Microsoft boffins are researching the possible benefits of distributing software patches or other content using the same techniques as computer worms. The mechanism, part of a fundamental research project rather than product development work, aims to reduce the load on servers handling content distribution functions including …
Spreading the load, sounds like a good use of torrents!
"Other security experts, including Paul Ducklin of Sophos (here) and Vesselin Bontchev of rival anti-virus firm Frisk (here), have waded in with responses pointing out that friendly worms create more problems than they solve."
Well, they would certainly create a problem for anti-virus firms...... so we can understand their response.
Are there any lawyers at Microsoft?
An odd question, perhaps, but delivering updates without end-user consent would constitute a criminal act here in the UK. (Now *that* would be interesting test of the US/UK extradition treaty.)
If it were sufficiently widespread (and I'm guessing there might be quite a few Windows boxes in the UK) it might even qualify as a terrorist act. Go Bill, Go!!
shouldn't that be
'bounce people who have *up*graded to XP back on to Vista'
Already been thought of once.....
Already been thought of years ago, and If I remember correctly, it was a few security firms (experts?) that thought it up........
If reducing the load on the servers is the only objective, bittorrent would do the job.
"self-replicating code" indeed!
Of course Microsofts "not invented here" syndrome means they'd have to re-invent it and brand it as a creative innovation.
Oh for goodness sake
A few people at MS research have a purely theoretical paper being released at a research conference and suddenly it's the end of the world!
On the other hand...
A peer to peer type solution which uses costing to establish which other devises are local would be pretty good for distributing patches. A worm type thing is damn silly, but a p2p type client to maximise bandwidth would be cool...
Why not use Bit Torrent?
No need for Microsoft pure worms, use the delivery system that millions are using to distribute software and other bits successfully for many years -- Bit Torrent. A highly efficient way to distribute patches, updates and new products and it costs very little, next to nothing, to set up a torrent and let it rip. Granted, the Hivemaster Ballmer!!!! can! not! control! it! but! the! Monkey! can! still! dance!!!!! But! will! Comcast! throttle! the! Monkey!!!!! and! his! Worms!!!!????errrrr!!! Torrents??!!!
in the special case of Windows however
the Viruses travel better than any patch
And if we take a walk around the corner to the Live OneCare team...
Seriously. Did they not think about this? Worms, trojans, malware in general is adapted so often that anti-bad-stuff apps have been forced to start looking for certain behavioural patterns in files and processes. Surely if MS decides to start using worm techniques to distribute patches, security software (such as OneCare) are going to spot it, class it as a worm and delete it. End result? Unpatched, unsecure machines that cannot alleviate their own situation because their machines have software installed to make their machines - well - more safe and secure.
Still, on the plus side, I'm glad to see Paris Hilton got that job in the MS Research Labs.
Yes, the idea is old, quite old. Does it mean that its a bad idea? No. The basic concept is to use a peer-to-peer model instead of a client-server model. We use plenty of peer-to-peer technology today. The main reason that update worms work poorly is because they have been designed with the model of an attacker, instead of the model of being a requested guest. Switch the model, solve the problem.
towards skynet methinks...
Distribute patches with BitTorrent.
Though MS would probably write their own BitTorrent that used much more resources and takes 8 years before anything resembling a stable version is released.
ohmygodohmygodohmygod etc. A worm created by Microsoft? And then they'll have to create a second one to chase down the first screwup and then a third and....
Should take the bad guys about 30 seconds to figure out how to attach their nasty little wagons to this thing.
God save the internet.
Danger is that the boffins will think they've cracked it and actually try it for real. God help us all if biologists working on real viruses ever try to create a 'good virus' to cure the cold, for example. Hmm, maybe there's a movie in that idea.
Anyway if you want to reduce the load on servers on distribution day you can always use P2P technology (assuming it isn't illegal).
Maybe finally patch Windows properly so there'll no more worms. Then of course patches will become less frequent also. Thus reducing load on servers.
Loads of BS, as usual with friendly company from Redmont.
Should we tell them ?
There is technology already available, and if you believe certain lobby groups, extremely wide spread too. It is called Bit Torrent and is intended to reduce the server load when distributing updates.
They call them torrents, torrents, faster than lightening...
Ever thought of taking the easy route and using a torrent engine to distribute patches? Azureus copes rather well this way and would achieve the desired effect of reducing server load.
