Feb 15 2008

Scary concept: Friendly worms

Published by at 1:00 pm under Malware

This isn’t a new idea, the concept of creating worms that patch your computer when you catch them. There are even some malware out there now that patches vulnerabilities on systems to make sure other worms can’t exploit the same vulnerabilities. But the problem is, if both beneficial and malign software show the same basic behavior patterns, how do you differentiate between the two? And what’s to stop the worm from being mutated once it’s started, since bad guys will be able to capture the worms and possibly subverting their programs.

The article isn’t clear on how the worms will secure their network, but I don’t believe this is the best way to solve the problem that’s being expressed. The problem being solved here appears to be one of network traffic spikes caused by the download of patches. We already have a widely used protocols that solve this problem, bittorrents and P2P programs. So why create a potentially hazardous situation using worms when a better solution already exists. Yes, torrents can be subverted too, but these are problems that we’re a lot closer to solving than what’s being suggested.

I don’t want something that’s viral infecting my computer, whether it’s for my benefit or not. The behavior isn’t something to be encouraged. Maybe there’s a whole lot more to the paper, which hasn’t been released yet, but I’m not comfortable with the basic idea being suggested. Worm wars are not the way to secure the network.
[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

6 responses so far

6 Responses to “Scary concept: Friendly worms”

  1. # kurt wismeron 15 Feb 2008 at 1:39 pm

    vesselin bontchev’s paper “are good viruses still a bad idea” (http://www.people.frisk-software.com/~bontchev/papers/goodvir.html) is pretty much the final word on this topic and has been for more than a decade… microsoft is clearly too big for the right hand to know what the left hand is doing, otherwise some of the very bright people working on their anti-malware offering (who i *know* know this stuff) would have put an end to this train of thought before this embarrassing publication…

  2. # Martinon 15 Feb 2008 at 4:16 pm

    Thanks for the link. I knew I’d read a paper on this before I just hadn’t realized how long ago it was. Maybe the new MS paper will bring something new to light but I somehow doubt it.

    Martin

  3. # Leeon 15 Feb 2008 at 9:41 pm

    If this ever comes to pass, I can see a lot of high-interaction honeypot owners being pretty upset :)

  4. # Suggested Blog Reading - Monday February 18th, 2008 | Andrew Hayon 18 Feb 2008 at 4:29 pm

    [...] Scary concept: Friendly worms – If this ever became a reality, which I doubt it will, how long would you expect it would take before someone exploited the updating and transport mechanism to “do evil”? This isn’t a new idea, the concept of creating worms that patch your computer when you catch them. There are even some malware out there now that patches vulnerabilities on systems to make sure other worms can’t exploit the same vulnerabilities. But the problem is, if both beneficial and malign software show the same basic behavior patterns, how do you differentiate between the two? And what’s to stop the worm from being mutated once it’s started, since bad guys will be able to capture the worms and possibly subverting their programs. [...]

  5. # Robert Penz Blog » Good Worms - Just a stupid ideaon 21 Feb 2008 at 2:09 am

    [...] Security podcast, which I listen to, also thinks that this is a bad idea – take also a look at his toughs. In IT Security [...]

  6. # Robert Penzon 21 Feb 2008 at 2:09 am

    Hi!

    Just found that you wrote about the same topic as I did. Take a look at my thoughts http://robert.penz.name/33/good-worms-just-a-stupid-idea/

    I just put a link to your post into it.

Trackback URI | Comments RSS

Leave a Reply