North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Packet anonymity is the problem?
In message <[email protected]>, Joe Maimon writes: > >Jeff Workman wrote: > >> --On Sunday, April 11, 2004 2:45 PM -0400 Joe Maimon >> <[email protected]> wrote: >> >>> Therefore the "good" people should beat the bad people to the punch and >>> write the worm first. Make it render the vulnerable system invulnerable >>> or if neccessary crash it/disable the port etc..... so that the "lazy" >>> administrators fix it quick without losing their hard drive contents or >>> taking out the neighborhood. >>> >>> Such "corrective" behavior as suggested by you might also be implemented >>> in such a "proactive" worm. >>> >>> How many fewer zombies would there be if this was happening? >> >> >> As I understand it, Netsky is supposed to be such a worm. Doesn't seem >> to make much of a difference, does it? >> >> I thought that Nachi/Welchia was supposed to be such a worm as well, >> and it ended up doing more harm than good. > >One could argue that those were implementation issues, probably >performed by people who did not know what they were doing. > >From a perspective of auto-patch, *no* programmers "know what they're doing". The state of the art of software engineering, even for well-designed, well-implemented, well-tested systems, is not good enough to allow arbitrary "correct" patches to be installed blindly on a critical system. Let me put it like this: how many ISPs like to install the latest versions of IOS or JunOS on all of their routers without testing it first? >From a purely legal perspective, even a well-written, benevolent worm is illegal -- the writer is not an "authorized" user of my computer. But I'd never authorize someone to patch my system, even an ordinary desktop PC, without my consent -- there are times when I can't afford to have it unavailable. (Many U.S. residents are in such a state for the next four days, until they get their income tax returns prepared and filed. I don't even like installing virus updates at this time of year.) Auto-patch is a bad idea that just keeps coming back. Auto-patch by people other than the vendor, who've done far less testing, is far beyond "bad". --Steve Bellovin, http://www.research.att.com/~smb
|