Convinced that businesses will use nonmalicious worms to cut down on network security costs, a high-profile security researcher is pushing ahead with a new framework for creating a "controlled worm" that can be used for beneficial purposes.
Dave Aitel, vulnerability researcher at New York-based Immunity Inc., unveiled a research-level demo of the "Nematode" framework at the Hack In The Box confab in Kuala Lumpur, Malaysia, insisting that good worms will become an important part of an organizations security strategy.
"Were trying to change the way people think," Aitel said in an interview with Ziff Davis Internet News. "We dont want people to think this is impossible. Its entirely possible to create and use beneficial worms and its something businesses will be deploying in the future."
For years, security experts have debated the concept of using good worms to seek and destroy malicious worms. Some believe that its time to use the worms tactics against them and build good worms that fix problems but the chaos and confusion associated with self-propelled replicating programs have left others unconvinced.
Aitel is among those who believe it is "inevitable" that worm technology can significantly reduce the cost of disinfecting and maintaining a corporate network.
"We already have a proof-of-concept that can take a very simple exploit, go through a few steps and, in a matter of minutes, create a working nematode," Aitel said.
He took the name for the concept from the pointy-ended worm used to control pests in crops. "We can generate a nematode any way we want. You can make one that strictly controls, programmatically, what the worm does," Aitel explains.
Aitel, who did a six-year stint as a computer scientist at the NSA (National Security Agency) before moving on to work as a code-breaker for research outfit @Stake Inc., is adamant that nematodes can provide the answer for lowering security costs.
He sees a world where "strictly controlled" nematodes are used by ISPs, government organizations and large companies to show significant cost savings.
During his Hack In The Box presentation, Aitel outlines the reasons for creating nematodes and displayed strict protocols that can be used to control the beneficial worms.
He said nematodes can be automatically created from available vulnerability information and even showed off a new programming language to create the worms.