Welchia brought university and corporate networks to their knees because of high traffic just as well as Blaster did

          You could program the worm to spread based on a random calculation, and assign it a threshold so the traffic isn't excessive. This would give the worm a very low probability to survive.

          However, a better approach IMO would be to get rid of all the Genuine Advantage and activation crack, and allow boxes using old and famous activation keys (such as the "devil's own") to get updated with Windows Update.
        • by gweihir ( 88907 )
          In addition Welchia was completely ineffective, as it did not decrease Blaster spreading speed. In my book the welchia author deserves the same punishment as the Blaster author. And Welchia did more damage in some networks than Blaster did.
      • Actually, according to Wikipedia the first worm was created in Xerox PARC in 1978 to travel around the computer lab and reassign idle processors. "Reaper" and "Creeper" are classified as a virus on wikipedia, although without actually looking at how it spread I'm not sure if that's the correct term, or if it really was the first worm.
      • Older than that. Someone came up with a 'patch' to the +++ATH0 hangup ping. One of my friends on IRC went to his parents and they still had Dialup. After about 3-4 hours of messing with him by killing his connection. I pinged him with the 'patch'. It didn't work after that.
    • by verbalcontract ( 909922 ) on Thursday February 14, 2008 @05:00PM (#22425676)

      This is a very old idea. One of the earliest worm/viruses was actually of the "white-hat" variety. Nothing to see here, move along.

      DUH. That's why my Norton Antivirus lights up when I click on those helpful "GET RID OF SPYWARE" ads?

    • Bad idea (Score:3, Insightful)

      MS already sat on AUtopatcher because they said that they lost control of the distribution and a malicious patch could slip in. With the worm thing it is a bazzillion times worse. So many more potential points of infection.
      • Re: (Score:3, Interesting)

        by Sancho ( 17056 )
        It could be done right with the correct combination of hardware, software, and keys. Use TPM to verify that the worm is valid and to verify the keys, then standard use of certificates and signing can be used to ensure that the patches aren't tampered with before they hit the drive.

        Unfortunately, without the infrastructure in place, it's going to be much harder to ensure that nothing goes wrong.
    • Re: (Score:3, Funny)

      by djradon ( 105400 )
      Yeah, but this is a beautifully-summarized "plot point" on our way to the inevitable: SkyNet, or the Matrix, or whatever you want to call the rise of the machines.
    • by Bananatree3 ( 872975 ) on Thursday February 14, 2008 @05:06PM (#22425800)
      First off this wouldn't be some whitehat's haphazard cure worm like the Welchia worm. This worm would proabably be signed by microsoft, made by microsoft. from TFA:

      Because no central server needs to provide and coordinate all the downloads, Software patches that spread like worms could be faster and easier to distribute because no central server must bear all the load.
      This is more P2P patch distribution, which is not a bad idea.
      • by mhall119 ( 1035984 ) on Thursday February 14, 2008 @05:17PM (#22426010) Homepage Journal
        If only it were possible to provide a list of other servers that somehow mirrored the data available on the central server....

        Or, even better, a way to send requests to the same domain name to physically different servers...

        I think I may be on to something here.
      • by KublaiKhan ( 522918 ) on Thursday February 14, 2008 @05:18PM (#22426032) Homepage Journal
        And what, exactly, is stopping someone from forging an MS cert on their own worm (or, simpler, giving the appearance of a legit one--y'know, like bank website phishing), exploiting the worm dispersal mechanism, and rootkitting everyone who's stupid enough to let this worm in?
        • by Megane ( 129182 )

          And what, exactly, is stopping MS from sending out a worm with security bugs? Given Microsoft's current security track record, I think this would be a bad idea.

          Not only is this an old idea, it was dismissed long ago as a bad idea. I'm amused that Microsoft is only now discovering it.

        • You have a very valid point. Nonetheless, there are several other things you can do:

          1)Every time a "P2P patch" is detected, Windows calculates the patch's MD5 Hash and sends it to Microsoft. If Windows recieves an OK message from Microsoft it's allowed in. And not just a standard "okay" packet, but an encrypted one. You could also have a whitelist on microsoft's site and Windows goes out to it and checks its hash against it.

