RE: Benevolent Worms

Bruce Schneier wrote about Benevolent Worms. While I mostly agree that Benevolent Worms are not necessarely a good idea. I don't think they are as bad as Bruce says. The main problem of benovelent worms in Bruce opinion is that they act without the user knowledge and consent. While this may be true, this is just a design issue. Upon arriving on a computer, the worm can always ask permission to the use to install itself and activate. It's true that the initial "infection" is without consent, but it is mostly like Automated Update were an update is automatically downloaded and the software ask for the user consent to install and activate it. Computer viruses and worms spread a bit like their biological counterpart (the mecanism is different, but the spreading model is close enough). So I beleive it's fair enough to create counter measure mechanism that mimics more or less the biological system. With that idea in mind, benevolent worms are not necessarly a bad thing. It would make sense that when a threat is detected a system create defenses and spread them accross it's system. We can see a computer network as a system and the computers within it as it's cells. A benevolent worm could easily do that. When new cells are added to the system, the benevolent worm would migrate to them to make sure they have the proper self-defense machanism. Now, for the benevolent worm to be of no danger, it should stay within well defined boundaries. It should never "infect" another network without that network consent. It should also be easily removable or upgradable. The problem right now, is that the actual benefit that a benevolent worm can provide (automated threat defense) is not much better that managed automatic update. And it comes with it's load of potential problems : bugs, uncontrolled spreading, vulnerabilities within the worm, etc. The fact that we need to limit the potential spreading of the worm to external network makes it less effective. For true effectiveness, the worm should be allowed to spread across networks and to patch system (at least temporarely) without the user consent. Then how would a system react to an infection of a "good" agent? How can a system can make sure that the payload of a worm is for it's own benefit? It simply can't. Benevolent worm sounds good... They also sound bad! I believe researcher should continue to invistigate the implication of this idea. Maybe, sometime in the future, we will find out that they are the only mechanism to defend a complex network against threat. Then maybe not...

No comments:

AdSense Links