Project: Linux Opinions

Cheese: If it's good (worm), let it be!

By Jim Rapoza <feedback@freeos.com>
Posted: ( 2001-06-28 08:25:33 EST by )
System administrators worldwide recently reported signs that another self-spreading program, or worm, had started to infect Linux systems. The worm's existence has given rise to two schools of thought. One, which feels that the worm will help in securing the system while the other is of the opinion that a worm is a worm after all and has to be eradicated. In this article we bring you the arguments put forth by the `cool about Cheese' school.

The Cheese worm appears to be different. Dubbed the Cheese worm, the program is basically a self-spreading patch. It enters servers that have already been compromised by a previous bit of malicious code--the 3-month-old 1i0n worm--and closes the back door behind it, adding security to the system.

Taken individually, the Cheese Worm is not a good thing. The last thing we need is another invasion by some nameless hacker using up our network resources.

But when I first heard about it, I couldn't escape the feeling that this is the right way to fight security holes and malicious hackers. One of the biggest causes of security breaches and attacks on the Internet is the ignorance or laziness of many system administrators. Too many people put up systems with known security holes, and too few bother to install easily available patches.

The Internet is like a person who does not take care of his or her health but lacks an immune system. And that's the key: If respected security vendors and organizations released identifiable programs similar to the Cheese Worm, it would be a big step toward creating an immune system and leveling the playing field between the bad guys, who are always on offense, and the good guys, who must react after an attack takes place.

Some administrators will argue that they don't want programs coming onto their systems and loading patches. That's a valid point-a patch could conflict with applications. So how about a good worm that notifies systems when it finds vulnerability? This would solve problems for administrators who can't keep track of all the vulnerabilities out there.

Some will say that they don't want uninvited programs on their systems. All I can say is: Guess what, if you didn't have a security hole in the first place, these programs couldn't get in. Would you rather have a program that tries to help you or something that will harm your systems and possibly use them as a launching point to attack others?

This last is a major point. Your security holes aren't just your problem; they could also be a problem to other networks. I may not want to get a needle stuck in me to vaccinate against infectious diseases, but it's part of coexisting in society.

Right now, the bad guys are winning big time. Whether you call them good worms, agents or bots, these programs would be the first proactive step toward plugging security holes. The Internet is sick; it's time to start vaccinating systems.

We shall bring you the counter arguments in our next article.

Other articles by Jim Rapoza

Current Rating: [ 8.74 / 10 ] Number of Times Rated: [ 27 ]

Contents Articles   Howtos   Interviews   News   Opinions   Reviews Comparison Links   Articles   Howtos   Interviews   Opinions   Reviews   Websites News

Linux About Linux

Print It! Printer Friendly Version