          2)Encrypt the patch, and require Windows to go out to microsoft's site to get a

        • A hash of the code is encrypted with MS' private key, which stays at HQ, the hash can only be decrypted with the public key. (google asymmetric cryptography, if you'd like more info)
        • Re: (Score:3, Insightful)

          by evanbd ( 210358 )

          Did you pay any attention to the last 30 years or so of cryptography [wikipedia.org]? Any peer-to-peer patch distribution system would use digital signatures that are difficult to fake. The corresponding public keys would be distributed with the OS install or through some other secure mechanism (SSL from the main update site or similar). Any attacker that can install their own key could install a worm through that route anyway.

          P2P is quite good at solving intermittent high demand distribution problems, and is quite we

        • Why would you have to "let [it] in"? The white hat worm spreads itself via the same mechanism as the black hat worm, and closes the vulnerability behind it. You're vulnerable to both of them or neither of them, but either way, you don't have to "let" anything in.

      • Ooh, ooh! If software patched are delivered by torrent, Comcast can't say that blocking torrent traffic is justified. Thanks Microsoft (crap, did I just say that?)
      • First off this wouldn't be some whitehat's haphazard cure worm like the Welchia worm. This worm would proabably be signed by microsoft, made by microsoft.
        And this is supposed to make me feel better? With regards to Microsoft's past and current history of buggy software: ME NO WANT!
      • This is more P2P patch distribution, which is not a bad idea.
        Blizzard uses BitTorrent to distribute patches to World of Warcraft. It generally works quite well, and I'd assume it takes a lot of the load off of Blizzard's servers. The only problem is when you've got an ISP that doesn't like BT...
    • I thought the exact same thing, minus the move along part.

      The thing is, now we can "Let" access come from a good worm, and deny access from a good worm. Also, we now have the tech to have the good worm live a lifespan, for instance, terminating itself on a timer or home connection count, etc such as to reduce the potential hole it leaves open. Or it could be a "signed" worm.

      It's definately an old Idea, but one that we now have a way to make it P2P.
    • by jdray ( 645332 )
      Hmm... It seems like it's a short leap from P2P to worm-based file distribution. How about wrapping a media file with self-replicating code? In a friendly world (yeah, I know, a fiction), software on a destination machine would advertise things it was interested in. The replicant wrapper would seek out machines that wanted it, then start sending. Once the send completed, the item would be removed from the "want" list. If the packages were signed by the creator, you could whitelist known-good packagers
      • Well, in essence you already have this, just with the components re-arranged slightly. You have torrent tracking websites that act as "well-know want-list tracker"s that you can go to to find torrents which act as a "wrapper" when combined with the torrent app to download and upload itself to other people interested in the file (those connected to the same tracker, and therefore interested in the file). If resources were unlimited of course self replicating files would be great, but since storage space and
    • This is a very old idea. One of the earliest worm/viruses was actually of the "white-hat" variety. Nothing to see here, move along.

      And besides being old, this is also a bad idea for two reasons:

      1. Bandwidth: This becomes a major issue under the worm model. Now, instead of having the machine just check for/request updates once a day or so, you have worms on everyones machines trying to ping everyone elses machine to see who else needs the patch. That's a lot more packets than the current system requires.
  • You have a peer to peer protocol built in which'll happily accept Microsoft signed packages?

  • by lawaetf1 ( 613291 ) on Thursday February 14, 2008 @04:56PM (#22425610)
    "A friendly worm updated your computer which required a reboot."
  • Annnndddd... (Score:5, Insightful)

    by RandoX ( 828285 ) on Thursday February 14, 2008 @04:57PM (#22425624)
    What makes this any more legal than a black hat worm?
  • by sm62704 ( 957197 ) on Thursday February 14, 2008 @04:58PM (#22425638) Journal
    It keeps resurfacing every now and then. Get this through your thick skulls: It's my computer. Keep your God damned hands off of it. I don't care how good your intentions are, you have no right to infect MY computer with anything at all, good or bad.

