Valhalla Legends Forums Archive | Advanced Programming | Project feasibility

AuthorMessageTime
St0rm.iD
Was reading up on all of these Internet worms/viruses/etc, and I was thinking that it'd be pretty cool if there was an open, internet "immune system" kind of thing. I was thinking it could use (or borrow concepts from) NNTP/Usenet. Basically, some security researcher finds the bug, and issues an executable patch for several common OS's and signs it with his public key. It is then copied among all these nodes on the internet. Home users and servers have a client which periodically contacts a node and automatically updates (with user agreement) the machine.

How does it sound?
September 6, 2003, 3:52 AM
kamakazie
[quote author=St0rm.iD link=board=23;threadid=2599;start=0#msg20306 date=1062820333]
Was reading up on all of these Internet worms/viruses/etc, and I was thinking that it'd be pretty cool if there was an open, internet "immune system" kind of thing. I was thinking it could use (or borrow concepts from) NNTP/Usenet. Basically, some security researcher finds the bug, and issues an executable patch for several common OS's and signs it with his public key. It is then copied among all these nodes on the internet. Home users and servers have a client which periodically contacts a node and automatically updates (with user agreement) the machine.

How does it sound?
[/quote]

Sounds a lot like Windows' Automatic Updates.
September 6, 2003, 3:56 AM
j0k3r
But not designed by Microsoft, which makes it a brilliant idea. The only problem I could see would be finding TRUSTWORTHY people (not people who are going to make a virus for a patch to screw over people even more).
September 6, 2003, 10:25 AM
Adron
[quote author=j0k3r link=board=23;threadid=2599;start=0#msg20322 date=1062843936]
But not designed by Microsoft, which makes it a brilliant idea. The only problem I could see would be finding TRUSTWORTHY people (not people who are going to make a virus for a patch to screw over people even more).
[/quote]

Those people would become a huge target for hackers. If you can obtain their private key, you can put your software on everyone's computers... No, not a good idea.

September 6, 2003, 11:58 AM
j0k3r
[quote author=Adron link=board=23;threadid=2599;start=0#msg20330 date=1062849483]
[quote author=j0k3r link=board=23;threadid=2599;start=0#msg20322 date=1062843936]
But not designed by Microsoft, which makes it a brilliant idea. The only problem I could see would be finding TRUSTWORTHY people (not people who are going to make a virus for a patch to screw over people even more).
[/quote]

Those people would become a huge target for hackers. If you can obtain their private key, you can put your software on everyone's computers... No, not a good idea.

[/quote]

Adron brings up a good point, which would leave you with two options from what I can see... 1. Do everything yourself, and maintain high security, this would also mean less people which wouldn't make it worth it. 2. Just forget about it.

My 2cents, I'm probably overlooking some things though.
September 6, 2003, 1:10 PM
St0rm.iD
I was thinking 2048-bit RSA keys would be strong enough.
September 6, 2003, 4:06 PM
Adron
Consider what you can do if you can put software on everyone's desktop... You'd need physical security, the same kind that protects verisign & co's master keys.
September 6, 2003, 6:11 PM
St0rm.iD
Yes, I'm considering that.

I'm just going to be the designer; the public keys will belong to CERT guys and will be protected like versign protects their keys.
September 6, 2003, 7:17 PM
Adron
[quote author=St0rm.iD link=board=23;threadid=2599;start=0#msg20366 date=1062875829]
Yes, I'm considering that.

I'm just going to be the designer; the public keys will belong to CERT guys and will be protected like versign protects their keys.
[/quote]

What then is the difference from all the patches being signed and sent out by Microsoft, Redhat, and all the other OS manufacturers?
September 6, 2003, 8:58 PM
St0rm.iD
It isn't controlled by one vendor, it's distributed, and it's one system for everyone.

If it's controlled by a vendor, that sucks and it won't become an Internet standard.

If it is centralized, as it currently is, this could cause problems. Remember the first Blaster worm? It tried to DDoS windowsupdate. Fortunately, the author only took down the domain name and not the whole website, but imagine if a resourceful programmer disabled the update service? If it's decentralized, it will be *much* harder to take down.

If everyone uses one system, then there will be a framework in place that everyone can use for any future operating systems, AND all nodes will be able to interact with eachother, regardless of what they are running.
September 7, 2003, 12:22 AM
Skywing
[quote author=St0rm.iD link=board=23;threadid=2599;start=0#msg20391 date=1062894149]
It isn't controlled by one vendor, it's distributed, and it's one system for everyone.

