Re: A question for the list...

From: Ed Shirey (eshireyat_private)
Date: Sat May 17 2003 - 16:30:22 PDT

Next message: Dan Perez: "RE: A question for the list..."

Previous message: John McCracken: "RE: A question for the list..."
In reply to: Dan Hanson: "A question for the list..."
Next in thread: Dan Perez: "RE: A question for the list..."
Reply: Dan Perez: "RE: A question for the list..."
Reply: Ray Stirbei: "Re: A question for the list..."
Reply: Kevin Reardon: "Re: A question for the list..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dan Hanson wrote:

>As part of incident handling and response, most of us have had to respond
>to virus infections that have affected networks and hosts. Reports are
>circulating that members of the IRC operator community have distributed
>code through the update mechanism of the Fizzer virus. The code reportedly
>attempts to remove the virus from the host. The latest information seems
>to indicate that the "update" code was removed until further testing can
>be done and more discussion regarding the legalities of this are had.
>
I think that this approach to dealing with worms is an inevitable 
evolution of the network
"organism".  It obviously carries many risks, but it can also 
potentially provide tremendous
benefit to the health of the overall system.

It's certainly not always the case, but often an infected system has 
readily exploitable
holes that an active "vaccine" could utilize to remove the malware.  
This approach has
a host of ethical and technical issues, but assuming an altruistic and 
benevolent (and
technically competent) source, this vaccine has a net benefit (sorry 
about all the puns).

I suggest that many of the issues are similar to those associated with 
"Good Samaritans".
Our overly litigous society has many would-be samaritans afraid to offer 
a helping hand
because of concern for liability.  Is this right? This isn't a 
rhetorical question -- there are
certainly examples of well meaning, but inept assistance causing more 
harm than good. 

However, as more and more malware "organisms" begin to inhabit our 
network like
virtual E. Coli. in the Internet gut,  active measures may be required, 
if for no other
reason than to protect bandwidth.  Perhaps DSL providers should consider 
making
permission to release active countermeasures part of the terms of use. 

This is going to be a fun thread...

Ed

----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------

Next message: Dan Perez: "RE: A question for the list..."
Previous message: John McCracken: "RE: A question for the list..."
In reply to: Dan Hanson: "A question for the list..."
Next in thread: Dan Perez: "RE: A question for the list..."
Reply: Dan Perez: "RE: A question for the list..."
Reply: Ray Stirbei: "Re: A question for the list..."
Reply: Kevin Reardon: "Re: A question for the list..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat May 17 2003 - 16:51:13 PDT