    If you use a tool like this on your own network, fine, but if I find it on my own you had better cover your tracks because I'll go ballistic.
    • No kidding. This can't work. What happens when you "helpful" worm breaks my computer.
      • Re: (Score:2, Insightful)

        by mkoko ( 974106 )
        Or breaks a more critical computer, say at a hospital. Once the possibility of human loss is recognized, this idea should (hopefully) be tossed aside.
    • Re: (Score:2, Interesting)

      by KublaiKhan ( 522918 )
      More to the point, if you can quantify any damage that this worm does to your network, you have a nice big fat target to sue.

      What's more, it'll make one hell of a fun class action suit.

      If they had any sense, MS would nip this one in the bud...but then, they're the ones who gave us Windows Me, so...
    • not exactly (Score:5, Insightful)

      by Brigadier ( 12956 ) on Thursday February 14, 2008 @05:06PM (#22425810)

      If I'm not mistaken according to Micro Soft's EULA you don't actually own the software they do. They are just giving you permission to use it. Though you do own the hardware the worm in question would only affect or change the Soft Ware. In addition you neither own your network connection or most likely the building you live in ( dorm, apartment, mortgaged home etc) so from a purly legal stand point you have no leg to stand on. Though I do completely understand and support the meaning behind yrou rant :)
      • If I'm not mistaken according to Micro Soft's EULA you don't actually own the software they do.

        Microsoft doesn't own a single piece of software on this computer, or my home box. If they want to start "attacking" my systems with worms, maybe I should disassemble one of them and "fix" it. I'm sure most of you can figure out what would be the best way to "repurpose" such a stupid idea.

      • Re: (Score:2, Insightful)

        by zulater ( 635326 )
        Just because you may not own the building or the network you still have a basic right to privacy.
        If you want to argue that route you can still prove that you own the router, network cable, processor etc. so you still own the last few feet they are trespassing on. Heck renters still have a right to use lethal force against an intruder is many states. So there is a legal leg to stand on.
        Regardless privacy is the main concern.
      • Re: (Score:2, Funny)

        by howdoesth ( 1132949 )
        There's no such thing as software, I own my hardware and every single one of the 2^bignum potential states it can be in.
      • Re: (Score:3, Insightful)

        by sm62704 ( 957197 )
        Oh, I realise that it would probably be legal. They have armies of lawyers and lobbyists.

        Now, I keep asking this question about EULAS: tell me, now. Mike buys a naked, no OS computer and a boxed set of Windows Vista Home, and asks me to install it for him. If I'm the one who agrees to the EULA, how is he legally held to that EULA? He didn't agree to anything, I did. And unless he's signed "power of attorney" to me, well?

        What if his ten year old child (or neighbor kid) installs it?

        What if it's already instal
        • Re:not exactly (Score:4, Informative)

          by Brigadier ( 12956 ) on Thursday February 14, 2008 @06:31PM (#22427132)

          Now, I keep asking this question about EULAS: tell me, now. Mike buys a naked, no OS computer and a boxed set of Windows Vista Home, and asks me to install it for him. If I'm the one who agrees to the EULA, how is he legally held to that EULA? He didn't agree to anything, I did. And unless he's signed "power of attorney" to me, well?
          well he owns the computer, and has given you permission to act on his behalf installing the software. assuming you made him aware and he did not object the responsibility is his. If you did not make him aware thus he did not agree to it, he woudl then have recourse if he were sued say by microsoft to then sue you.

          What if his ten year old child (or neighbor kid) installs it?
          if the child is his he will incur any responsibility for actions made by the child

          If I have six PCs in my house networked together then I do own my network connection. I also own MY COPY of Windows. Nowhere on the box does it say I don't.
          See excerpt from microsoft EULA below.

          3. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to you in this EULA. The Software is protected by copyright and other intellectual property laws and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the Software. The Software is licensed, not sold.
          http://www.microsoft.com/windowsxp/home/eula.mspx [microsoft.com]

    • by abes ( 82351 )
      Makes me wonder if you could sue Microsoft for hacking into your computer. Legally, what would give them the right to hack your computer versus the script kiddies? Maybe the can put a clause in their license agreement allowing them to hack-away..

      It would be nice if someone could do something about the spam-bots. I don't think anyone would mind a worm infecting a zombie. If you can't secure your own computer, maybe anyone on the net should have the right of attack? Is there a sure-way to identify a computer
    • If it broke anything on one of my servers or drone machines (Comp sitting in a corner dedicated to a single task), I'd be filing suit for damages.

