kitchen table math, the sequel: what is "eradicating the program before it is used"?

Friday, January 23, 2009

what is "eradicating the program before it is used"?

Exciting news in yesterday's Times: a digital Pearl Harbor is on its way.

(Really?)
A new digital plague has hit the Internet, infecting millions of personal and business computers in what seems to be the first step of a multistage attack. The world’s leading computer security experts do not yet know who programmed the infection, or what the next stage will be.

[snip]

Worms like Conficker not only ricochet around the Internet at lightning speed, they harness infected computers into unified systems called botnets, which can then accept programming instructions from their clandestine masters. “If you’re looking for a digital Pearl Harbor, we now have the Japanese ships steaming toward us on the horizon,” said Rick Wesson, chief executive of Support Intelligence, a computer security consulting firm based in San Francisco.

[snip]

Computer security researchers expect that within days or weeks the bot-herder who controls the programs will send out commands to force the botnet to perform some as yet unknown illegal activity.
Here's the part I don't understand:

The worm has reignited a debate inside the computer security community over the possibility of eradicating the program before it is used by sending out instructions to the botnet that provide users with an alert that their machines have been infected.

“Yes, we are working on it, as are many others,” said one botnet researcher who spoke on the grounds that he not be identified because of his plan. “Yes, it’s illegal, but so was Rosa Parks sitting in the front of the bus.”

Worm Infects Millions of Computers Worldwide
New York Times 1-23-2009


What does this mean?

Wall Street Journal says it's not time to panic.

Fine.

I'm counting on the Wall Street Journal to tell me when it is time to panic.

8 comments:

tm said...

I don't know because I am not a computer security person. I think it sounds like a hack of the hacker. The good guys would hack the virus and command it to send a warning to all of the computers that it has turned into its own network--the botnet. Sounds pretty cool. I hope they can do that and more.

Catherine Johnson said...

So why is that illegal?

I'm missing something.

Probably something big & obvious.

Redkudu said...

I'm thinking it's the part about sending the alert - if it's illegal for someone to commandeer your computer into a botnet, it's probably illegal to create something which also gets into the computer to give you a warning, maybe?

I just got a virus (several actually) a few weeks ago that ripped my computer to shreds and I had to get support. I had to give all kinds of agreements to allow the support folks to get in my computer from where they were and try to chase the virus down. (I could see what they were doing on my own screen, and she was in Asia somewhere.)

Anonymous said...

they would be sending instructions to the infected computers the same way that you distribute a virus in the first place. essentially, they'd be trying to infect your computer with a "good" worm that replicated itself and sent itself to everyone on your email list, etc.

Anonymous said...

And while it sounds cool, think about how badly it could go wrong.

Catherine Johnson said...

Thanks, you guys.

Anonymous said...

I guess I'll have to start backing stuff up again.

I keep getting more viruses lately, as well. I have pretty standard anti-virus, along with ad aware and some malware thingy that gets rid of the trojans. But, the activity seems to have increased.

SusanS

Catherine Johnson said...

I'm sticking with Macs.