From the SMH:
Microsoft wants to worm its way into your PC
Microsoft is taking a leaf out of the virus writers' handbook, hoping to use friendly "worms" to distribute software patches surreptitiously.
Like the malicious worms that spread from computer to computer by self-replicating and automatically seeking out new computers to infect, the friendly worms will be used to distribute updates to users without forcing them to download anything from a central server.
The research is being spearheaded by a team from Microsoft Research in Britain, and opens up the possibility of worm races between virus writers and the software companies to see who can reach vulnerable machines faster.
Unlike malicious worms seek to exploit vulnerabilities in operating systems, the friendly worms would seek to patch those vulnerabilities before the computer is attacked.
Milan Vojnovic, who is part of the research team, told New Scientist his friendly worms would be more efficient than malicious worms because they were smarter at seeking out vulnerable, unpatched machines. They could then "infect" a network of computers using the smallest number of probes.
Vojnovic said his worms were capable of learning from past experience.
The worm starts by randomly probing for an uninfected host and then targets other computers on the same network. If it fails to find a cluster of uninfected hosts it changes its strategy in order to maximise the number of computers it can patch.
"After it fails to reach new uninfected hosts a fixed number of times in a row, say 10, it moves on to find new groups using random sampling," Vojnovic told New Scientist.
The Microsoft research will be presented at the 27th Conference on Computer Communications in the United States in April.
According to a recently released Sophos Security Threat Report, the "Storm" worm was 2007's most disruptive computer threat, with about 50,000 variants seen over the course of the year.
The worm spread via links inside spam emails disguised as news alerts, electronic greeting cards and videos.
i agree, not a very bright method for doing windows updates... not to mention how much will our internet connections and networks will be slowed down with all these worms bouncing around they place looking for unpatched computers.If any of these friendly worm updates where intercepted, quickly checked to see what whole they where patching up, and then a worm could be written to race out, and either attack through that whole, or worse stop the friendly worm from patching the whole.Microsoft don't need to work on their updating side of things it seems.they need to spend more time thoroughly testing there operating systems before they prematurely release them.Vista for example, inst a full attempt at an operating system. it's half of what Windows 7 is going to be, but they ran out of time, called the software they had finished so far 'Vista' and sold it to make up some profits while finishing Windows 7 off.....Well thats my view of the situation.worm updates seem like a baaaaad idea!:P
ReplyDelete* People have suggested this before.* A "friendly worm" could be engineered to be kind to networks. As an administrator of a network with many PCs sharing slow links (where there will never be DSL, though we're seeing a big improvement and cost reduction using NextG), I'm conscious of the network load of concurrent downloads of fixpacks and patches. Some people think torrents are a good way to distribute software, and this could be an improvement on torrents as it would favour local, faster connections.* Previous suggestions have been from 3rd parties who would take advantage of vulnerabilities to install patches via worms. I expect Microsoft's intent would be for machines that are configured to allow automatic updates to also allow receival of patches from peers, and would involve a signing mechanism to ensure it's only getting the right stuff. In that case, it's more like a cross between existing automatic updates and torrents, with a little probing to identify nearby machines that are eligible. It would be configurable, manageable, and able to be turned off. Corporate customers will make sure of that.* Intercepting a friendly worm would be no more useful for evildoers than downloading an update and seeing what it patches. This happens already.* Much of what was "left out" of Vista has been left out of every release of Windows in the past 12 years or so. It's not about testing, it's about vision, an approach to implementation, and a set of priorities and values. My only gripe about MS testing lately is they assume everyone uses brand new computers and lives in a major American city, where e.g. affordable Internet and WAN links are available at speeds we see only on LANs. The developers have good machines and facilities to make them productive, but they have no idea how many people have so much less.Thinking about it, this proposal is an improvement in that area - it's made for reducing the load on shared connections.
ReplyDeleteOhhhhh! I am so happy I bought a MAC!!!
ReplyDeleteAnd I love Linux!
ReplyDelete