Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Benign Worms
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 14 May 2005 14:04:35 +1200

k k wrote:

I am an academic researcher.  ...

One so well-versed in the area of which you enquire and with such a 
relevant academic record that you hide behind a Hotmailaddress?

Yeah, right...

...  I benefited a lot during my previous 
interaction at the full disclosure list on a different topic and now, I am 
here to get some input on benign worms.

There are no benign worms.

I'm not denying that it is not actually possible to design such, but 
once you've put _all_ the safety checks and other requirements in place 
to fulfill any vaguely sane and "widely acceptable" notion of benign 
worm" you'll have designed something massively more complex and 
convoluted than any existing patch management system.

If you don't think that's the case then you are not much of 
_researcher_, "academic" or not.  If you don't believe that, please 
sensibly refute (in the true academic sense) a few of the arguments 
against the possibility of "good viruses" in Vesselin Bontchev's papers 
on the topic.

There is debate surrounding whether releasing benign worms such as Nachi or 
Welcha, ...

You know, I've heard them called an awful lot of things but the word or 
notion of "benign" was never one of them...

Are you _sure_ you're an academic?

Oh wait -- of course you are!  Some of the whacky, distant outfields of 
abstract intelligentsia are the only places the notions of "good 
viruses" and "benign worms" have ever been seriously considered 
(apologies in advance to Fred, but I think deep down even he accepts 
that at the level of real-world practicality, there can be no such 
thing as a "good" virus).

... in general is ethical or not.  

You must really hang out in very limited circles.  The only folk in 
favour of such releases are miscreants with severely impaired ethical 
development.  Most of them still get kicks pulling wings off flies.

...  But network administrators can still 
create benign worms for their need (not necessarily Nachi or Welcha) and 
release them in their domain to patch systems.

1. Do people do that?  Or at least, have you considered it?

2. If yes, under what conditions would you do that?

3. If not, what prevents you from doing that?

Why would any semi-intelligent sys-admin who, by definition has 
administrative rights over what s/he is allowed control of and does not 
have such rights over that which s/he does not have control of, bother 
with something as haphazard and potentially dangerous should something 
go wrong with it?

Much better that s/he use the arsenal of system administration, patch 
management, change control, monitoring, policy enforcement and so on 
tools than arse around with some exploit code that is largely untested 
and try to glue all the cotrols and restrictions onto it to meet that 
reasonable standard of benevolence alluded to above.

...

I see the originating IP in your message is a machine in the "mgmt" 
domain at purdue.edu.  Rather than tossing your odd-ball notions around 
in the Management department, did you consider talking to serious 
computer security researchers, such Spaf and his fellow academics and 
their students over in CS?  Have you even heard of CERIAS -- The Center 
for Education and Research in Information Assurance and Security?

   http://www.cerias.purdue.edu/

Or the COAST (Computer Operations, Audit, and Security Technology) 
project?

   http://www.cs.purdue.edu/

Do these Purdue academics share your views of "benign worms"?  Might 
their intellectual and academic achievements in their collective 
decades of research in closely relevant areas more than slightly 
outweigh your twenty minutes musing over a term paper topic?


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]