    • Re: (Score:2, Interesting)

      by Morkano ( 786068 )
      If you find it on your computer, you deserve it. You probably had or were in danger of becoming infected by the worm that exploited the vulnerability this was trying to fix. And I don't care if it's your computer or not, if you can't be trusted to keep it from polluting the Internet at large then someone will have to do it for you.

      A well designed "white hat worm" could just sit and listen for a while until it got hit with a computer probing for the vulnerability and then infect and fix the computer that did
  • Call me crazy but I do not see this as a good thing.
    • by nmoog ( 701216 )
      Take your tin foil hat off mate - Microsoft researchers are working out the perfect strategies, so there is no need to worry.
    • It's not. Right now they can find out if the central server they're connecting to is, in fact, Microsofts using certificates and other security measures that work very well for one, centralized source. What they're planning on doing is relaxing the security of the update process to speed up the update process and take a load off of the central MS server and your company's internet server. Since when has Microsoft reduced security and the consumer come out ahead?
  • by weak* ( 1137369 )
    ... a system that will further reduce transparency regarding MS updates...
  • by ironwill96 ( 736883 ) on Thursday February 14, 2008 @04:59PM (#22425668) Homepage Journal
    Anyone remember when someone did this for Blaster and created the "Welchia" worm variant? An article on it is located here: White Hat Worm [entmag.com] and Microsoft even complained that it "generated excess network traffic". Now they are proposing to do the same thing? How are they going to make the worm spread, through vulnerabilities like Welchia did? Hope they don't use an RPC vulnerability and cause your system to crash like it did!

    I guess this goes with all of the tags we've seen today on articles of "whatcouldpossiblygowrong?".
  • by sd.fhasldff ( 833645 ) on Thursday February 14, 2008 @05:00PM (#22425678)
    I'm surprised this hasn't been slapped with the "whatcouldpossiblygowrong" tag yet.... seems like most stories are, pretty much regardless of content.
  • by TheUni ( 1007895 ) on Thursday February 14, 2008 @05:01PM (#22425714) Homepage
    Customer: Something's wrong, my computer's not acting right.
    Tier1 Customer Support: Ok sir, I'd be happy to help you with that. Firstly, do you have the latest Microsoft Virus(tm) installed?
    Customer: Yes.
    Tier1 Customer Support: OK, do you have an Antivirus installed?
    Customer: Yes.
    Tier1 Customer Support: Ah, that's the problem. You'll need to remove the Antivirus in order for the Virus to function correctly. It's not safe these days to be running without the latest Virii!
  • That is if we're speaking about the management at Microsoft.
    • by sm62704 ( 957197 )
      I must be new here, I RTF this A.

      This has nothing to do with security, it's a means of saving money for Microsoft. If they can push their updates via worms, they use MY bandwidth to distribute their updates rather than their own.

      Evil, sneaky bastards, ain't they? Tami [slashdot.org] would be proud.


      (PS- don't click that link, it will infect you with the "Tami" virus)
  • Stupid Idea (Score:4, Interesting)

    by StillNeedMoreCoffee ( 123989 ) on Thursday February 14, 2008 @05:02PM (#22425732)
    If the mechanism exists, it will be compromised. Haven't you leaned anything yet? Better design a system that can't process a worm.

    The temptation if this became a strategy, i.e. the system can run Microsoft Worms only, would in a very short time, run Microsoft like worms.

    This seems more like and admission that their systems can't be secured.

    Or "Who's finger is in the dike? Dammit, thats not my dike!"
  • ... a site owner who receives one of these "worms" doesn't decide to replace the payload with something nastier. The data could of course be encrypted and checksummed, but this would need access to a central repository again, and would also mean that every machine would need a port wide open to Internet to receive and transmit such data.

  • We had developed a "worm" that exploited the exact same holes as several of the common ones around at the time to release on the corporate network. The point of "worm" was to deliver the fixes for those exploits. We were calling the program a "white worm" (short for White Blood Cell Worm). It was quickly shot down by security at the time.
  • This raises the prospect of worm races
    This made my day...
  • See? This is why M$ built in all of those insecurities, so they could build viral technology to fix your computer all up for you. Don't you wish all those OSS systems could be infected now?

