From: Eugene Leitl (eugene.leitl@lrz.uni-muenchen.de)
Date: Tue Aug 17 1999 - 22:43:32 MDT
Billy Brown writes:
> You guys have been reading too many cyberpunk novels. You can get this sort
> of thing to work very erratically (for random virus propogation), and you
I keep repeating this for umpteenth time: the whole idea behind the
project is to circumvent the limitations of brittleware, by GA-finding
a mutation function which mutates assembly without breaking it. If you
have this Rosetta stone everything else is suddenly easy.
We all agree that it would be much smarter to use robust systems, but
that does not exactly help us to exploit the resources of tens of
millions of machines existing out there on the net. Even now such
resources are nonnegligeable, now consider the exponential growth of
node numbers overlaid with Moore's law linear log plot, and think a
decade ahead. There's gold in thar them nodes in Netland out there.
> can usually crack any given system with determined effort from an expert,
> but you can't just whip up a magical worm program that does usefull work for
> you.
It requires little creativity looking for buffer overruns, this task
can easily be automated. To turn the destructive ping of death into
the constructive ping of corruption currently requires nontrivial
hacking skills for sure, but a million of machines bred for hacking
code, mangling opcodes in realtime cover a whole lot of search space
damn quickly and cleverly, probably much more cleverly than even the
most gifted hacker.
> You can get moderately reliable infection mechanisms (since most people
> don't have any security), but that doesn't get you anything usefull. First
This has nothing to do with security. There are holes in IP protocol
stacks which let you take over any machine on the network, period. If
you stop these there are thousands of applications with hundred
thousands of holes. Heck, buffer overruns can be produced by sending
mailformed MIME to certain mailers.
> off, you will be detected and reported within a few weeks at most (by one of
> the 0.1% of us who actually use our anti-virus software), and the whole
> project will rapidly become public knowledge at that point. Since the whole
> affair is highly illegal (one felony offense for every system the worm
> attempts to infect, I believe), this is a big problem.
Another misconception: I will not go around infecting machines by
hand. Once the autoreplication cycle has started it is a self
runner. Of course the worm will be detected, little good will this do
you. You can go offline and purge your infected machine, only to be
reinfected within milliseconds with another strain exploiting an
entirely different hole.
As to felony, who is ever going to trace back the thing to the
original perpetrator? Unless the creator of the virus steps forwards
and claims ownership you could as well bring a lawsuit against the
sea.
> Beyond that, you are asking for capabilities that would require either
> decades of work by some lone genius (and I mean a *real* genius, not some
> hacker wannabe), or a billion-dollar R&D investment. You need secure,
We're assuming there is a point in code space which can mutate other
code, itself included, with an error threshold below the critical. I
don't know whether this is true, but it sounds like a constructive
proposition. Since the GP search for it is positive-feedback, clearly
it is the most worthwhile path to choose.
> low-visibility network traffic across heterogeneous networks (plus
It needs not to be low-visibility, if it requires stealth it will
evolve it soon enough, reacting to vaccine's selective pressure. If it
initially propagates across internets and only infects Wintel
machines, that would be useful enough for starters.
> firewalls, proxy servers, etc), you need sophisticated multithreaded
> computation & spoofing on the infected machines, and you need to invent a
> completely new (and extremely complex) scheme for enabling these scattered
> programs to coordinate their efforts without a dedicated server to talk to.
There is no intended scheme other than open-ended coevolution, and
this one will be the emerged default anyway.
> Then you want to cram the whole thing into <100KB to make it easy to miss??
> Dream on.
>
> If you can do that, you don't need to compete for some piddling little $100K
> prize. Start your own software business and give Bill a run for his money.
I must be terribly muddle-headed today, now there is the third person
missing my point entirely.
This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 15:04:48 MST