Wednesday, February 20, 2008

Friendly worms, oh no not again?!

The New Scientist article on the Microsoft research "friendly worms" paper excited more annoyance than admiration everywhere in the research community and far abroad. It gives you a completely different dimension however when you really read the actual paper which can be found at MS. While it does refer to malware from time to time to illustrate distribution models, it’s several levels of abstraction away from the self-distributing patch mechanism that New Scientist seems to think it’s about. Of course I don’t know what the researchers in question said directly to New Scientist. So to my opinion this is all a little bit too exagerated ... something like a storm in a teacup. Or maybe the New Scientist journalists were hungry to use a flashy 'headline' because it attracts people ... well at least they succeeded in that way. The article is being (mis)used everywhere in the world maybe even by this Blog.

Of course the industry including myself hates the idea of unnecessary replicative code with a passion. While a self-replicating program can, in principle, do anything a non-replicating program can do, no-one has yet found a job that has to be done by a worm. The history of malware is littered with replicative programs that caused more damage than the writer ever intended because he failed to take into account every possible scenario that could arise.

An interesting read is definitely Vesselin Botchev's paper.
I really love this paper and it blows away everything. ;-)

To my opinion there is no such thing as a good worm, all malware in general are bad and it's the task from the security industry to protect you against it and not to write them .... pffff, and this was not the first time I've said this ... you will see that this problem or let me say this 'misunderstanding' will pop up again in the future unfortunately.