• Welcome to Valhalla Legends Archive.
 

Project feasibility

Started by Banana fanna fo fanna, September 05, 2003, 10:52 PM

Previous topic - Next topic

Banana fanna fo fanna

Was reading up on all of these Internet worms/viruses/etc, and I was thinking that it'd be pretty cool if there was an open, internet "immune system" kind of thing. I was thinking it could use (or borrow concepts from) NNTP/Usenet. Basically, some security researcher finds the bug, and issues an executable patch for several common OS's and signs it with his public key. It is then copied among all these nodes on the internet. Home users and servers have a client which periodically contacts a node and automatically updates (with user agreement) the machine.

How does it sound?

dxoigmn

Quote from: St0rm.iD on September 05, 2003, 10:52 PM
Was reading up on all of these Internet worms/viruses/etc, and I was thinking that it'd be pretty cool if there was an open, internet "immune system" kind of thing. I was thinking it could use (or borrow concepts from) NNTP/Usenet. Basically, some security researcher finds the bug, and issues an executable patch for several common OS's and signs it with his public key. It is then copied among all these nodes on the internet. Home users and servers have a client which periodically contacts a node and automatically updates (with user agreement) the machine.

How does it sound?

Sounds a lot like Windows' Automatic Updates.

j0k3r

But not designed by Microsoft, which makes it a brilliant idea. The only problem I could see would be finding TRUSTWORTHY people (not people who are going to make a virus for a patch to screw over people even more).
QuoteAnyone attempting to generate random numbers by deterministic means is, of course, living in a state of sin
John Vo

Adron

Quote from: j0k3r on September 06, 2003, 05:25 AM
But not designed by Microsoft, which makes it a brilliant idea. The only problem I could see would be finding TRUSTWORTHY people (not people who are going to make a virus for a patch to screw over people even more).

Those people would become a huge target for hackers. If you can obtain their private key, you can put your software on everyone's computers... No, not a good idea.


j0k3r

Quote from: Adron on September 06, 2003, 06:58 AM
Quote from: j0k3r on September 06, 2003, 05:25 AM
But not designed by Microsoft, which makes it a brilliant idea. The only problem I could see would be finding TRUSTWORTHY people (not people who are going to make a virus for a patch to screw over people even more).

Those people would become a huge target for hackers. If you can obtain their private key, you can put your software on everyone's computers... No, not a good idea.


Adron brings up a good point, which would leave you with two options from what I can see... 1. Do everything yourself, and maintain high security, this would also mean less people which wouldn't make it worth it. 2. Just forget about it.

My 2cents, I'm probably overlooking some things though.
QuoteAnyone attempting to generate random numbers by deterministic means is, of course, living in a state of sin
John Vo

Banana fanna fo fanna

I was thinking 2048-bit RSA keys would be strong enough.

Adron

Consider what you can do if you can put software on everyone's desktop... You'd need physical security, the same kind that protects verisign & co's master keys.

Banana fanna fo fanna

Yes, I'm considering that.

I'm just going to be the designer; the public keys will belong to CERT guys and will be protected like versign protects their keys.

Adron

Quote from: St0rm.iD on September 06, 2003, 02:17 PM
Yes, I'm considering that.

I'm just going to be the designer; the public keys will belong to CERT guys and will be protected like versign protects their keys.

What then is the difference from all the patches being signed and sent out by Microsoft, Redhat, and all the other OS manufacturers?

Banana fanna fo fanna

It isn't controlled by one vendor, it's distributed, and it's one system for everyone.

If it's controlled by a vendor, that sucks and it won't become an Internet standard.

If it is centralized, as it currently is, this could cause problems. Remember the first Blaster worm? It tried to DDoS windowsupdate. Fortunately, the author only took down the domain name and not the whole website, but imagine if a resourceful programmer disabled the update service? If it's decentralized, it will be *much* harder to take down.

If everyone uses one system, then there will be a framework in place that everyone can use for any future operating systems, AND all nodes will be able to interact with eachother, regardless of what they are running.

Skywing

#10
Quote from: St0rm.iD on September 06, 2003, 07:22 PM
It isn't controlled by one vendor, it's distributed, and it's one system for everyone.

If it's controlled by a vendor, that sucks and it won't become an Internet standard.

If it is centralized, as it currently is, this could cause problems. Remember the first Blaster worm? It tried to DDoS windowsupdate. Fortunately, the author only took down the domain name and not the whole website, but imagine if a resourceful programmer disabled the update service? If it's decentralized, it will be *much* harder to take down.

If everyone uses one system, then there will be a framework in place that everyone can use for any future operating systems, AND all nodes will be able to interact with eachother, regardless of what they are running.

That's just the thing - it is controlled by one organization - CERT, in your case.  You're giving them the private key, so they're obviously going to be the ones in control.

Given the volume of patches to screen for "bad code", then, do you really think it'll change anything?  I'd certainly hope that somebody like CERT wouldn't just include every single patch somebody submits without extensive checking, but that takes a lot of time, and you're talking about an all-encompassing thing that would just be virtually impossible to maintain.

Furthermore, to effectively screen patches for non-opensource operating system, each proprietary operating systems software vendor would essentially have to hand over complete source code for their product(s) to CERT.  So not only does one organization now have the keys necessary to install any software on virtually any internet-connected computer, but it's also got the source code to virtually every proprietary operating system.  I don't think that bodes well for decentralization - what you're creating is basically a terrorists dream, one target to take over half the internet.

So who would you trust with protecting all of this?  "The government"?  We've seen just how secure top secret government intelligence data is from physical attacks, not to mention electronic attacks.

P.S. CERT's been known to sell information on security vulnerabilities to people before releasing it to the general public.  So much for an open system controlled by them.

P.P.S. As an additional note, you might want to know that there is already (and has been for some while) a system for setting up your own alternate distribution point for Windows Update patches.  See Software Update Services for Windows 2000 and Windows Server 2003.

drivehappy

The problem isn't who distributes the patch, it's the monkeys that don't update their computers.

Banana fanna fo fanna

Vendors of each OS would be allowed to post patches for their respective OS. Basically each OS would be given an id, and the first person to register that id with a public key gets it. One public key is allowed access to one group only, to avoid hoarding of group ids by evildoers.

Protecting the keys would be the vendors' responsibility. Sucks for them if they loose it. Preferably keep it on a system not connected to the Internet, and sign the data and transfer it via discs.

Skywing

Quote from: St0rm.iD on September 06, 2003, 08:22 PM
Vendors of each OS would be allowed to post patches for their respective OS. Basically each OS would be given an id, and the first person to register that id with a public key gets it. One public key is allowed access to one group only, to avoid hoarding of group ids by evildoers.

Protecting the keys would be the vendors' responsibility. Sucks for them if they loose it. Preferably keep it on a system not connected to the Internet, and sign the data and transfer it via discs.
Isn't the whole point of this system to protect users, though?  Just saying "oh well, it sucks for company X if their security gets compromised" isn't enough here, because everybody who uses their software suffers a security breach as a direct result.  I just don't think that's sufficient for something this important (and I'm not saying that I know of a good solution, simply that I don't think this is it).

Banana fanna fo fanna

A central authority, such as CERT, would ensure that the patches are okay.

Each patch would need to be signed by the vendor AND cert.

Auto-install is off by default, but is customizable.