mailing list archives
Re: Benign Worms
From: Valdis.Kletnieks () vt edu
Date: Fri, 13 May 2005 12:26:00 -0400
On Fri, 13 May 2005 11:13:03 CDT, k k said:
There is debate surrounding whether releasing benign worms such as Nachi or
Welcha, in general is ethical or not. But network administrators can still
create benign worms for their need (not necessarily Nachi or Welcha) and
release them in their domain to patch systems.
1. Do people do that? Or at least, have you considered it?
I doubt anybody seriously considers it
3. If not, what prevents you from doing that?
There's 3 basic setups:
1) You don't have a lot of machines. You don't *need* a worm to update 5 or 10
boxes, just walk to each and do it.
2) You have a lot of machines that aren't under your direct administrative control
(for example, an ISP or a university). You can't deploy a worm, because those
boxes aren't yours to screw around with - worming them could get you arrested
for hacking and/or end up liable for any damages caused if a machine glitches
during the patch.
3) You have a lot of machines under your control that you need to update.
You don't need a worm - there's plenty of tools like "Push an update via
an AD policy" and so on, and you should be using those.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/