Re: Benign Worms

[Mike Hoye <mhoye () neon polkaroo net>]

On Fri, May 13, 2005 at 11:13:03AM -0500, k k wrote:
> There is debate surrounding whether releasing benign worms such as Nachi or 
> Welcha, in general is ethical or not.  But network administrators can still 
> create benign worms for their need (not necessarily Nachi or Welcha) and 
> release them in their domain to patch systems.
>
> 1. Do people do that?  Or at least, have you considered it?

No. It's lunacy. Worms spread through security holes. They are
by-definition uncontrolled. If you have known security holes on a system,
you should be fixing that, not relying on it for software updates.

The worms you are describing are well-intentioned mistakes. Modifying
somebody else's system without their permission is unethical, and if
they're your own systems, you should have way, way better techniques
in place for dealing with upgrades than that.

> 2. If yes, under what conditions would you do that?

I would employ this technique if:

- I were off my medication and drinking my way through a quart of gin,
or 
- I really, really wanted to lose my job.

No sysadmin their right mind would employ the technique you describe
if they wanted to stay in that line of work.

> 3. If not, what prevents you from doing that?

The fact that it naked, gibbering insanity.

-- 
"I have discovered a truly remarkable heresy which this margin is too
small to contain." - Jim Macdonald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/