If it's controlled by a vendor, that sucks and it won't become an Internet standard.

If it is centralized, as it currently is, this could cause problems. Remember the first Blaster worm? It tried to DDoS windowsupdate. Fortunately, the author only took down the domain name and not the whole website, but imagine if a resourceful programmer disabled the update service? If it's decentralized, it will be *much* harder to take down.

If everyone uses one system, then there will be a framework in place that everyone can use for any future operating systems, AND all nodes will be able to interact with eachother, regardless of what they are running.
[/quote]

That's just the thing - it is controlled by one organization - CERT, in your case. You're giving them the private key, so they're obviously going to be the ones in control.

Given the volume of patches to screen for "bad code", then, do you really think it'll change anything? I'd certainly hope that somebody like CERT wouldn't just include every single patch somebody submits without extensive checking, but that takes a lot of time, and you're talking about an all-encompassing thing that would just be virtually impossible to maintain.

Furthermore, to effectively screen patches for non-opensource operating system, each proprietary operating systems software vendor would essentially have to hand over complete source code for their product(s) to CERT. So not only does one organization now have the keys necessary to install any software on virtually any internet-connected computer, but it's also got the source code to virtually every proprietary operating system. I don't think that bodes well for decentralization - what you're creating is basically a terrorists dream, one target to take over half the internet.

So who would you trust with protecting all of this? "The government"? We've seen just how secure top secret government intelligence data is from physical attacks, not to mention electronic attacks.

P.S. CERT's been known to sell information on security vulnerabilities to people before releasing it to the general public. So much for an open system controlled by them.

P.P.S. As an additional note, you might want to know that there is already (and has been for some while) a system for setting up your own alternate distribution point for Windows Update patches. See Software Update Services for Windows 2000 and Windows Server 2003.
September 7, 2003, 12:49 AM
drivehappy
The problem isn't who distributes the patch, it's the monkeys that don't update their computers.
September 7, 2003, 1:00 AM
St0rm.iD
Vendors of each OS would be allowed to post patches for their respective OS. Basically each OS would be given an id, and the first person to register that id with a public key gets it. One public key is allowed access to one group only, to avoid hoarding of group ids by evildoers.

Protecting the keys would be the vendors' responsibility. Sucks for them if they loose it. Preferably keep it on a system not connected to the Internet, and sign the data and transfer it via discs.
September 7, 2003, 1:22 AM
Skywing
[quote author=St0rm.iD link=board=23;threadid=2599;start=0#msg20409 date=1062897726]
Vendors of each OS would be allowed to post patches for their respective OS. Basically each OS would be given an id, and the first person to register that id with a public key gets it. One public key is allowed access to one group only, to avoid hoarding of group ids by evildoers.

Protecting the keys would be the vendors' responsibility. Sucks for them if they loose it. Preferably keep it on a system not connected to the Internet, and sign the data and transfer it via discs.
[/quote]
Isn't the whole point of this system to protect users, though? Just saying "oh well, it sucks for company X if their security gets compromised" isn't enough here, because everybody who uses their software suffers a security breach as a direct result. I just don't think that's sufficient for something this important (and I'm not saying that I know of a good solution, simply that I don't think this is it).
September 7, 2003, 1:27 AM
St0rm.iD
A central authority, such as CERT, would ensure that the patches are okay.

Each patch would need to be signed by the vendor AND cert.

Auto-install is off by default, but is customizable.
September 7, 2003, 2:09 AM
St0rm.iD
CupHead and I have come up with a better solution.

Get rid of vendors and the central authority. Instead, anyone can sign any patch they want. Each client can decide which keys they trust. They should trust several third-parties, so all of them have to be compromised in order to introduce a risk. If a patch isn't signed by the trusted third parties, then it is not considered safe yet, and the patch is not downloaded.

