mailing list archives
Re: Benign Worms
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 14 May 2005 14:04:35 +1200
k k wrote:
I am an academic researcher. ...
One so well-versed in the area of which you enquire and with such a
relevant academic record that you hide behind a Hotmailaddress?
... I benefited a lot during my previous
interaction at the full disclosure list on a different topic and now, I am
here to get some input on benign worms.
There are no benign worms.
I'm not denying that it is not actually possible to design such, but
once you've put _all_ the safety checks and other requirements in place
to fulfill any vaguely sane and "widely acceptable" notion of benign
worm" you'll have designed something massively more complex and
convoluted than any existing patch management system.
If you don't think that's the case then you are not much of
_researcher_, "academic" or not. If you don't believe that, please
sensibly refute (in the true academic sense) a few of the arguments
against the possibility of "good viruses" in Vesselin Bontchev's papers
on the topic.
There is debate surrounding whether releasing benign worms such as Nachi or
You know, I've heard them called an awful lot of things but the word or
notion of "benign" was never one of them...
Are you _sure_ you're an academic?
Oh wait -- of course you are! Some of the whacky, distant outfields of
abstract intelligentsia are the only places the notions of "good
viruses" and "benign worms" have ever been seriously considered
(apologies in advance to Fred, but I think deep down even he accepts
that at the level of real-world practicality, there can be no such
thing as a "good" virus).
... in general is ethical or not.
You must really hang out in very limited circles. The only folk in
favour of such releases are miscreants with severely impaired ethical
development. Most of them still get kicks pulling wings off flies.
... But network administrators can still
create benign worms for their need (not necessarily Nachi or Welcha) and
release them in their domain to patch systems.
1. Do people do that? Or at least, have you considered it?
2. If yes, under what conditions would you do that?
3. If not, what prevents you from doing that?
Why would any semi-intelligent sys-admin who, by definition has
administrative rights over what s/he is allowed control of and does not
have such rights over that which s/he does not have control of, bother
with something as haphazard and potentially dangerous should something
go wrong with it?
Much better that s/he use the arsenal of system administration, patch
management, change control, monitoring, policy enforcement and so on
tools than arse around with some exploit code that is largely untested
and try to glue all the cotrols and restrictions onto it to meet that
reasonable standard of benevolence alluded to above.
I see the originating IP in your message is a machine in the "mgmt"
domain at purdue.edu. Rather than tossing your odd-ball notions around
in the Management department, did you consider talking to serious
computer security researchers, such Spaf and his fellow academics and
their students over in CS? Have you even heard of CERIAS -- The Center
for Education and Research in Information Assurance and Security?
Or the COAST (Computer Operations, Audit, and Security Technology)
Do these Purdue academics share your views of "benign worms"? Might
their intellectual and academic achievements in their collective
decades of research in closely relevant areas more than slightly
outweigh your twenty minutes musing over a term paper topic?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: Benign Worms Mike Hoye (May 13)
Re: Benign Worms J.A. Terranson (May 13)
Re: Benign Worms Nick FitzGerald (May 14)
Re: Benign Worms tuytumadre (May 14)