Jeff Workman wrote:
Therefore the "good" people should beat the bad people to the punch and
write the worm first. Make it render the vulnerable system invulnerable
or if neccessary crash it/disable the port etc..... so that the "lazy"
administrators fix it quick without losing their hard drive contents or
taking out the neighborhood.Such "corrective" behavior as suggested by you might also be implemented
in such a "proactive" worm.How many fewer zombies would there be if this was happening?
As I understand it, Netsky is supposed to be such a worm. Doesn't seem
to make much of a difference, does it?I thought that Nachi/Welchia was supposed to be such a worm as well,
and it ended up doing more harm than good.One could argue that those were implementation issues, probably
performed by people who did not know what they were doing.From a perspective of auto-patch, *no* programmers "know what they're
doing". The state of the art of software engineering, even for
well-designed, well-implemented, well-tested systems, is not good
enough to allow arbitrary "correct" patches to be installed blindly on
a critical system. Let me put it like this: how many ISPs like to
install the latest versions of IOS or JunOS on all of their routers
without testing it first?
From a purely legal perspective, even a well-written, benevolent worm
is illegal -- the writer is not an "authorized" user of my computer.
But I'd never authorize someone to patch my system, even an ordinary
desktop PC, without my consent -- there are times when I can't afford
to have it unavailable. (Many U.S. residents are in such a state for
the next four days, until they get their income tax returns prepared
and filed. I don't even like installing virus updates at this time of
year.)
Auto-patch is a bad idea that just keeps coming back. Auto-patch by
people other than the vendor, who've done far less testing, is far
beyond "bad".
--Steve Bellovin, error