What do you think?
September 7, 2003, 3:32 AM
Grok
The only usefulness of signatures is to authenticate the source. This does not provide any hint of safety. Verisign makes corporations jump through hoops to get a corporate certificate. But that just means when you download my code components, you can trace them back to the company that was granted the certificate. I can still write dangerous code into that code component.
September 7, 2003, 3:54 AM
Camel
Happy 911, Grok! :)

[img]http://camel.ik0ns.com:84/images/grok911.jpg[/img]

But anyways, while that is true, the point is that the user should trust trustworthy companies. How does one know that their anti-virus software isn't a virus itself? They don't, really. They simply trust that the company is reliable.
September 7, 2003, 7:27 AM
Adron
[quote author=St0rm.iD link=board=23;threadid=2599;start=15#msg20430 date=1062905530]
What do you think?
[/quote]

I think it makes more sense to have this coordinated by a single source for each product and patches signed by the producer (i.e. Microsoft for Windows products).
September 7, 2003, 11:11 AM
St0rm.iD
I was saying that third-parties can sign the patch, in effect saying "after our review of the source, we determine that this patch is indeed safe."
September 7, 2003, 4:05 PM
Kp
[quote author=St0rm.iD link=board=23;threadid=2599;start=15#msg20486 date=1062950727]
I was saying that third-parties can sign the patch, in effect saying "after our review of the source, we determine that this patch is indeed safe."[/quote]Then who signs the patch to the RPC DCOM exploit, or any of the dozens of other patches issued by Microsoft (or any other closed-source corporation)? Reviewing the source is a bit difficult in those cases since the corporation more than likely sees no benefit to letting outsiders see the source, and the outsider can't in good faith sign it as being secure if they don't see the source to know what it does. :)

One point in your favor that I can see would be having signatures from well known third parties who make the assertion "We installed patch X on a system with these properties (and provide a full list) and had [these/no] problems." If that testing party is reliable, it would give some confidence that you won't introduce new problems trying to apply the patches. I was rather dubious about installing the RPC DCOM fix because the patch program itself advised me to make a full backup and boot disks before installing - not something you'd generally see on a patch which has a high confidence of successful install and flawless post-install operation, IMO. It was mostly by necessity and assurances from others that it had not melted down their computers that I finally decided to risk it. (It worked fine, btw.)
September 7, 2003, 4:25 PM
St0rm.iD
That's what I envisioned.
September 7, 2003, 5:25 PM
Grok
[ x ] Trust all content from Microsoft
September 7, 2003, 7:34 PM
St0rm.iD
No, it would be like:

Trust everything certified by Microsoft, CERT, AND eEye.

If Microsoft and CERT trust it, but eEye doesn't, the patch isn't executed.
September 7, 2003, 9:11 PM
Adron
Then you need eEye to volunteer to test all the patches for you, and be sued by everyone who installs a patch even though they've vouched for it....

I'm finding it hard to see how you'll make sense of this if it's not supposed to warrant something about the patch. But even Microsoft doesn't warrant any fitness for any particular purpose (or do they these days?).
September 8, 2003, 3:44 AM
St0rm.iD
Well give them a legal notice.

And eEye would voluntarily do it, or some other third-party security organization in order to gain trust.
September 8, 2003, 7:06 PM
j0k3r
If you ask me, this is wayyy too much for security things... For one thing I don't know how commited you would be but I'm imagining this would take close to a year to implement and cost quite a bit. I also don't think it would get very big, a full anti-virus company (Norton) would always have more customers.

Once again, my 2cents.
September 8, 2003, 8:12 PM
St0rm.iD
I think it'd take about a day to write and a few weeks to bug test.

But fully implenting it would take about as long as IPv6 :)
September 8, 2003, 8:47 PM
thetempest
i agree with the others in stateing that a system that spreads exe's which can be setup to auto dl in the config is dangourus. It's not the smart people like us that you have to worry about.

It's the morons who are lazy and say "i dont want to have to think, i'll trust the comp to do that" and in the computer security world, trust is almost always unwarneted...

good luck though, this project would need a lot of overhead and good people working on it. Deffinently NO M$ =)
December 3, 2003, 7:24 PM
Kp
Watch where you're posting. This thread is several months old and had died a peaceful death. Don't disturb the dead.
December 3, 2003, 8:38 PM
thetempest
sorry,

there is only two pages on this forum, although all high quality material...i'm sorry, i didn't know it was that old, i'll watch better next time :)
December 3, 2003, 9:15 PM
Adron
[quote author=thetempest link=board=23;threadid=2599;start=30#msg33468 date=1070486137]
, although all high quality material...
[/quote]

That's the idea!
December 4, 2003, 7:36 PM

Search