[news.sysadmin] Good Worms can be your friend... !?!

werner@utastro.UUCP (Werner Uhrig) (11/11/88)

I've seen a lot of dire anticipations about the worm having escaped
before the (destructive) functions could be added;

WHAT IF Mr. X was working on a worm that would go around patching
systems and make them more secure?  What if I'd tell you that it is a
perfectly feasable concept to distribute system-patches (especially
urgent ones) by releasing self-propelling code looking for a place
where it is needed?

Don't yell all at the same time - not quite yet....

What if, by definition, all UNIX-boxes on a network are insecure
(lots of people say that) and what if all systems came with a
feature heavily protected by encryption which would allow a vendor
to send out patches, which, when they arrive on your system, would
announce themselves and tell you what security holes you have left
open and offer to close them for you?  Wouldn't that work a lot
better than the "old-boys-network" we have been using to distribute
security fixes?    It would help all those admins who either don't
have time, knowledge or connections to get around to making their
system secure, if someone like Robert would give them free security
consultant's advice by releasing a "Self-Propelled Diagnostic-program"
(in a minute I'll come up with a catchy name for that critter: -see below-)
that does nothing but point out the weaknesses in the system and
offer to teach you how to fix things.  (let's not argue if you want to 
trust such a program or not;  we are all in the habit of checking things
out in varying degrees) - just pointing out the holes without fixing
anything would be a smashing success - and, certainly, a lot fewer
people would scream for his scalp - and more would praise him.

OK, enough; I have no idea what Mr. X's actual actions, motivations,
or plans were;  but I have every confidence that they were not
destructive, but rather the opposite.

	You are welcome to cite me in your defense, Mr. X...   (-:


below follows my brainstorm at a catchy name for the critter:

Travelling Worm with a Beneficial Purpose?  na, too long; TWwaBP?
too cryptic.  maybe I can stick AI in there somewhere - that field needs
all the good press it can get: WAIT, Worm that uses AI Techniques?
sounds slow, thus negative.  NURSE !  Network Using Remote Service!
here we go!  I can already see the glossy color ads for AI-NURSE,
Dumb Blonde NURSE, The NURSE is here - and YOU need a DOCTOR!!)
-- 
--------------------> PREFERED-RETURN-ADDRESS-FOLLOWS <---------------------
(ARPA)	    werner@rascal.ics.utexas.edu   (Internet: 128.83.144.1)
(INTERNET)     werner%rascal.ics.utexas.edu@cs.utexas.edu
(UUCP)	..!utastro!werner   or  ..!uunet!rascal.ics.utexas.edu!werner

jejones@mcrware.UUCP (James Jones) (11/13/88)

In article <3372@utastro.UUCP>, werner@utastro.UUCP (Werner Uhrig) writes:
> What if, by definition, all UNIX-boxes on a network are insecure
> (lots of people say that) and what if all systems came with a
> feature heavily protected by encryption which would allow a vendor
> to send out patches, which, when they arrive on your system, would
> announce themselves and tell you what security holes you have left
> open and offer to close them for you?

Then all the crackers would know just what to attack.  I don't think anyone
would trust such a mechanism, unless it were one that was under their control,
i.e. the sysadmin would call the vendor's machine periodically to run something
to probe their system for leaks.  Even then, I would worry.

		James Jones