Wednesday, January 14, 2009

my thoughts on benevolent botnets

pete lindstrom recently penned a post on the idea of benevolent botnet... it's not the first time i've seen this topic come, up - martin mckeay posted about a related idea of battling botnets with botnets (presumably one side of that fight would be benevolent botnets)...

my thoughts run something like this - implicit in the idea of the botnet is that the computers that make up the botnet are being remotely controlled without authorization from their owners and therefore no botnet can be considered benevolent...

if the collection of connected computers are being controlled without authorization then you're stealing cycles at the very least, as well as a certain amount of bandwidth in order to communicate with the command and control server...

if the computers are being controlled WITH authorization from their owners then you have a distributed computing project, not unlike seti@home or distributed.net - and you can't really call either of those botnets...

so much like the very act of self-replication makes supposedly good viruses bad, the very act of unauthorized remote control makes supposedly benevolent botnets malicious...

2 comments:

Pete said...

I completely agree. More here: http://spiresecurity.typepad.com/spire_security_viewpoint/2009/01/benevolent-botnets-1.html.

Pete

Unknown said...

Oh jesus...and to think I'd already seen enough crackpot posts from Pete, you link me to this one where I just have to wonder, "WTF is he smoking?"

Inverted honeypot? Sure, fine, I can understand that term, but it is an inverted honeypot for just the one infection. You're not going to see anything new with 100,000 hosts than you see with 10 from the same botnet.

I agree with your sentiment completely, Kurt.