Whitehat botnets (ha ha only serious) [LWN.net]

Whitehat botnets (ha ha only serious)

Posted Feb 15, 2009 20:17 UTC (Sun) by JesseW (guest, #41816)
In reply to: Whitehat botnets (ha ha only serious) by mmarsh
Parent article: Forcing updates

Certainly such involuntary patching would be more likely to lead to breakage than QAed, thoughtfully applied patches -- but the sort of non-technical users whose computers currently get drafted into botnets don't voluntarily accept *any* patches. And a *nix-only solution wouldn't help until/unless World Domination happens -- for now, we need something that can force patches on Windows users. And I don't see any other alternative than a botnet/worm.

(Log in to post comments)

Whitehat botnets (ha ha only serious)

Posted Feb 16, 2009 21:22 UTC (Mon) by JesseW (guest, #41816) [Link]

Certainly, but keeping criminals and terrorists from taking over computers for their own nefarious ends is not about Open Source (although it may, or may not, involve the use of FOSS). So, the distance between freedom and forcing patches on Windows users isn't relevant.

In any case, after further thought, I've partially changed my mind. While I still think criminal botnets would be less successful if the "good guys" were willing to act without the permission of non-technical lusers, I think there is a better way.

That better way is two fold: first, massive marketing campaigns to convince non-technical users that they should pay someone (probably antivirus vendors, they're already best placed to do this) to "take care of their computers", for a small monthly fee. Second, an optional add-on to this service, whereby subscribers could permit their unused computer power to be rented, thereby covering their monthly fee, and maybe making them a little money. Also, enlisting ISPs to pro-actively test (i.e. try to break into) their customers computers and cut off those who have vulnerable computers. This would work better than the vigilante solution, because these folks would have a positive economic incentive to keep their customers computers under their control, rather than letting them be used by criminals. Your thoughts?

Whitehat botnets (ha ha only serious)

Posted Feb 16, 2009 23:50 UTC (Mon) by mmarsh (subscriber, #17029) [Link]

I think home-user-level security "maintenance" contracts are a good idea, and some ISPs provide something along these lines (I think -- I wasn't much interested in Verizon's security plan, since it's for Windows). Most people don't maintain their own cars; some do, but they're more technically knowledgeable. People also install alarm systems in their houses. I think there's definitely a way to market this to the general public. The only real hitch is how the liability is handled if a compromise does occur.

Whitehat botnets (ha ha only serious)

Posted Feb 20, 2009 5:31 UTC (Fri) by Drone (guest, #56757) [Link]

> Your thoughts?
When you're driving a car you're agree to obey some rules targeted to overall safety. And you must learn these rules, etc. Only then you're allowed to travel by car. And you will be held liable if you kill or harm someone due to your bad driving. Same should be with computers: before connecting to public network certain customer, ISPs have to ensure that this user really haves certain level of knowledge of rules similar to car driving rules. So, they have to avoid viruses and held liable if infected and inflicted damage to others.

However, there is no service-mans sneaking into my garage to fix my car. Even if it needs fixing in their opinition, it is up to me to go to service. Furthermore, such service-man will be shoot on sight by me for breaking into my private property, if anyone will risk to do so. I do not see why this should not apply to silent attempts to break-in into my computer. Even if this was intended to fix it. My PC is my private property. You are not allowed to enter without my permission.