WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
When malicious virus writers unleashed the MyDoom virus in late January, they attached a dangerous backdoor on infected PCs that left certain TCP ports open for future attacks.
The result? A string of mutants attacking millions of PCs worldwide, snarling network traffic and driving network administrators and end-users to new levels of frustration -- not to mention administration costs through the roof.
Ever since the Blaster attacks of last summer, every day brings a virus alert to inboxes. One variant after another, each with an ingenious new trick, each demanding attention from undermanned IT departments. It looks like virus writers are fighting with guns and admins are defending with plastic knives.
So let's drum up an old-but-new-again debate about the creation of self-spreading patches for all major virus attacks. Yes, the creation of good/friendly worms comes with legal and privacy implications. But the industry needs to look at creative new approaches to the problem.
Owning a computer or operating a network comes with certain responsibilities. When a tardy home user neglects to apply a patch that has been available for months, as was the case with the Blaster virus, perhaps that user needs to give up his right to privacy by allowing automatic patches to make sure the machine doesn't turn on other machines. That's my two cents.
When a system administrator views network patching as a chore instead of a responsibility, he (and his network) becomes an attack vector and a threat to an entire industry.
Opponents of friendly worms (and there are many) argue that the disruptive nature of software patches would be too much of a burden for enterprises. A burden to whom? When I drive into New York City through the Midtown tunnel and get pulled over so my car can be searched, isn't that disruptive too?
Anti-virus experts say it's not too much of technical challenge to create a piece of code to go find malicious worms, delete them and patch the vulnerability they exploited. Some folks adamantly refuse to have an uninvited worm squirming through their networks. Understandable.
But think about it. If your network was secure in the first place, this should not be an issue.
The timing is ripe for an industry group, made up of anti-virus experts, software vendors, CERT/CC, the Department of Homeland Security, ISPs and privacy advocates, to start the discussion about the use of "friendly" worms -- or better yet, "fixer" worms.
Such a group could be in charge of proposing new laws to allow for the creation, testing and deployment of these so-called fixer worms.
This group would need to work out changes to ISP user agreements and get clearance from consumers in order to enable automatic patches on their computers. Nothing major there. Software vendors could put certain clauses into licensing agreements to cover the enterprise end.
After all, every time a system administrator has to make the rounds to rid a desktop of an offending virus, the extra work saps productivity and pours precious IT dollars down the drain. The industry has an opportunity to fight fire with fire, or at least be bold and imaginative in countering the problem.
It's time for the industry to break out discussions about breaking out a friendly, fixer virus.Ryan Naraine is a senior editor with internetnews.com