Security Incidents mailing list archives
Re: A question for the list...
From: Ed Shirey <eshirey () pclocals com>
Date: Sat, 17 May 2003 17:30:22 -0600
Dan Hanson wrote:
I think that this approach to dealing with worms is an inevitable evolution of the network "organism". It obviously carries many risks, but it can also potentially provide tremendousAs part of incident handling and response, most of us have had to respond to virus infections that have affected networks and hosts. Reports are circulating that members of the IRC operator community have distributed code through the update mechanism of the Fizzer virus. The code reportedly attempts to remove the virus from the host. The latest information seems to indicate that the "update" code was removed until further testing can be done and more discussion regarding the legalities of this are had.
benefit to the health of the overall system.It's certainly not always the case, but often an infected system has readily exploitable holes that an active "vaccine" could utilize to remove the malware. This approach has a host of ethical and technical issues, but assuming an altruistic and benevolent (and technically competent) source, this vaccine has a net benefit (sorry about all the puns).
I suggest that many of the issues are similar to those associated with "Good Samaritans". Our overly litigous society has many would-be samaritans afraid to offer a helping hand because of concern for liability. Is this right? This isn't a rhetorical question -- there are certainly examples of well meaning, but inept assistance causing more harm than good. However, as more and more malware "organisms" begin to inhabit our network like virtual E. Coli. in the Internet gut, active measures may be required, if for no other reason than to protect bandwidth. Perhaps DSL providers should consider making permission to release active countermeasures part of the terms of use.
This is going to be a fun thread... Ed ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper ***Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.
To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------
Current thread:
- A question for the list... Dan Hanson (May 16)
- Re: A question for the list... Ray Stirbei (May 17)
- RE: A question for the list... John McCracken (May 17)
- Re: A question for the list... Ed Shirey (May 17)
- RE: A question for the list... Dan Perez (May 19)
- Re: A question for the list... Ray Stirbei (May 19)
- RE: A question for the list... Benjamin Tomhave (May 21)
- Re: A question for the list... Kevin Reardon (May 20)
- RE: A question for the list... Mark Ng (May 21)
- Re: A question for the list... Kevin Reardon (May 21)
- RE: A question for the list... Rob Shein (May 22)
- Re: A question for the list... Gary Flynn (May 21)
- Re: A question for the list... Jimi Thompson (May 23)
- Re: A question for the list... Jay D. Dyson (May 25)
- Re: A question for the list... Ray Stirbei (May 17)