Why explore some fancy-dan new way of doing something that has an established method?
What a breakthrough! - Why risk a 3rd party virus when you can cut out the middleman & infect your machine with Microsoft's own certified malware...
Only one thing to say
Friendly Worms? It'll make it even harder to tell the difference... and some hacker will adjust the worm as it propagates... Too obvious... Unless of course, there's some conspiracy here! Hmm, MS have just released their own antivirus products... ;)
Before I gave up on Windows in pure disgust I had gotten tired of my os constantly badgering me to install critical "non security" updates to make my computer do things I didn't want it to do. Media Player 11 for example.
This would be perfect for them, more control over your machine by Redmond and no more end users refusing to "take what is good for them". If they want to pick what I run, they can buy me the computer too.
Its news like this that makes me so happy I don't use Microsoft anymore.
Spreading the load indeed
If by "load" you mean what you might find in the toilet.
Might I point you to Resident Evil, I Am Legend, and... something else I can only vaguely remember.
Sarcasm? Never heard of it.
I remember that
When those two hackers war it out did one guy not try and push out a virus fix??
Did they not promise him jail if he did.. Go on M$ cant wait to see this...
Good to know, that they can skip the research since everybody already know the answer!
Caveman Argh to caveman Bugga:
"Why are they bothering with research on those pointy sticks to throw at animals. There is technology already available. It is called Big Rock".
Caveman Bugga in response:
"Yes. And pointy things are too dangerous anyway, what with bushes and animals using them against us all the time. Just yesterday I hurt my foot on a thorn".
"I have started using Cleansweep (TM) technology to sweep around my cave to prevent that very problem, but those bushes keep comming up with new ways to spred their thorny branches. Just yesterday I had to burn everything in my cave to get rid of a bush that had crept in through a crack in the back wall".
"Yes. Pointy things can only lead to problems."
Dejavu 1984 ....
This is a very old idea. IFIP/SEC84 was held in Toronto and a young Fred Cohen presented. Unfortunately his presentation was late and didn't make it into the official proceedings. To summarize, it was about computer viruses and part of the presenation talked about good applications of this technology.
There were one or two limited viruses prior to this, but it was about 86 that things got going.
Many of the folks in that presentation room were skeptical. Some about viruses at all. Others about the 'good applications' part. The first group were proved wrong. The second have been repeatedly proved right. Unless this paper at least trys to address all of those issues ... well why bother?
Experts wading in with responses?
It's great that there are two links on the problems of "good" viruses - but I wouldn't call them responses. The article from Sophos is from 2005, and Bontchev's "response" anticipates Microsoft's research by a mere 14 years (published in 1994).
@ Already been thought of once.....
You are close, it is was actually the friend of RTM, who came up with the idea after RTM sent out the first worm.
'Pac-Man' style was how he envisaged it, but it was discarded instead for sending an email from foo@bar.DARPA, which is a better move really.
It is an obvious solution, and it is an obviously bad one, but you see most security are hackers, so they like the idea, but most of the time it is discarded.
As people work on the worm's code, they have to envision it working so it becomes tempting to use that knowledge to fix it, but it is too selfish a compulsion and fraught with further complications, so standard practice is to dismiss this Pac-Man idea.
Though the idea could be modified into an auto update procedure with scanning and fixing, but it should not go out without prior consent.
.. occasionally the wind blows from the sea and brings with it familliar scents and lost memories...
Tried and sort of done (http://www.viruslist.com/en/news?id=66041), I guess, but worse than unoriginal thinking doesnt this poison the anomaly based security model? Suddenly the badguys and goodguys all look the same... well the badguys and Microsoft so, kind of, the badguys and the not quite so bad guys..
The bad guys and some other guys who occasionally display a disappointing disregard for the welfare of others. There. "It will be harder to tell them apart" is the point I am getting at.
Why can't you just install a windows patch server locally, which manages all the crappy patches and what-not, then set all your computers to access that (or search for it, failing that, use MSes servers)? Make it open source so companies don't need yet another expense to make things run sensibly. All the server needs to know is what the client has and what the client can use, then IT can send a command to the server and say "allow X-Z computers to install 1, 3, 5, 7" etc.
