h a l f b a k e r yPoof of concept
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Ok, I know this has been generally half-baked before, but I'm being specific in method and implementation:
Have a team of virus writers who job it is to exploit known vulnerabilities before the bad guys do.
This team of programmers would incorperate the vulnerability into a generic, tested
framework. All the "virus" would do is search, exploit, propigate, patch.
All it would take is one "good" virus based on yaha to close 60% of the freaking outlook backdoors.. And IIS? No problem..
See, my whole issue is that these stupid and badly coded viruses are disrupting the majority of the population, causing havoc for those who acctually maintain their systems properly. Not only that, but 99% of viruses exploit a patchable hole.
To recap:
-Generic, 100% tested patching engine
-attatch either the entire patch or a web-install link of the patch
-propigate as though malicious
-infect a host machine
-propigate from the host machine
-patch the hole/vulnerability
-deactivate the virus.
Please, don't put the security of the internet into the hands of those people who do not understand basic security practices.
[ p.s. Yes, I am aware that some patches wreck a system which is why virus patches would be released 1-2 weeks after the patch went live ]
The good samaritan virus
http://news.bbc.co....hnology/3163001.stm Rids PCs of the MSBlast virus [Gordon Comstock, Oct 17 2004, last modified Oct 21 2004]
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Destination URL.
E.g., https://www.coffee.com/
Description (displayed with the short name and URL.)
|
|
A gazillion and one, now. |
|
|
oh, come on.. Did I not say that I knew it had been generally half-baked? |
|
|
Have people posted these specifics before? |
|
|
// Did I not say that I knew it had been generally half-baked? // |
|
|
That begs the question... well why did you post it, then? |
|
|
//That begs the question... well why did you post it, then?// |
|
|
I posted it because general ideas and specifics are two different things.. That's like saying "You made a car? You knew people made cars before, why would you make one?" |
|
|
No matter how many times I see variants of this, it is still a bad idea. |
|
|
So what exactly are the specifics of this idea that make it different from all other ideas about using viruses to distribute anti-virus software? |
|
|
Specific #1: You employ virus writers. I would say this is rather too obvious. |
|
|
Specific #2: The virus is written within a generic framework which is thoroughly tested. I would say this is standard software design methodology; while most viruses are very badly written, doing it this way is nothing new. |
|
|
Specific #3: You release the virus 1-2 weeks after the patch. I would expect the virus to be released after the patch, to allow time for testing, and the delay doesn't seem very significant to the idea. |
|
|
I don't understand: These specifics of yours (do this, do that) seem kind of general. I guess I'd be more impressed if you linked to some impressive looking coding and said what exactly it did. |
|
|
Virus C arrives. She's a bit grumpy and doesn't like at all what's going on. She picks up Virus A, slaps him around a bit, and sends him packing. She pats Virus B on the head and posts a large "Virus A - Keep Out" sign, and continues merrily along her way. |
|
|
Virus F comes in and removes sign. G H and I, friends of D wander in just as A B and C enter. Virus D puts down his game of solitare and now it a battle royal! |
|
|
Now, I know that I'm just going to be asking to be buried further by fishbones; but Most people seem to be misinterpreting... Did I not get it out as I meant? Possible knowing me ;) |
|
|
To address the specifics:
[pottedstu]: #1: Yes, employing virus writers has been done and implied, but what I'm looking at is a single specific team. |
|
|
2: The framework is an idea to alleviate the problem of poor coding on the specific patches. While it it standard proper methodology, it is rarely done (obviously) |
|
|
3: the 1-2 weeks was an example. This in and of itself is not new. |
|
|
The fact is, the components are nothing new, but I believe the specific idea I have is more than the sum of it's parts. |
|
|
[jutta] lol.. point taken :) |
|
|
[Dimandja] The fact is, the idea I have.. let's pare it down to 2 patches: Outlook/OE and IIS. If you have not patched your system, it is not forcing itself in, it is walking through the open front door. And, yes, there is thwe danger of screwing things up, with is why there is the layer of protection (generic framework only carries a verified patch unaltered) |
|
|
[snarfyguy] If I could link to fancy code, I would have already released a demonstration ;) |
|
|
[ravenswood] "computer: virus" ;)
as to the loop, that should never happen. If good virus A is installed, the door is closed so virus A can never get in again. |
|
|
As to c, d, e, ..., etc: LOL, but still shouldn't work. |
|
|
Clarification in simplicity: The 2 main holes I want to patch are Outlook/OE and IIS. If virus A comes around (outlook patch from microsoft), it infects the email client, following the same pathh as every other outlook virus the user had already gotten, emails itself out, patches the hole, and deactivates. |
|
|
No more outlook viruses (code red, yaha, etc). There is no counter-virus warfare as new viruses of the same type have no chance... Exactly as if the user paid attention to security in the first place. |
|
|
(This works exactly the same for IIS, or "virus B") |
|
|
[ravenswood] Thank you for taking the time to understand my idea. Sorry I couldn't make it clear initially. |
|
|
In response; 1) Hackers already do this, this is why viruses are bad. If you are going to be infected by A', you are goint to be infected with any other malicious code-red type virus (For example). The fact that it was based on A has no bearing, except now the malicious code will patch your system before it delivers the bad payload. |
|
|
2) Yes, unintended consequences of patches can always be an issue, which is why I would suggest only emplying the viral method for patches that have been out for a while and are big, glaring holes. [ patriot missle? you know you are reaching with that ;) Besides, if it's going to be infected like that, any virus writer could write a virus to point missles to any arbitrary point ] |
|
|
As to the issue of choice to install the patch: If you are intelligent enough not to be infected by code red, etc but don't need the patch; the viral patch won't touch you. |
|
|
Personally, I don't use outlook, outlook express, IIS, etc. I don't open suspicious attatchments, don't give out my personal address like a flyer, and scan anything I download (housecall.antivirus.com is a beautiful thing :). I don't need the patches I've mentioned, nor would anyone else who knew what they were doing.
If this describes you, the viral patch would not affect you, nor would it be installed without your consent. |
|
|
I don't know why everyone's so down on this. It seems like a splendid idea to me. Patches occasionally wreck systems, but viruses almost always to.. gimme the patch virus any day. Problem is that most people are too idle or ignorant to apply the patches so let MS black-ops do it for them. |
|
|
So can we assume [Mickey the Fish] was responsible for Welchi? See link. |
|
| |