  • IANAL but it's interesting that they are conducting this research in England, at the very least this would require a change in the EULA that MSFT could be deemed an "authorised user" of the computer, from the Computer Misuse Act 1990 [hmso.gov.uk]:

    3 Unauthorised modification of computer material

    (1) A person is guilty of an offence if--

    (a) he does any act which causes an unauthorised modification of the contents of any computer; and

    (b) at the time when he does the act he has the requisite intent and the requisite kno

  • This is old news. Lots of worms are in the wild that infect a machine and then close off it's vulnerabilities so others are unable to exploit it.
  • by mbourgon ( 186257 ) on Thursday February 14, 2008 @05:08PM (#22425866) Homepage
    then we got hit with the anti-slammer worm. The slammer worm hadn't infected us, but the anti-slammer did, and wound up rebooting about 20 servers (which begs the question "why weren't they already patched?"), during the middle of the day. Pure panic mode as they started spontaneously rebooting.
  • Extremely bad idea (Score:3, Insightful)

    by Zen ( 8377 ) on Thursday February 14, 2008 @05:09PM (#22425872)
    I don't care who implements this solution. It was a bad idea a few years ago and it's still a bad idea today. The delivery mechanism will be compromised, and just having this type of thing out there will create new interest in creating hazardous worms/virii. I don't know about you guys, but I don't want anybody touching any of my systems. Ever! How about differences in configurations? What if I have a highly modified registry because I'm doing some advanced package testing? Then you come in and 'fix' something based on default values and it corrupts my entire system? Who's going to fix it then?

    What about all the security admins who filter traffic based on pattern matches and ports? So now when we see a spike in traffic from thousands of machines going to 1433 on successive IP's we're supposed to somehow make a diagnosis on whether it's good or bad traffic? It's unnecessary overhead on the network. Whatever it's intention, auto fixing of problems and specifically designed auto replicating extra internet traffic is a bad idea.
  • by RyLaN ( 608672 ) <satH4n@gAUDENmail.com minus poet> on Thursday February 14, 2008 @05:10PM (#22425886) Homepage
    http://blanu.net/curious_yellow.html/ [blanu.net]

    Brandon Wiley proposed a scenario in which a future internet would be consumed by the warfare between several (black or white) worms that feature node-coordinated efforts to prevent detection and removal. For those too lazy to read the link, "Curious Yellow" is basically a modular worm in which zero-day exploits can be added as they are discovered allowing for unchecked growth across the 'net. The worm can then work with other nodes to attack targets by dropping all their traffic, or by subtly modified whatever they receive. The best way to fight such a worm is with fire, a similarly designed "white" worm that goes around patching hosts as quickly as it can.

    IMO, remote exploits are rare enough that I don't see this ever happening. On the other hand, with enough infected bot nodes to work with the data mining potentials of some of the more sophisticated extant work networks does worry me...
  • I'm no expert in such things, but why couldn't they release a Microsoft Update P2P client that:

    1) Checked Microsoft's servers for a list of needed updates with MD5 hashes for those updates.

    2) Check bittorrent or some other P2P network (perhaps even a custom one) for those updates.

    3) Download the file, compare it against the MD5 hash.

    4) If it doesn't match, delete it and find it on another computer. If it does match, alert the user to install the update. (Or install it automatically if that's the setting t
    • by querist ( 97166 )
      You are, in my opinion, much closer to what they are planning than you may realize. Also, before I go any further, I think your solution is better than theirs for reasons I will list later.

      By using a worm to distribute the fix they are, in effect, creating a peer-to-peer network. The difference is that in your scenario the machine initiates the upgrade process, while in Microsoft's the machine is given the upgrade. If you are running something critical, you can tell it to wait and come back later. Will Micr
  • Don't matter if your intent is good, its still a crime and i hope they get caught and sent to prison for life and have a cell mate called bubba.
  • ... and what if [we] don't want to be fixed?
  • How on earth are antivirus programs supposed to distinguish between "good" and "bad" viruses/worms? Unless this is meant specifically to attack the issue of botnets and repair them I can't see this as actually being useful in any way. If they convince Symantec, Trend Micro, etc. to treat MS worms as legitimate then the virus writers will figure out how those products do this and mirror it to avoid detection. If the anti-virus programs don't then either these fixes will be rejected by everybody who has a
  • MS limits their liability for using their software to $5, as specified in the EULA. However, this would open them up to severe liability concerns. Unless you explicitly opt in, or it's mentioned in the EULA already, you'd have a hard job deflecting liability when a botched patch nukes half the NHS.

