lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: Bart.Lansing at (
Subject: The 'good worm' from HP

I'm fairly sure I disagree with you, Nick.  I don't believe we need 
Brontchev's paper in hand or head to discuss whether or not 
self-replicating, active,"beneficial code" is a good idea or not. Contrary 
to the tone of some of your posts,  many of us are fairly bright, 
reasonably well educated, and capable of forming our own opinions without 
someone else framing the debate for us.  In fact, Brontchev's thoughts on 
constructing/distributing a beneficial virus come down, in the end, to 
just being a publish and subscribe software distribution method...hardly 
revolutionary or ground-breaking even when he wrote it.

As relates specifically to HP/Active Countermeasures, however:

HP Is looking to market /deploy this as a managed tool, most likely as a 
bolt on to OpenView, not "unleash" it on the net...more to the point, it 
is not viral (as described, in fact, in Bontchev's let's not 
quibble about that definition).  As a managed systems tool, confined to 
pre-defined systems, it matters not a whit what Bontchev's paper has to 
say.  If it's a functional, efficient tool to assist in keeping systems 
secure and patched it's going to be used.  In the case of this specific 
product, I think that several posters here need to do a little mnore 
research into the product.   It's a scanner, based on reported/compiled 
vulnerabilities, coupled with some rules-based capabilities such as taking 
a machine off a network, forcing patches, etc.  I think too many people 
here (and elsewhere) heard the term "good worm" and leapt to a series of 
conclusions so quickly that they never bothered to find out what it was 
that they were talking about.

Bart Lansing
Manager, Desktop Services
Kohl's IT

Nick FitzGerald <> 
Sent by:
08/20/2004 09:14 PM
Please respond to


Re: [Full-Disclosure] The 'good worm' from HP

Maarten wrote:

> Stuff like counter-attacking has been discussed often, whether in large 
> forums such as FD or in more private circles.  Mostly, people were too 
> concerned to open themselves up for huge lawsuits and or for prosecution 

> even, but now that an important influential company like HP is 
> (building) it, this may well signifiy an important shift in the fight 
> malware.  I, for one, welcome the initiative...

You need to read Vesselin Bontchev's classic "Are 'Good' Viruses Still 
a Bad Idea?" paper before you can even begin to enter this debate.  And 
if you think the age of that paper automatically disbars it from 
contemporary discussion, the reason there are no more recent papers 
worth reading is because no-one has meaningfully challenged Bontchev's 
position since that paper was written.

I hope the HP folk have read it and thought very carefully about all 
this...  (Sadly the media reports are too "light and fluffy" to make 
anything sensible of what HP is really proposing.)

Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Full-Disclosure - We believe in it.

Powered by blists - more mailing lists