Microsoft Thinks It Can Control the "Friendly Patch Worm"

Via newscientist.com -

Microsoft researchers are hoping to use "information epidemics" to distribute software patches more efficiently.

Milan Vojnović and colleagues from Microsoft Research in Cambridge, UK, want to make useful pieces of information such as software updates behave more like computer worms: spreading between computers instead of being downloaded from central servers.

The research may also help defend against malicious types of worm, the researchers say.

Software worms spread by self-replicating. After infecting one computer they probe others to find new hosts. Most existing worms randomly probe computers when looking for new hosts to infect, but that is inefficient, says Vojnović, because they waste time exploring groups or "subnets" of computers that contain few uninfected hosts.

Vojnović's team have designed smarter strategies that can exploit the way some subnets provide richer pickings than others.

--------------------------------------------

The idea of a friendly worm isn't new...and regardless if Microsoft thinks it can control it, they need to re-think this patch idea. Follow me on this fresh idea for just a sec....

Perhaps Microsoft could learn a thing or two from the malware community.

What about a enterprise patch management system that utilizes a small mobile worm-like dropper stub. The stub could move from a patched computer in a controllable manner to unpatched computers around it. The stub would "tag" the computer as requiring a patch back to a C&C server. At that point, the C&C server could push that "tagged" computer the required patch from a set of computers using a BitTorrent type technology.

It would be like a self-healing agent based patch management system which harnesses the powers of P2P protocols.

This idea does have some shortcomings...but it might work. Comments?