Browse > Home / Blog article: Researchers at Microsoft consider ‘friendly worm’ to distribute updates

Researchers at Microsoft consider ‘friendly worm’ to distribute updates

By Janine de Blois

February 18, 2008

Microsoft Research in Cambridge, UK is toting the idea of freeing up servers and spreading patches more efficiently by using software that behaves similar to worms. Vojnović, a member of the Cambridge team says most existing worms are inefficient. They waste time exploring subnets of computers that contain few uninfected hosts.

The team is developing smarter strategies. Using prior knowledge of where uninfected computers are spread across subnets enables the worm to focus attention on those areas, getting more results with fewer probes. However, in most cases this information is not available, so researchers are also focusing on developing worms that can learn from experience. For instance, when a worm sends out a probe and finds an uninfected host in a certain subnet, it will continue spreading in that subnet. Once it fails to find an uninfected host a fixed number of times-say 10 in a row-it will continue to search for new subnets by sending out more random probes. This strategy is almost as efficient as using prior knowledge. Without the need for large central servers to co-ordinate patches and updates, Vojnović says, “These strategies can minimise the amount of global traffic across the network.”

Another benefit of this research is to provide countermeasures for future malicious worms. Chuanyi Ji, of Georgia Institute of Technology, is also studing the workings of worms. Ji has found previous worm attacks have used similar, though not as sophisticated, ideas as those developed by Microsoft’s Cambridge team. “We may see improvements to these kind of strategies appearing in future, so it is good to investigate the worst they could do.” She says that by understanding how attacks develop, it may be possible to send out defensive patches using a ‘perfect worm’ faster than an attack can spread.

There are some questions surfacing as to how to validate patches received via peer to peer. Microsoft will be presenting a research paper at the 27th Conference on Computer Communications (INFOCOM) in Arizona, US, in April 2008.

Click here to discuss this: Security Forums

Filed Under Computer Security, IT Security, Internet Security News, Network Security, Security Technology 
Tagged:



Add to Bookmarks:

ADD TO DEL.ICIO.US     ADD TO DIGG     ADD TO FURL

ADD TO STUMBLEUPON     ADD TO YAHOO MYWEB     ADD TO GOOGLE     ADD TO SPURL


Related posts to "Researchers at Microsoft consider ‘friendly worm’ to distribute updates":



Comments

Got something to say?





Visited 215 times, 1 so far today