nanog mailing list archives
Re: Quarantine your infected users spreading malware
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 21 Feb 2006 14:35:52 +0200
Michael.Dillon () btradianz com wrote:
How do you get the unwashed masses of ISPs to join the choir so you can preach to them?Why not just bypass them and go direct to the unwashedmasses of end users? Offer them a free windows infection blocker program that imposes the quarantineitself locally on the user's machine. This program would use stealth techniques to hide itself in the user's machine, just like viruses do. And this program would do nothing but register itself with an encoded registry, and listen for an encoded command to activate itself. Rather like a botnet except with the user's consent and with a positive goal. When the community of bot/worm researchers determines that this machine is infected, they inform the central registry using their own encoded signal. When enough "votes" have been collected, the registry sends the shutdown signal to the end user, thus triggering the blocker program to quarantine the user. At this point a friendly helpful webpage pops up and guides the user through the disinfection process. Unlike antivirus software, the application on the user's computer does not need to detect malware and it needs no database updates. It does only one thing and it relies on the collective intelligence of the anti-malware community. This won't stop worms or botnets, but it will slow them down and it will greatly speed the cleanup process. --Michael Dillon
Hi Michael, the only problem with that approach is that you think like a defender.
As the defense is local to the user's machine, the attacker can just kick it away.
-- http://blogs.securiteam.com/ "Out of the box is where I live". -- Cara "Starbuck" Thrace, Battlestar Galactica.
Current thread:
- Quarantine your infected users spreading malware Gadi Evron (Feb 20)
- Re: Quarantine your infected users spreading malware Valdis . Kletnieks (Feb 20)
- Re: Quarantine your infected users spreading malware Gadi Evron (Feb 20)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 20)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 20)
- Re: Quarantine your infected users spreading malware Gadi Evron (Feb 20)
- Re: Quarantine your infected users spreading malware Michael . Dillon (Feb 21)
- Re: Quarantine your infected users spreading malware Michael Painter (Feb 21)
- Re: Quarantine your infected users spreading malware Michael . Dillon (Feb 21)
- Re: Quarantine your infected users spreading malware Valdis . Kletnieks (Feb 21)
- Re: Quarantine your infected users spreading malware Sean Donelan (Feb 21)
- Re: Quarantine your infected users spreading malware Valdis . Kletnieks (Feb 20)
- Re: Quarantine your infected users spreading malware Gadi Evron (Feb 21)
- Re: Quarantine your infected users spreading malware Michael . Dillon (Feb 21)
- Re: Quarantine your infected users spreading malware Gadi Evron (Feb 21)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 21)
- Re: Quarantine your infected users spreading malware Michael . Dillon (Feb 21)
- Re: Quarantine your infected users spreading malware Bill Nash (Feb 21)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 21)
- Re: Quarantine your infected users spreading malware Valdis . Kletnieks (Feb 21)
- Re: Quarantine your infected users spreading malware Jason Frisvold (Feb 21)
- Re: Quarantine your infected users spreading malware PC (Feb 21)
- Re: Quarantine your infected users spreading malware Larry Smith (Feb 21)