Friday, February 22, 2008


Microsoft slammed for ‘stupid’ friendly-worm idea

‘Reminiscent of the “good” Nachi worm unleashed in 2003, Microsoft researchers have touted the idea of “friendly worms” to issue software patches, which has been labelled “stupid” by security experts.

In a research paper entitled Microsoft’s Sampling Strategies for Epidemic-Style Information Dissemination, the software giant looks at optimising the dissemination of data over a large-scale network by sampling computers in a subnet or IP address block — a similar technique to that used by worms — to identify computers that contain a known vulnerability.

“My focus is fundamental research on improving the efficiency of data distribution of all types across networks, and isn’t limited to certain scenarios or types of data but investigating underlying networking techniques,” Milan Vojnovic, researcher at Microsoft UK, told ZDNet.com.au sister site ZDNet.co.uk. [..]

However security expert Bruce Schneier said the concept of using worm-like techniques to distribute software patches is “stupid”.

“Patching other people’s machines without annoying them is good; patching other people’s machines without their consent is not,” wrote Schneier in a blog post.’

Leave a Reply