Not only does this stop Automatic Updates punishing MSes servers, but it also stops the same thing happening to your business's connection. At the cost of one 5 year old computer with a bit of extra RAM installed.
Or did I get the right end of the wrong stick?
P2P and "worms" are all a bit "let's do something new for the sake of our inflated salaries". Common sense > Fluff
This won't reduce network load, it'll increase it
If systems end up sending around 'patch' files, to each other, just in case your macchine might have a vulnerability, you'll just end up with vastly more network noise, being flung around, not less. The only reduction on load, would be on the central servers. This is a dreadful stone age solution to an iron age problem. It was a silly idea, back when the Cheesworm authors thought it up, and it remains a silly idea, now.
It is unsurprising that Microsoft's overpaid P&RD department are as blinkered, as to think it's something new, or worthy of attention, however. One wonders how much MSFT shareholder wealth, these people have squandered, over the years, trying to design their own-brand perpetual motion machine, rather than finding out why it won't work before trying?
A more sensible option would be to move away from a 'patch' system towards a delta file approach, whereby only those portions of the code that needs to be replaced is sent. Not only does this reduce network traffic, and produce quicker patching; it can often lead to less rebooting, since the entire kernel is not patched, and the affected code can be unloaded, from memory, and reloaded if necessary.
They already sell a product for that. Doesn't help with residential users with
a) only one computer
b) no technical knowledge to set up such a thing if they do have more than one.
first internet worm
An interesting story this old chestnut... But here's the kicker, the damage wasn't caused by the worm itself, the damage was caused when some bright spark, at NASA i believe, decided the best way to deal with it was to write a similar worm that wiped out the old worms existence. The only trouble was the original worm was smart enough to check if it was already running on the target machine before it executed, the counter worm wasn't that smart, funny, the original was written by a 15yr old new zealander if the folk lore is accurate.
The counter worm caused the annihilation of machines on a world wide scale.
*sigh* anyone else see that this could be a problem, maybe not exactly the same issue, but something similar could easily happen.
F**k off Microsoft! Just f**k right off! Tools!
Labour will love it
It sounds like an IT solution that is inefficient, messy, costly in the long run...
Labour will love this. They will be all for it.
May I say...
If they wanted to reduce the load on servers, wouldn't it be easier to just make the patches openly available? You know, download once, install many instead of download for my laptop, download for wife's laptop, download for home office desktop, and download one more for the kids "homework" computer. Yes, I know it would mean they wouldn't be able to control patch distribution via the genuine sewer authentication but it would reduce the load on both ends for much more important data, like Paris porn, games and warez.
bit torrent? they can f-off with that one.
and what if you have a cap on your usage?
1GB transfered, now call me cheap, but I don't want to pay for updates to be distributed from my workstation.
for example, I just put a fresh copy of xp on a box at home, and had to down load a couple of hundred MB of updates...
if I had a 1GB cap I've already used well over a tenth of my monthly capped usage in a few hours just making my system secure (I can't believe I just said that... anyway on with the point)...
I don't want to waste more of my traffic allowance helping others update their systems.
that's why there is a windows update server, so people can download from it, not me.
on the business front,
if I want my windows updates to be mandatory I can set up my own WSUS machine, and force patches that I've tested to be installed at any given time on any given day... even force reboots afterwards if I want to.
this idea is bull crap,
it's useless for business, for the reasons outlined above, and it's unfair on the home user who have already paid for the crappy software once, without then further paying to help the world richest get richer by allowing them to leech the services that they are paying for.
besides which my connection speed is shit enough without distributing windows patches through it as well.
not that I'm completly against torrents...
a torrent of something like Linux is fair enough, you're getting something for free and contributing something back whilst others get bits from you over your connection. -but that's the kind of ideology you sign up for when you start to torrent stuff, not when you buy a product off the shelf.
Let MS do it
Please, please, *please* let them go ahead with this... getting all hosts in microsoft.* put on every single block list out there would be worth the temporary peak in network load.
- Apple's spamtastic iBeacon retail alerts launch with Frisco FAIL
- Submerged Navy submarine successfully launches drone from missile tubes
- Pix Astroboffins spot HOT, YOUNG GIANT where she doesn't belong
- Cache in the Attic El Reg's contraptions confessional no.2: Tablet PC, CRT screen and more
- Developer unleashes bowel-shaking KILLER APP for Google Glass