Active Immunization Against Internet Viruses, Worms & Trojans

Active Immunization Against Internet Viruses, Worms & Trojans

How To News

Future News

RELATED NEWS

Not told to resign, says Yeddyurappa, to meet Gadkari Tuesday (Night Lead)

OP-ED by Vice President Joe Biden in the New York Times: "What we must do for Iraq now"

Declaration by the North Atlantic Treaty Organisation (NATO) and the Government of the Islamic Republic of Afghanistan on an Enduring Partnership

NATO-Russia Council Joint Statement

OP-ED by Vice President Jow Biden in the New York Times: "What we must do for Iraq now"

Declaration by the Heads of State and Government of the Nations contributing to the UN-mandated, NATO-led International Security Assistance Force (ISAF) in Afghanistan

Mosquito repellent to virtual inverter, innovations awarded at I3

Fact Sheet on the United States' Relationship with the European Union: An Enduring Partnership

10 injured as ceiling of building under construction collapses

Suspected Maoists kill two CPI-M supporters

By Angsuman Chakraborty, Gaea News Network
Sunday, April 22, 2007

Active immunization is an extremely interesting technique in fighting against internet based viruses, trojans and worms. Laurent Oudot of the Rstack team created a prototype in 2003. He identified hosts compromised with msblast.exe worm using honeyd - a popular honeypot and then immunized them using the same exploit (to obtain a shell) as the worm itself and run a simple script to clean the system of the worm.

There are strong implications of this concept. Technically a script kiddie too can use the same backdoor created by a worm and create more hamrful exploits. All he has to do is use honeypots to look for new exploits. However that is something he can do even today and some does it.

Then there are strong moral implications. Is it fair to immunize a exploited system irrespective of their owners knowledge and will? What happens if something gies wrong?
Let’s take a real-life scenario. Suppose you have a child in your community with a highly infectious disease who is attending school and his parents are away. Would you wait for his parents to come back, inform the cops, inform the school authorities or directly immunize the child yourself. You will probably do one of more of the above depending on the virulence of the infection and perceived risk to your own children. It is the same with the internet.
Personally I think if I am being attacked by a system, willingly or not, then I have the right to immunize it. Frankly it will be much easier once such actions are explicitly backed by law.

The same technique when applied to a large corporation becomes much simpler in terms of ethics and morality. The corporation has full rights to its machines and active immunization is the way to go.

The downside is that crackers too can fight back by introducing code which seals the backdoor it created after its has infected the system. Future communication with the owner will be through polling only. Again access to corporate intranet is simpler and needn’t use the backdoor. Overall I think active immunization is a very useful strategy for large corporation and can also be implemented on internet if adopted by hosting providers for their own networks.

NAME :	(REQUIRED)
MAIL :	(REQUIRED) will not be displayed
WEBSITE :	(OPTIONAL)

YOUR COMMENT :
	Submit Notify me of followup comments via e-mail

Older News