February 20, 2008
The Worm Nachi inspired Microsoft by intruding into Windows systems, removing MSBlaster (aka Lovsan) and patching the security whole it used to gain access. This happened 2003 and now a researcher of the company published a document on how to deploy security updates by a good worm. They did research about better ways to find and attack … ah sorry … patch insecure computers. Microsoft claims that this would remove the need to provide central servers for security updates.
This is just a plain stupid idea! And I’m not alone â€“ read what Bruce Schneier thinks about that idea.
Here are my thoughts:
- Microsoft has a know history of releasing only security updates which work, and which introduce no additional functionality. So you don’t need to decide to update your systems, Microsoft takes care of it. Everything will work afterwards.
- For an Intrusion Detection System it is really easy to decide between good and bad worms, the good worms have the better algorithms for attacking … ah sorry again … fixing your systems.
- Firewalls have enough intelligent to realize the difference between the good worms probing and an malicious cacker.
- All of you systems can be rebooted at any given time without problem, nothing critical can happen.
- For removing the load on central servers we could not use something like Bittorrent, as it would be a documented protocol. It is better to use something which does not require an agent on the systems the user could configure.
- We only need to deploy updates for security vulnerabilities which give an attacker root access, which we need for patching the system.
As we’re all so fond of this idea Microsoft is telling us now that they don’t work on this idea. As we all know Microsoft does not lye, this must be true.