k k wrote: > I am an academic researcher. ...
One so well-versed in the area of which you enquire and with such a relevant academic record that you hide behind a Hotmailaddress? Yeah, right... > ... I benefited a lot during my previous > interaction at the full disclosure list on a different topic and now, I am > here to get some input on benign worms. There are no benign worms. I'm not denying that it is not actually possible to design such, but once you've put _all_ the safety checks and other requirements in place to fulfill any vaguely sane and "widely acceptable" notion of benign worm" you'll have designed something massively more complex and convoluted than any existing patch management system. If you don't think that's the case then you are not much of _researcher_, "academic" or not. If you don't believe that, please sensibly refute (in the true academic sense) a few of the arguments against the possibility of "good viruses" in Vesselin Bontchev's papers on the topic. > There is debate surrounding whether releasing benign worms such as Nachi or > Welcha, ... You know, I've heard them called an awful lot of things but the word or notion of "benign" was never one of them... Are you _sure_ you're an academic? Oh wait -- of course you are! Some of the whacky, distant outfields of abstract intelligentsia are the only places the notions of "good viruses" and "benign worms" have ever been seriously considered (apologies in advance to Fred, but I think deep down even he accepts that at the level of real-world practicality, there can be no such thing as a "good" virus). > ... in general is ethical or not. You must really hang out in very limited circles. The only folk in favour of such releases are miscreants with severely impaired ethical development. Most of them still get kicks pulling wings off flies. > ... But network administrators can still > create benign worms for their need (not necessarily Nachi or Welcha) and > release them in their domain to patch systems. > > 1. Do people do that? Or at least, have you considered it? > > 2. If yes, under what conditions would you do that? > > 3. If not, what prevents you from doing that? Why would any semi-intelligent sys-admin who, by definition has administrative rights over what s/he is allowed control of and does not have such rights over that which s/he does not have control of, bother with something as haphazard and potentially dangerous should something go wrong with it? Much better that s/he use the arsenal of system administration, patch management, change control, monitoring, policy enforcement and so on tools than arse around with some exploit code that is largely untested and try to glue all the cotrols and restrictions onto it to meet that reasonable standard of benevolence alluded to above. ... I see the originating IP in your message is a machine in the "mgmt" domain at purdue.edu. Rather than tossing your odd-ball notions around in the Management department, did you consider talking to serious computer security researchers, such Spaf and his fellow academics and their students over in CS? Have you even heard of CERIAS -- The Center for Education and Research in Information Assurance and Security? http://www.cerias.purdue.edu/ Or the COAST (Computer Operations, Audit, and Security Technology) project? http://www.cs.purdue.edu/ Do these Purdue academics share your views of "benign worms"? Might their intellectual and academic achievements in their collective decades of research in closely relevant areas more than slightly outweigh your twenty minutes musing over a term paper topic? Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/