    With most viruses, you haven't a clue where they come from, so you can't sue. This one will likely be cryptographically signed.
  • by Secret Rabbit ( 914973 ) on Thursday February 14, 2008 @05:19PM (#22426042) Journal
    Because M$ is soooo very good at normal updates:

    http://blogs.msdn.com/ie/archive/2007/12/18/post-install-issues-with-ms07-069-ie6-on-xpsp2.aspx [msdn.com]

    (Among others) That they'll be a perfect candidate to create this type.

    For that matter, I'd really like to know how someone/people who might do this, would get around that whole illegal thing.
  • by gweihir ( 88907 ) on Thursday February 14, 2008 @05:24PM (#22426128)
    There are no friendly worms. Compromising the security of a system, REGARDLESS OF PURPOSE, is a hostile and criminal act. There is no excuse for it. In addition, an agile black hat could hijack the worm and put its own malcode in there.

    Anybody proposing this nonsense just shows they do not even have elementary security knowledge and did not research the topic at all. Incompetents.
  • by hoggoth ( 414195 ) on Thursday February 14, 2008 @05:28PM (#22426176) Journal
    Till the script kiddies use this delivery mechanism to bypass all security and deliver their own custom payloads.
    Yay Microsoft! They have such good instincts when it comes to security!
  • A very interesting idea... Use a known vulnerability to "infect" a system, and close that very same vulnerability.

    I foresee legal problems, trojans, network bandwidth being wasted, and new bugs introduced. "No Sir, I don't like it."

  • Because I can just see the numerous lawsuits that will appear when their stupid worm-composed of that "innovative" buggy Microsoft code we here so much about-is hijacked by malicious people or the worm itself screws up end-users computers.
  • So there will be even more traffic as a "whitehat" worm tries to patch up a "blackhat" worm spraying from several infected servers/workstations. And whats to say someone maliciously alters the "whitehat" worm??
  • called Uplink [uplink.co.uk] *Spoiler alert* at the end of your regular hacker job you find out what the mega-corporation is doing and have to stop their ultimate bad worm with one that patches systems. It was a pretty fun game.
  • Only just got the Christmas decorations down and it's April 1 already...

    Oh, wait... they're serious?!?!?!?
  • Maybe I missed something but if load on servers is a problem and you are going to try and push that problem off onto customers, why not just use the bit torrent way of distributing patches? Blizzard has done it with WoW since day 0 and it has worked out for them... especially on large patches. Seems like an easy integration into your software. If even a single person helps seed that isn't your server, that's already a bonus.
  • Just stop. It's not a good idea. It has never been a good idea, it will never be a good idea. There is no such thing as a "white-hat worm". No matter what the intentions of its writers are, the worm itself will never be "white-hat". It's going to cause problems on a technical level. It's going to cause problems on a legal level.
    And even if you accept, for a moment, the premise that this worm could actually work without any collateral damage (which is unacceptable), do you REALLY want Microsoft (or any entit
  • Th3y just w4nt t0 p4wn 4ll t3h n3tw0x! B1llyG mu$t b3 0n3 3l1t3 k1dd13...

    No seriously...they're now writing the virus?!!! I guess they've given up on actually producing relatively secure software then...

    Just like the old saying - if you can't beat them, join them. ;-)

    Yet another reason to go to Linux, Mac, or something else.
  • What's going to stop a worm from using the vulnerability MS opens for a whitehat worm for nefarious purposes? It will be found.
  • If you have a means for a worm to tell a computer that it is really a fix, all a hacker has to do is spoof that, and the machine will accept a virus as the fix.

  • by Tom ( 822 )
    been there, done that [lemuria.org] and dumped the idea as incredibly stupid and pretty dangerous, together with everyone else who's been doing research in that area several years ago.

    What's MS at? Reinventing old, bad ideas, again?

God help those who do not help themselves. -- Wilson Mizner