When malicious virus writers unleashed the MyDoom virus in late January, they attached a dangerous backdoor on infected PCs that left certain TCP ports open for future attacks.
The result? A string of mutants attacking millions of PCs worldwide, snarling network traffic and driving network administrators and end-users to new levels of frustration — not to mention administration costs through the roof.
Ever since the Blaster attacks of last summer, every day brings a virus alert to inboxes. One variant after another,
each with an ingenious new trick, each demanding attention from undermanned
IT departments. It looks like virus writers are fighting with guns and
admins are defending with plastic knives.
So let’s drum up an old-but-new-again debate about the creation of
self-spreading patches for all major virus attacks. Yes, the
creation of good/friendly worms comes with legal and privacy implications. But the industry needs to look at creative new approaches to the problem.
Owning a computer or operating a network comes with certain
responsibilities. When a tardy home user neglects to apply a patch that has
been available for months, as was the case with the Blaster virus, perhaps that user needs to give up his right to privacy by allowing automatic patches to make sure the machine doesn’t turn on other machines. That’s my two cents.
When a system administrator views network patching as a chore instead of a responsibility, he (and his network) becomes an attack vector and a threat
to an entire industry.
Opponents of friendly worms (and there are many) argue that the
disruptive nature of software patches would be too much of a burden for
enterprises. A burden to whom? When I drive into New York City through the
Midtown tunnel and get pulled over so my car can be searched, isn’t that disruptive too?
Anti-virus experts say it’s not too much of technical challenge to
create a piece of code to go find malicious worms, delete them and patch the
vulnerability they exploited. Some folks adamantly refuse to have an
uninvited worm squirming through their networks. Understandable.
But think about it. If your network was secure in the first place, this should not be an issue.
The timing is ripe for an industry group, made up of anti-virus
experts, software vendors, CERT/CC, the Department of Homeland Security,
ISPs and privacy advocates, to start the discussion about the use of “friendly” worms — or better yet, “fixer” worms.
Such a group could be in charge of proposing new laws to allow for the
creation, testing and deployment of these so-called fixer worms.
This group would need to work out changes to ISP user agreements and get
clearance from consumers in order to enable automatic patches on their computers. Nothing major there. Software vendors could put certain clauses into licensing agreements to cover the enterprise end.
After all, every time a system administrator has to make the rounds
to rid a desktop of an offending virus, the extra work saps productivity and pours precious IT dollars down the drain.
The industry has an opportunity to fight fire with fire, or at least be bold and imaginative in countering the problem.
It’s time for the industry to break out discussions about breaking out a friendly, fixer virus.
Ryan Naraine is a senior editor with internetnews.com