The internet is full of hosts running unpatched versions of Windows. Should Microsoft release patching worms to fix every vulnerable system on the Internet in a matter of minutes? That's one of the hot questions that security researcher Jose Nazario, famous for his WormBlog, answered in this interview on SecurityFocus. It's a nice read, especially when they start comparing computer worms to nature phenomena.
Post a Comment
Member since:
---
Member since:2005-07-08
Member since:
---
Member since:---
Member since:
2005-08-07
I know this is one of those recurring memes onthe net, but really who is it that tinks this is a good idea? How much will these peole like it when the next 'patch worm' does a DRM update and suddenly non of their media will work? Or suddenly they'e unable to open the html document they jut saved because they don't have authorcreator authentications?
Don't laugh, the way things have been going lately that IS the future. The next time one of us geeks wh ought know better proposes something like this, even as speculaion, let's try to remember that what gets imposed on the technically iliterate is something that we ALL have to lve with--just look at Windows activation and how many pirates its created out of people who use a VLK copy of Windows despite actually being the owner of a legitatmate Windows Key and media simply to avoid the hasslesof re-re-e-re-regstation every time they upgrade.
People need to start thinkin about the law of unintended consequences!
--bornagainpenguin
PS: 'I use Linux, this type of stuff doesn't affect me' doesn't apply here--Linus has made it clear that he (for better or worse) sees nothng wrong with DRM...this type of thing affects everyone!
Member since:2005-08-10
I think you're blowing this whole DRM thing out of proportion.
If for example, Microsoft removes your ability to play non-DRM'd content (which I don't see happening anytime soon), use something else. If the use of hardware enforced DRM becomes mandatory, it's not the technology that is the problem, but the people making the rules.
TCPA can be used for a lot of good things, most of which have sod all to do with DRM, and you as a Linux user would do well to adopt it for those reasons when the technology becomes widely available (storing cryptographic keys in the hardware instead of in files on your HD, etc.).
I don't ever see a situation come about wherein alternative operating systems will not be able to run on TCPA hardware. If some Disney flicks won't play on these machines because that corporation doesn't trust your software, I hardly see that as a huge loss.
Back on topic, I think this patching worm is a neat idea, but it's likely to cause more problems than it's worth. That's what automatic updates are for.
Member since:2005-08-07
>>I think you're blowing this whole DRM thing out of proportion.
Fair enough...It's just the first example that came to mind.
I just have a problem with people thinking a 'patch worm' is a good idea. Like I said we need to beware the law of unintended consequences.
>>If for example, Microsoft removes your ability to play non-DRM'd
>>content (which I don't see happening anytime soon), use
>>something else. If the use of hardware enforced DRM
>>becomes mandatory, it's not the technology that is the
>>problem, but the people making the rules.
Ah! But with a 'patch worm' we're not talking about the people who make the rules anymore. We're talking about arbitary decisions being made for you by God knows who! Okay, here's a senario for you, like many of us I have a legal copy of Windows XP, yet use a VLK cd in order to not have to call home to Microsoft every time I reinstall or want to fiddle with my hardware or software. Now suppose someone gets tired of all the people out there running the FCKGW Windows series and builds a patch worm that would cause their machines to stop working by patching the system to behave like XP HomePro after the grace period.
What about a 'patch worm' that goes through your MP3s collection and if it finds say...Madonna it deletes all songs with her name? Or maybe the RIAA manages to get that law rammed through where by they can send viruses out to 'fix' your computer if you're caught with any of the known p2p mp3s?
>>TCPA can be used for a lot of good things, most of which
>>have sod all to do with DRM, and you as a Linux user
>>would do well to adopt it for those reasons when the
>>technology becomes widely available (storing
>>cryptographic keys in the hardware instead of in files on
>>your HD, etc.).
Which is eactly the arguments used by Linus himself in favor of adding these technologies to Linux. That said I don't like the idea of apps being able to run on my system without my giving the say so. And a surprisingly large ammount of the population agrees, which is why they've had so many people getting so upsset when random spyware app X installs itself without intervention. The loss of control of their machine infuriates them!
>>Back on topic, I think this patching worm is a neat idea,
>>but it's likely to cause more problems than it's worth.
Which is amazingly the point I'd been trying to make. Only I gave some examples.
--iWindoze
Member since:2005-08-10
Member since:
2005-07-06
Principal Skinner: Milhouse? Do you like the beach?
Milhouse: Who doesn't?
Principal Skinner: Good. I want you to pick up all this medical waste that's washed up on the shore, here.
Milhouse: Ow! I pricked myself.
Principal Skinner: Well, just keep working. You'll prick yourself with the antidote sooner or later.
Member since:
---
Member since:---
Despite the potential downsides, I say go for it!
OK, what are the upsides that are worth the downsides?
Keep in mind that you have to put serious effort into convincing me (and others) who have already gone over this idea many times in the past and have come up with the conclusion each time that it's a really really bad idea.
I'm not against being convinced, though at this time I'd have to consider anyone who released a patching worm in to the wild a "bad guy" just as bad as the creators and distributors of intentionally distructive viruses.
Member since:
2005-07-06
That's what Windows Update is for. If they want to force a patch, then they should push it through Windows Update without the option to refuse the patch. There are numerous reasons for not doing this of course, most of them mutual to the idea of a "patch worm", but if they are going to do it at all, it should be through the front door and not the back.
Member since:---
Member since:2005-07-06
Member since:
2005-07-08
Member since:---
Member since:
2005-07-06
Member since:
2005-07-06
what I cannot understand is this....
why do journalists come up with stupid ideas like this and expect everyone to say "yes please!"
do they think all Windows users are that stupid they do not know the importance of updating their own machines ?
do they not trust the Windows users to try at least to keep their own PCs secure ?
do they think all Windows users are so dumb that they have to have everything done for them automatically ?
Personally, I do not use Windows, but if I did, I would have felt insulted by the retard who thought of this.
Member since:---
Member since:
2005-06-29
Member since:
---
Member since:
2005-08-17
Updates are always a difficult process, sometimes they break things. eg.XP service pack 2
But at least when you do apply them you know that you applied them and can take steps to figure out how to fix the newly created problem.
If patches are applied without your knowledge then you have no starting point with which to fix things.
Very Bad Idea.
Member since:
2005-06-29
I just spent a whole evening with a Powerbook, and then checked OSNews and there it was. People argue with foam at the mouth about whether or not MICROSOFT SHOULD RELEASE ITS PATCHING WORM! And another article is about "New variants of worms" that hit Windows systems. Wake up people! That's gross! That's ridiculous! Are you taking worms for granted or what? They should never ever happen in the first place!
Member since:
---
Member since:
---
Member since:
---
