Why, Rusty? Because We’re the Griswolds!

July 11th, 2007  |  Published in etc

Windows Live OneCare 2.0 Enters Public Beta :

“New in version 2.0 is central configuration management. ‘If Junior turns off the firewall to play games, Dad can notice this and turn it back on,’ said Gina Narkunas, OneCare’s lead product manager.”

It can also trigger backups, alter “unsafe” software settings, and deploy printer drivers across the network.

Livecare 2.0, you bloodsucker!

I wonder if zombiism could become a hereditary condition under this model? Like, Dad downloads a dirty screensaver, gets pwned, and the resulting zombification code looks for the management interface, compromises its child nodes in turn, then puts its new zombie family to sleep until needed. That’s two or more nodes for the price of one.

It could even set up some sort of regenerative thing, compromising a child node and doing dirt from there while hiding on the family’s controlling host. If the child node were to be discovered and sanitized it could just re-sploit the machine and start all over without doing anything else to draw attention to its host machine.

Or the controller could just act as a stealth aircraft carrier, delivering code derived from tried and true past malware to its zombie children. So while security software is diligently isolating and removing stuff already in its database, or security companies are updating against a new variant on an old bot, the controller sits tucked away with no one thinking maybe Dad is to blame for all these damn infections, not Junior’s yen for dodgy BitTorrent sprees.

It creates an ideal scenario. The challenge of getting access to hosts behind the firewall in the first place remains, but where a network of independent nodes represented a one-time payoff for successful penetration (generally … I knew of people spending weeks dealing with resurgent Code Red outbreaks after the initial attack and sanitation), this offers the possibility of multiple payoffs, and multiple payoffs that survive repeated attempts to sanitize.

Or maybe my imagination is running away with this. I’m sure Microsoft has anticipated this.

