LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Whitehat botnets (ha ha only serious)

Whitehat botnets (ha ha only serious)

Posted Feb 15, 2009 10:36 UTC (Sun) by dlang (✭ supporter ✭, #313)
In reply to: Whitehat botnets (ha ha only serious) by JesseW
Parent article: Forcing updates

one problem with this approach can be seen by looking at the example of spam blacklists.

they start off with the best of intentions of only blocking the bad guys, but over time every one of them has started blocking more, and taken a more and more draconian definition of what they would block, until they become more of a liability than an advantage.

luckily anto-spam blacklists are opt-in (for the recievers) and so can mostly be worked around as they go bad.

I would expect the same type of pattern to show up with the 'whitehat botnets', they start off 'just' installing security updates, then move to installing newer versions (it's too hard to backport the security fixes, so move them to a version that has them), then more updates (hey, after all, just about any bug can be a security issue), then to removing software (after all, isn't it insane to allow someone to run telnet or ftp?), etc. each step of the way would cause more grief (starting with interrupted programs as they are restarted and going from there)

I don't believe that such an approach would be a 'whitehat' botnet. dark grey at best

(Log in to post comments)

"darkgray hat" is a better term, I agree.

Posted Feb 15, 2009 20:12 UTC (Sun) by JesseW (guest, #41816) [Link]

The points you bring up, about the expansion of what the self-appointed "fixers-of-the-net" would rationalize themselves into doing, seem quite plausible, and certainly represent a downside to darkgray hat botnets. I'm still partially convinced that they would still represent a net advantage (no pun intended) to everyone **not** infected with them -- since even if they made the infected machines unusable by their owners, as long as they made the machines unusable by other botnets it would benefit the rest of the 'net by a decrease in spam, DDOS abilities, distributed password-cracking speed, etc. And I still don't see any other feasible way to prevent computers owned by non-technical users from being used for these sorts of purposes.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds