Spreading the load, sounds like a good use of torrents!
Microsoft boffins are researching the possible benefits of distributing software patches or other content using the same techniques as computer worms. The mechanism, part of a fundamental research project rather than product development work, aims to reduce the load on servers handling content distribution functions including …
"Other security experts, including Paul Ducklin of Sophos (here) and Vesselin Bontchev of rival anti-virus firm Frisk (here), have waded in with responses pointing out that friendly worms create more problems than they solve."
Well, they would certainly create a problem for anti-virus firms...... so we can understand their response.
An odd question, perhaps, but delivering updates without end-user consent would constitute a criminal act here in the UK. (Now *that* would be interesting test of the US/UK extradition treaty.)
If it were sufficiently widespread (and I'm guessing there might be quite a few Windows boxes in the UK) it might even qualify as a terrorist act. Go Bill, Go!!
No need for Microsoft pure worms, use the delivery system that millions are using to distribute software and other bits successfully for many years -- Bit Torrent. A highly efficient way to distribute patches, updates and new products and it costs very little, next to nothing, to set up a torrent and let it rip. Granted, the Hivemaster Ballmer!!!! can! not! control! it! but! the! Monkey! can! still! dance!!!!! But! will! Comcast! throttle! the! Monkey!!!!! and! his! Worms!!!!????errrrr!!! Torrents??!!!
Seriously. Did they not think about this? Worms, trojans, malware in general is adapted so often that anti-bad-stuff apps have been forced to start looking for certain behavioural patterns in files and processes. Surely if MS decides to start using worm techniques to distribute patches, security software (such as OneCare) are going to spot it, class it as a worm and delete it. End result? Unpatched, unsecure machines that cannot alleviate their own situation because their machines have software installed to make their machines - well - more safe and secure.
Still, on the plus side, I'm glad to see Paris Hilton got that job in the MS Research Labs.
Yes, the idea is old, quite old. Does it mean that its a bad idea? No. The basic concept is to use a peer-to-peer model instead of a client-server model. We use plenty of peer-to-peer technology today. The main reason that update worms work poorly is because they have been designed with the model of an attacker, instead of the model of being a requested guest. Switch the model, solve the problem.
ohmygodohmygodohmygod etc. A worm created by Microsoft? And then they'll have to create a second one to chase down the first screwup and then a third and....
Should take the bad guys about 30 seconds to figure out how to attach their nasty little wagons to this thing.
God save the internet.
Danger is that the boffins will think they've cracked it and actually try it for real. God help us all if biologists working on real viruses ever try to create a 'good virus' to cure the cold, for example. Hmm, maybe there's a movie in that idea.
Anyway if you want to reduce the load on servers on distribution day you can always use P2P technology (assuming it isn't illegal).
Ever thought of taking the easy route and using a torrent engine to distribute patches? Azureus copes rather well this way and would achieve the desired effect of reducing server load.
Why explore some fancy-dan new way of doing something that has an established method?
Before I gave up on Windows in pure disgust I had gotten tired of my os constantly badgering me to install critical "non security" updates to make my computer do things I didn't want it to do. Media Player 11 for example.
This would be perfect for them, more control over your machine by Redmond and no more end users refusing to "take what is good for them". If they want to pick what I run, they can buy me the computer too.
Its news like this that makes me so happy I don't use Microsoft anymore.
Caveman Argh to caveman Bugga:
"Why are they bothering with research on those pointy sticks to throw at animals. There is technology already available. It is called Big Rock".
Caveman Bugga in response:
"Yes. And pointy things are too dangerous anyway, what with bushes and animals using them against us all the time. Just yesterday I hurt my foot on a thorn".
"I have started using Cleansweep (TM) technology to sweep around my cave to prevent that very problem, but those bushes keep comming up with new ways to spred their thorny branches. Just yesterday I had to burn everything in my cave to get rid of a bush that had crept in through a crack in the back wall".
"Yes. Pointy things can only lead to problems."
This is a very old idea. IFIP/SEC84 was held in Toronto and a young Fred Cohen presented. Unfortunately his presentation was late and didn't make it into the official proceedings. To summarize, it was about computer viruses and part of the presenation talked about good applications of this technology.
There were one or two limited viruses prior to this, but it was about 86 that things got going.
Many of the folks in that presentation room were skeptical. Some about viruses at all. Others about the 'good applications' part. The first group were proved wrong. The second have been repeatedly proved right. Unless this paper at least trys to address all of those issues ... well why bother?
You are close, it is was actually the friend of RTM, who came up with the idea after RTM sent out the first worm.
'Pac-Man' style was how he envisaged it, but it was discarded instead for sending an email from foo@bar.DARPA, which is a better move really.
