Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    Up With Good Worms

    Written by

    Jim Rapoza
    Published April 21, 2003
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Its not science fiction. Giant networks of zombie computers are poised to unleash massive destruction on the Internet. Youve read about it right here in eWeek (see “Thwarting the zombies” by Dennis Fisher, from the March 31 issue). There are other causes for concern: In this space last week, my colleague Timothy Dyck detailed a litany of root-level vulnerabilities that came to light in March alone; and worm activity has increased tenfold this year.

      But what bothers me most is a strong sense of déjà vu. Every year bad things happen for security, calls are made to improve security infrastructure and patching practices, and for each step forward, there are two steps back. Threats arent worse because attackers have gotten smarter. Its either that system administrators have gotten lazier or are overworked due to layoffs or both.

      In most cases, the big security problems you read about every day are simply due to crackers taking advantage of old problems in tens of thousands of unpatched systems for which patches have been available for months or years.

      So whats the solution? I think its time to use the worms tactics against them and build good worms that fix problems.

      Two years ago I wrote a column about the Cheese worm, which entered Linux systems that had a known security hole and then patched the systems. As I said at the time, Im not in favor of vigilante-type good worms like Cheese that come out of nowhere. But I do think trusted security entities like CERT or SANS could create and use good worms very effectively.

      This tactic has been discussed in the security community before, and there are some strong arguments against the use of good worms. But in the face of zombie networks numbering tens of thousands of machines, which could be disabled in a single night by good worms, Im willing to take these criticisms on.

      By far, the most common criticism of good worms is that they would be entering systems uninvited and making changes to the system (thats hacking!). This is generally known as the “Its my system so stay the heck off of it” defense.

      My response to this is that if you havent protected your system against well-known holes that have had fixes in place for months or years, then you obviously have abdicated responsibility for your system. Your systems are now a threat to others.

      With the deadly SARS virus raging in Asia right now, if I decided to fly to Hong Kong, kiss everyone in sight, then cough in crowded theatres in New York, I should fully expect to be hauled off to a hospital and quarantined. I dont think an “Its my body and I can spread disease if I want to” defense would work very well.

      Another argument is that the good worm could make changes to the system that could cause problems. This is definitely true. So on one side, we have an unpatched system thats been taken over by malicious people who could be using it as part of massive attacks to take down the Internet. On the other, we have a single, poorly managed system that is likely already having problems and may have a few more. Which scenario do you think makes for a better Internet?

      Of course, a good worm is still a worm, and another argument says that worms are inherently uncontrollable, meaning that good worms will cause traffic problems and spread out of control. This is true of most worms today, but thats only because no one has designed a legitimate, well-coded and peer-reviewed good worm. One can easily envision simple controls such as built-in expirations and bandwidth management that would limit or eliminate these effects.

      The argument in response is that creating a legitimate, well-coded and peer-reviewed good worm takes a lot of time, much too long given the speed at which worms spread. My reply: Most worms dont take advantage of a newly discovered problem. Most are using security holes that have been known for a long time.

      There are some questions that need to be answered. Who would design and manage these worms? The government, CERT, vendors or some yet-to-be-formed body? Which problems should be addressed by them? Whats the notification procedure for systems that have been patched by a good worm? Does it leave a message for the administrator? None of these are insurmountable roadblocks.

      The best course of action is to manage your systems effectively and keep them well-patched, hardened and secure against problems. Then you wont have to worry about worms in your own systems, just in your neighbors.

      Jim Rapoza
      Jim Rapoza
      Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.