Less Worms than Leeches

As you might guess, the New Scientist article on the Microsoft research "friendly worms" paper excited more annoyance than admiration, not only here but elsewhere in the research community. However, when a link to the actual paper turned up (thanks to Jimmy Kuo for pointing it out), it turned out be rather less dramatic. While it does refer to malware from time to time to illustrate distribution models, it’s several levels of abstraction away from the self-distributing patch mechanism that New Scientist seems to think it’s about. (Unfortunately, a million other articles have appeared since that have taken their cue from New Scientist, not from the actual paper.

 

Of course, we don’t know exactly what, if anything, the researchers in question said directly to New Scientist. If a benevolent Microsoft worm does exist as a gleam in someone’s eye, they’ll have to reconcile it at the implementation stage with the fact that Microsoft is also in the anti-malware business, and the industry hates the idea of unnecessary replicative code with a passion. (Even if there are still people out there who think we write all the viruses ourselves.)

 

In the meantime, the usual objections still apply.

  • In the real world, while a self-replicating program can, in principle, do anything a non-replicating program can do, no-one has yet found a job that has to be done by a worm. Well, apart from annoying anti-malware geeks.
  • The history of malware is littered with replicative programs that caused more damage than the writer ever  intended because he failed to take into account every possible scenario that could arise. A benevolent worm would likewise have to take into account the additional practical complications that self-replicating code can give rise to. Benevolent intentions are not sufficient excuse for breaking systems that work differently to the way you assumed they would.
  • Even the best-coded, best-intentioned replicative code also has to cross so many ethical and legal boundaries that the fastest feasible distribution algorithm is likely to finish up hobbled by so many disclaimers and "are you sure?" messages that its theoretical advantages will be nullified.

But if you’re still not sure, read Vesselin’s paper: it doesn’t leave many stones unturned.

 

David Harley
Research Author

Author David Harley, ESET

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.