This morning, while driving to work, I was thinking of how bluetooth virii spread … basically … how does any computer virus/worm spread … while at it … how do germs and the flu virus spread in humans?
Isn’t it all some basic form of p2p? One infected person/system/phone passes it on to few others, they pass it on to others and so on…
Why not spread the anti-virus software/quarantine/innoculation through the same mechanisms as the virii?
At some level, this would be almost like a common virus, but with a “safe/clean/useful” payload instead of something that causes hard drive crashes, etc.
Also, this can be controlled easily … where the “anti-virus payload” is recognized by whatever Anti-Virus software is installed and used as an update/patch.
11 Jan 2006 at 3:04 pm
I personally think that its a ‘bad’ idea. Do you really want to have random people writing code that is supposed to ‘fix’ your computer and have it installed on your computer without your permission? I certainly don’t.
The main issue with this is that we don’t know if the fix will work as its supposed to given your unique configuration. One of the first things I learnt when working with live production systems is that patching a server without testing it on a non critical system is a seriously bad idea. You never know what conflicts it might cause. If you remember a while ago windows had a semi serious vurnability and MS had released a patch for it, unfortunately that patch opened up a even more serious problem and brought down a couple of servers. Even the Sony fix for removing a piece of ‘spyware’ opened up a bigger security hole.
Best of all this doesn’t take into account bugs in the so called fix. One of the viruses a while ago had a fix for Nimda or Code Red (Can’t remember, too lazy to google it) but the code was buggy so it ended up that the so called fix was causing more systems to crash than the actual virus.
Plus take into account the wasted bandwidth due to these patches/fixes floating around. So thanks but no thanks, I will stick with manual patching for now…
Hmm.. This is a good idea for an article, want to collaborate on a article with you writing for the idea and me against it?
– Suramya
12 Jan 2006 at 1:04 am
Again, there more ways to look at it …
1) I don’t intend the anti-virus/patches to come in from random people. I meant to use p2p as a means to delivering the patch from the correct/trusted group of hosts (where the patch CRC/etc has been verified and some kind of PGP key associated with a “McAfee” or “Symantec” created patch is used for verification.
2) Again … the fact that the mentioned MS fix didn’t work will have nothing to do with the delivery mechanism. If your computer first verifies the file/version of the patch it is downloading, then it is similar to you the way everyone currently “auto-updates” their Anti-Virus Definition files. Whats to stop the latest McAfee Anti-Virus database update from crashing my system? This level of intelligence/security is already built into the host program installed in your computer (in this case, the McAfee AV executable) … it accesses the McAfee server and downloads the correct patch. I’m expecting to expand this logic.
3) Wasted Bandwidth is still a non-issue … people will not be downloading the same patch everyday. Once downloaded, thats it … this is where it is different from a regular “internet worm” where it is not infinitely replicating itself … rather the host machines and the client machines are pre-designed to control spread and prevent infinite worm-ing.
4) Sure. Once we are back to being roommates, say?!
heh.
18 Jan 2006 at 11:42 am
2. You didn’t get my point. My point was that sometimes applying a patch for a problem causes worse problems than the actual issue for which the patch is being installed. And determining wether a patch should be installed or not should be left upto the SysAdmin instead of a worm that someone else wrote.
I don’t want some 3rd party installing patches/software on my system over which I have no control.
Bruce Schneier also did a writeup on this: http://www.schneier.com/blog/archives/2005/12/benevolent_worm.html
Thanks,
Suramya