Quarantine has been helpful even in raging epidemics (e.g. the Black Death). However its effect has not always been helpful and it does not invalidate the fact that mass vaccinations are now well accepted at least in the US. Consider what kids get as routine, and you'll realize that we already immunize most of the population, pro-actively, to avoid mass disease. That was done because the diseases in question were common and dangerous. It is well documented that there are some harmed by these vaccinations, but their numbers are well below those of people harmed by the diseases before these programs began. As a society we are sometimes forced to consider using measures that are not strictly defensive. Concentrating as suggested here only on those systems managed by the well informed will not address the problem, and the prescription to communicate the problem strikes me as unlikely to work. I am perfectly mindful of the problems that have occurred because of new organisms introduced in environments where they have no history. The same goes with diseases; the pandemic among Amerinds when European diseases were introduced is a dramatic example. That is the reason for calling for some intelligent design and efforts to consider a coordinated response to these issues, rather than mass release. This is however outside the box of what has mostly been discussed. At times humankind has managed to nearly eliminate some diseases (remember Polio? Smallpox? You don't see them much anymore...). Not all the examples have been bad, and the technique can be used again. We need however to think along the lines of responses to infective agents, rather than responses to individuals who may release them, and think in terms of trying for herd immunity. Government involvement seems likely here in some form. Even in quarantine situations, this has generally been enforced by law, sometimes quite Draconian. I don't believe it is a good idea to privately release worms benign or otherwise. I do believe it could be essential to cooperate in the design of benign worms, and perhaps to cooperate in their release when there is a societal determination to release them. Yes, getting clean and reducing your own susceptibility to virii and worms is vital. If enough people can be contacted to clean up their systems, maybe the disease will die out by itself. But don't expect it to work all the time. Consider the threat of worms that may infect the Internet in 15 minutes. Consider too that the model that is generally discussed seems to be to find a hole, think of a patch, and try to spread the patch around. That model will not always work. Sometimes the hole will be used by an infector first. The way to AVOID such is to make systems stronger against infectious agents. Some of this could happen if design were forced to be better (don't buy or use insecure software...to the extent possible). Some might be done by suitable system enhancers which I would hope might be designed with community input. The way to TREAT such an infection once it becomes widespread may have to use some community decided-upon "antibiotic". (Please pardon my mixed metaphors...this is after all a mailing list posting, not an article.) The possibility of this type of treatment deserves to be considered also, preferably with fewer knee jerk responses. Glenn Everhart -----Original Message----- From: Jay D. Dyson [mailto:jdysonat_private] Sent: Friday, September 07, 2001 2:47 PM To: Vuln-Dev List Subject: RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.) ********************************************************************** This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you ********************************************************************** -----BEGIN PGP SIGNED MESSAGE----- On Fri, 7 Sep 2001, Everhart, Glenn (FUSA) wrote: > The legalities trail the technical realities here. > > Consider that if someone starts throwing punches at you, you are > generally allowed to throw punches back and are not required merely to > attempt to block the punches thrown. As one far wiser than I once stated, "You don't fight fire with fire. You fight fire with water." Thinking that counterattacks and "benign" net-wide worms are the solution in this case is a folly sired solely out of frustration. I should also note that when people begin accepting the notion of "benign" worms, it won't be long before someone will release a malevolent worm bearing a benign worm's signature. Mark my words on that. Then we'll be right back to Square One. > Probably the closest analogue in the non-cyber world is a disease. How > do we deal with an epidemic? At least some of the time, massive and > compulsory vaccination, and compulsory isolation of the infected, has > been done to contain such events. In looking over data from the Center for Disease Control, history does not support your claim. The first and best response to any epidemic has always been quarantine. Quarantines in the form of firewalling and IP filtering are far less problematic than releasing additional worms. As for the notion of vaccines, those already exist: they're called patches. (I won't go into the compulsory remark since that inevitably entails government intervention and regulation...an anathema to yours truly.) > A second analogue would be what happens when some new plant or animal > gets introduced where it has no natural enemies, and new predators must > be brought in as well to control it. You may wish to take a look at the ecological disasters that have occurred when humankind has attempted as much before endorsing such measures. Consider Australia and their import of the Cane Toad to control sugar cane pests. The toads ended up *not* eating the pests they were brought in to destroy and have instead proven to be an unparalleled biological hazard to the indigenous wildlife in the region. Even worse, the toads have no natural predators in Australia and have been breeding out of control since their introduction. > What is the best way to deal with such? A three-point approach solves the bulk of the problem: 1. CONCENTRATE on your systems: Admins should patch their own systems before worrying about anyone else's. Before tending to the mote in thy neighbor's eye, consider the beam in thine own. 2. COMMUNICATE the problem: When finding Code Red attacking your systems, notify the offending party (preferably through an automated means). Be courteous and helpful. All told, most folks really want to do the Right Thing(tm). 3. CONSOLIDATE your defenses: Update firewalls, filters and other perimeter defenses. Automate these procedures where possible. This has a way of yanking the fangs out of many an automated intrusion agent. Blah. Too many people talking and not enough people listening. - -Jay ( ( _______ )) )) .--"There's always time for a good cup of coffee"--. >====<--. C|~~|C|~~| (>------ Jay D. Dyson -- jdysonat_private ------<) | = |-' `--' `--' `--- Failure is never as devastating as regret. ---' `------' -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: See http://www.treachery.net/~jdyson/ for current keys. iQCVAwUBO5kIJ7lDRyqRQ2a9AQGeVQP+J6jkAcw7fGXDPsVSWCMEs81svKKk5diS TTR8siU/1Js+EoD/M/Vs12PXQDfthJSIVBpSjsCKMGkjAIa2KROaOw9waUgma/yg fhPT6/jcaPOUM6LolQDrC0v/Q/xq+MYK1W1Gz2POILkX5bCAgkmkniLYwHkRzQGX DLYgQ4eODv8= =E/J/ -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Sep 07 2001 - 14:27:40 PDT