It is an obvious solution, and it is an obviously bad one, but you see most security are hackers, so they like the idea, but most of the time it is discarded.
As people work on the worm's code, they have to envision it working so it becomes tempting to use that knowledge to fix it, but it is too selfish a compulsion and fraught with further complications, so standard practice is to dismiss this Pac-Man idea.
Though the idea could be modified into an auto update procedure with scanning and fixing, but it should not go out without prior consent.
Tried and sort of done (http://www.viruslist.com/en/news?id=66041), I guess, but worse than unoriginal thinking doesnt this poison the anomaly based security model? Suddenly the badguys and goodguys all look the same... well the badguys and Microsoft so, kind of, the badguys and the not quite so bad guys..
The bad guys and some other guys who occasionally display a disappointing disregard for the welfare of others. There. "It will be harder to tell them apart" is the point I am getting at.
Why can't you just install a windows patch server locally, which manages all the crappy patches and what-not, then set all your computers to access that (or search for it, failing that, use MSes servers)? Make it open source so companies don't need yet another expense to make things run sensibly. All the server needs to know is what the client has and what the client can use, then IT can send a command to the server and say "allow X-Z computers to install 1, 3, 5, 7" etc.
Not only does this stop Automatic Updates punishing MSes servers, but it also stops the same thing happening to your business's connection. At the cost of one 5 year old computer with a bit of extra RAM installed.
Or did I get the right end of the wrong stick?
P2P and "worms" are all a bit "let's do something new for the sake of our inflated salaries". Common sense > Fluff
If systems end up sending around 'patch' files, to each other, just in case your macchine might have a vulnerability, you'll just end up with vastly more network noise, being flung around, not less. The only reduction on load, would be on the central servers. This is a dreadful stone age solution to an iron age problem. It was a silly idea, back when the Cheesworm authors thought it up, and it remains a silly idea, now.
It is unsurprising that Microsoft's overpaid P&RD department are as blinkered, as to think it's something new, or worthy of attention, however. One wonders how much MSFT shareholder wealth, these people have squandered, over the years, trying to design their own-brand perpetual motion machine, rather than finding out why it won't work before trying?
A more sensible option would be to move away from a 'patch' system towards a delta file approach, whereby only those portions of the code that needs to be replaced is sent. Not only does this reduce network traffic, and produce quicker patching; it can often lead to less rebooting, since the entire kernel is not patched, and the affected code can be unloaded, from memory, and reloaded if necessary.
An interesting story this old chestnut... But here's the kicker, the damage wasn't caused by the worm itself, the damage was caused when some bright spark, at NASA i believe, decided the best way to deal with it was to write a similar worm that wiped out the old worms existence. The only trouble was the original worm was smart enough to check if it was already running on the target machine before it executed, the counter worm wasn't that smart, funny, the original was written by a 15yr old new zealander if the folk lore is accurate.
The counter worm caused the annihilation of machines on a world wide scale.
*sigh* anyone else see that this could be a problem, maybe not exactly the same issue, but something similar could easily happen.
If they wanted to reduce the load on servers, wouldn't it be easier to just make the patches openly available? You know, download once, install many instead of download for my laptop, download for wife's laptop, download for home office desktop, and download one more for the kids "homework" computer. Yes, I know it would mean they wouldn't be able to control patch distribution via the genuine sewer authentication but it would reduce the load on both ends for much more important data, like Paris porn, games and warez.
and what if you have a cap on your usage?
1GB transfered, now call me cheap, but I don't want to pay for updates to be distributed from my workstation.
for example, I just put a fresh copy of xp on a box at home, and had to down load a couple of hundred MB of updates...
if I had a 1GB cap I've already used well over a tenth of my monthly capped usage in a few hours just making my system secure (I can't believe I just said that... anyway on with the point)...
I don't want to waste more of my traffic allowance helping others update their systems.
that's why there is a windows update server, so people can download from it, not me.
on the business front,
if I want my windows updates to be mandatory I can set up my own WSUS machine, and force patches that I've tested to be installed at any given time on any given day... even force reboots afterwards if I want to.
this idea is bull crap,
it's useless for business, for the reasons outlined above, and it's unfair on the home user who have already paid for the crappy software once, without then further paying to help the world richest get richer by allowing them to leech the services that they are paying for.
besides which my connection speed is shit enough without distributing windows patches through it as well.
not that I'm completly against torrents...
a torrent of something like Linux is fair enough, you're getting something for free and contributing something back whilst others get bits from you over your connection. -but that's the kind of ideology you sign up for when you start to torrent stuff, not when you buy a product off the shelf.
Biting the hand that feeds IT © 1998–2021