| |||||||||||||
Whitehat botnets (ha ha only serious)Whitehat botnets (ha ha only serious)Posted Feb 15, 2009 10:06 UTC (Sun) by JesseW (guest, #41816)Parent article: Forcing updates
I strongly suspect the only way anyone is ever going to resolve the zombie problem is by releasing botnets/worms themselves. (By "zombie problem" I mean the problem of non-technical users having their networked computers taken over and used without their knowledge or consent.)
Such "whitehat botnets" would simply harden/patch the systems they infected, devote a small portion of their host's resources to spreading the infection, and otherwise leave the user alone. The bots could even be programmed to attempt to avoid infecting computers that appeared to be already secured. Yes, this would be illegal, a blatant violation of the user's ownership of their machines, and a vigilante action, but, realistically, I don't see any other solution.
No, I'm not doing this, or volunteering to do it, or even suggesting someone else should do it. I'm just speculating publicly.
(Log in to post comments)
Whitehat botnets (ha ha only serious) Posted Feb 15, 2009 10:36 UTC (Sun) by dlang (✭ supporter ✭, #313) [Link]
one problem with this approach can be seen by looking at the example of spam blacklists.
they start off with the best of intentions of only blocking the bad guys, but over time every one of them has started blocking more, and taken a more and more draconian definition of what they would block, until they become more of a liability than an advantage.
luckily anto-spam blacklists are opt-in (for the recievers) and so can mostly be worked around as they go bad.
I would expect the same type of pattern to show up with the 'whitehat botnets', they start off 'just' installing security updates, then move to installing newer versions (it's too hard to backport the security fixes, so move them to a version that has them), then more updates (hey, after all, just about any bug can be a security issue), then to removing software (after all, isn't it insane to allow someone to run telnet or ftp?), etc. each step of the way would cause more grief (starting with interrupted programs as they are restarted and going from there)
I don't believe that such an approach would be a 'whitehat' botnet. dark grey at best
"darkgray hat" is a better term, I agree. Posted Feb 15, 2009 20:12 UTC (Sun) by JesseW (guest, #41816) [Link]
The points you bring up, about the expansion of what the self-appointed "fixers-of-the-net" would rationalize themselves into doing, seem quite plausible, and certainly represent a downside to darkgray hat botnets. I'm still partially convinced that they would still represent a net advantage (no pun intended) to everyone **not** infected with them -- since even if they made the infected machines unusable by their owners, as long as they made the machines unusable by other botnets it would benefit the rest of the 'net by a decrease in spam, DDOS abilities, distributed password-cracking speed, etc. And I still don't see any other feasible way to prevent computers owned by non-technical users from being used for these sorts of purposes.
Whitehat botnets (ha ha only serious) Posted Feb 15, 2009 17:49 UTC (Sun) by mmarsh (subscriber, #17029) [Link]
The problem with "whitehat" botnets is that you have all of the problems of vendor-pushed automatic updates plus a lack of quality assurance. An ostensibly protective worm has no idea what's running on a system, what's essential, and how much of a calculated risk went into the configuration. A patch could well break essential functionality, and clearly such a worm wouldn't be released by the distros themselves (who could potentially mitigate possible breakage, but see the bug reports for well-supported distros), for legal and practical purposes. Besides, distros have an easier avenue for distributing updates, by the suggested forced-update mechanism.
Whitehat botnets (ha ha only serious) Posted Feb 15, 2009 20:17 UTC (Sun) by JesseW (guest, #41816) [Link]
Certainly such involuntary patching would be more likely to lead to breakage than QAed, thoughtfully applied patches -- but the sort of non-technical users whose computers currently get drafted into botnets don't voluntarily accept *any* patches. And a *nix-only solution wouldn't help until/unless World Domination happens -- for now, we need something that can force patches on Windows users. And I don't see any other alternative than a botnet/worm.
Whitehat botnets (ha ha only serious) Posted Feb 16, 2009 20:51 UTC (Mon) by BackSeat (subscriber, #1886) [Link] for now, we need something that can force patches on Windows usersOpen Source is about freedom. Forcing updates to a subset of users, even those that use closed source software, is about as far from freedom as it's possible to get.
Whitehat botnets (ha ha only serious) Posted Feb 16, 2009 21:22 UTC (Mon) by JesseW (guest, #41816) [Link]
Certainly, but keeping criminals and terrorists from taking over computers for their own nefarious ends is not about Open Source (although it may, or may not, involve the use of FOSS). So, the distance between freedom and forcing patches on Windows users isn't relevant.
In any case, after further thought, I've partially changed my mind. While I still think criminal botnets would be less successful if the "good guys" were willing to act without the permission of non-technical lusers, I think there is a better way.
That better way is two fold: first, massive marketing campaigns to convince non-technical users that they should pay someone (probably antivirus vendors, they're already best placed to do this) to "take care of their computers", for a small monthly fee. Second, an optional add-on to this service, whereby subscribers could permit their unused computer power to be rented, thereby covering their monthly fee, and maybe making them a little money. Also, enlisting ISPs to pro-actively test (i.e. try to break into) their customers computers and cut off those who have vulnerable computers. This would work better than the vigilante solution, because these folks would have a positive economic incentive to keep their customers computers under their control, rather than letting them be used by criminals. Your thoughts?
Whitehat botnets (ha ha only serious) Posted Feb 16, 2009 23:50 UTC (Mon) by mmarsh (subscriber, #17029) [Link]
I think home-user-level security "maintenance" contracts are a good idea, and some ISPs provide something along these lines (I think -- I wasn't much interested in Verizon's security plan, since it's for Windows). Most people don't maintain their own cars; some do, but they're more technically knowledgeable. People also install alarm systems in their houses. I think there's definitely a way to market this to the general public. The only real hitch is how the liability is handled if a compromise does occur.
Whitehat botnets (ha ha only serious) Posted Feb 20, 2009 5:31 UTC (Fri) by Drone (guest, #56757) [Link]
> Your thoughts?
When you're driving a car you're agree to obey some rules targeted to overall safety. And you must learn these rules, etc. Only then you're allowed to travel by car. And you will be held liable if you kill or harm someone due to your bad driving. Same should be with computers: before connecting to public network certain customer, ISPs have to ensure that this user really haves certain level of knowledge of rules similar to car driving rules. So, they have to avoid viruses and held liable if infected and inflicted damage to others.
However, there is no service-mans sneaking into my garage to fix my car. Even if it needs fixing in their opinition, it is up to me to go to service. Furthermore, such service-man will be shoot on sight by me for breaking into my private property, if anyone will risk to do so. I do not see why this should not apply to silent attempts to break-in into my computer. Even if this was intended to fix it. My PC is my private property. You are not allowed to enter without my permission.
|
|||||||||||||