Sunday, February 17, 2008

Worms can’t be friends

If you happen to have a lock on your door that can easy be picked by the burglars, does it grant police any right to pick your lock and enter your private property without any authorization?

Does it give your bank or your landlord any right to do the same?

The “friendly worm” idea is based on an assumption that if your door is equipped with such a lock, then it should be opened without your permission, so that the lock can be changed and your place can further be inspected.

Law? Privacy? Forget these funny words. With the “friendly worm” in place, your privacy boundaries are determined by the strength of your locking mechanism only.

You might ask, well, “even if” the purpose of doing so is legitimate, can it still be exploited by others?

Good question.

The answer is: Yes, it can.

A malware that infects the “friendly worm” will also easily enter all unlocked premises.

Having such perfect propagation mechanism must be a wild dream for the malware authors: they don’t need to dig underground forums searching for any published exploits anymore - just hop on the tail of the “friendly worm” and enjoy the ride!