| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <OFEBD10CCC.1AD3A9EA-ON86256EF9.004A30E2-86256EF9.004EE24E@kohls.com> From: Bart.Lansing at kohls.com (Bart.Lansing@...ls.com) Subject: The 'good worm' from HP I'm fairly sure I disagree with you, Nick. I don't believe we need Brontchev's paper in hand or head to discuss whether or not self-replicating, active,"beneficial code" is a good idea or not. Contrary to the tone of some of your posts, many of us are fairly bright, reasonably well educated, and capable of forming our own opinions without someone else framing the debate for us. In fact, Brontchev's thoughts on constructing/distributing a beneficial virus come down, in the end, to just being a publish and subscribe software distribution method...hardly revolutionary or ground-breaking even when he wrote it. As relates specifically to HP/Active Countermeasures, however: HP Is looking to market /deploy this as a managed tool, most likely as a bolt on to OpenView, not "unleash" it on the net...more to the point, it is not viral (as described, in fact, in Bontchev's paper...so let's not quibble about that definition). As a managed systems tool, confined to pre-defined systems, it matters not a whit what Bontchev's paper has to say. If it's a functional, efficient tool to assist in keeping systems secure and patched it's going to be used. In the case of this specific product, I think that several posters here need to do a little mnore research into the product. It's a scanner, based on reported/compiled vulnerabilities, coupled with some rules-based capabilities such as taking a machine off a network, forcing patches, etc. I think too many people here (and elsewhere) heard the term "good worm" and leapt to a series of conclusions so quickly that they never bothered to find out what it was that they were talking about. Bart Lansing Manager, Desktop Services Kohl's IT Nick FitzGerald <nick@...us-l.demon.co.uk> Sent by: full-disclosure-admin@...ts.netsys.com 08/20/2004 09:14 PM Please respond to nick@...us-l.demon.co.uk To full-disclosure@...sys.com cc Subject Re: [Full-Disclosure] The 'good worm' from HP Maarten wrote: > Stuff like counter-attacking has been discussed often, whether in large open > forums such as FD or in more private circles. Mostly, people were too > concerned to open themselves up for huge lawsuits and or for prosecution > even, but now that an important influential company like HP is suggesting > (building) it, this may well signifiy an important shift in the fight against > malware. I, for one, welcome the initiative... You need to read Vesselin Bontchev's classic "Are 'Good' Viruses Still a Bad Idea?" paper before you can even begin to enter this debate. And if you think the age of that paper automatically disbars it from contemporary discussion, the reason there are no more recent papers worth reading is because no-one has meaningfully challenged Bontchev's position since that paper was written. I hope the HP folk have read it and thought very carefully about all this... (Sadly the media reports are too "light and fluffy" to make anything sensible of what HP is really proposing.) -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists