ethical worm
Home > Security Definitions - Ethical worm
SearchSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

ethical worm

Show me everything on Security Testing and Ethical Hacking

DEFINITION - An ethical worm is a program that automates network-based distribution of security patches for known vulnerabilities. Like its malicious counterpart, the ethical worm could propagate across networks exponentially and perform its tasks without user knowledge or consent, through a process sometimes called a drive-by download. According to some, such invasive behavior is warranted because many system administrators fail to install appropriate patches and service packs, despite knowledge of vulnerabilities and available solutions.

The deployment of ethical worms for patch distribution is frequently suggested in discussion forums, especially in the wake of a wide-ranging malicious attack. In January 2003, a worm called the SQL Slammer exploited a known buffer overflow vulnerability in Microsoft SQL 2000 server systems to cause widespread Internet outages. The attack, which may have been carried out to illustrate the problem of lax security, was launched precisely six months after Microsoft released a patch for the flaw. Had the patch been installed to vulnerable systems, the SQL Slammer attack might have had little impact.

Although installing security solutions through ethical worms would, at least, ensure they were deployed, there are concerns that the method would create more problems than it solved. According to Ed Skoudis, author of the book, "Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses," even if an ethical worm worked flawlessly, it could inadvertently cause damage because of conflicts with other programs and particular system configurations.

Learn more about Security Testing and Ethical Hacking
How security audits, vulnerability assessments and penetration tests differ: A lot of people use the words security audit, vulnerability assessment and penetration test interchangeably. Can you explain the differences between them so I'll know which term to use at the right ...
Ethical hacking techniques for standard penetration testing: I recently did a penetration test for one of our company's partners, only to find out that management had not obtained written permission from the partner for the test to be performed. The partner ...
Information security book excerpts and reviews: Visit the Information Security Bookshelf for book reviews and free chapter downloads.
Screencast: Google hacking, infosec style: In this exclusive screencast step-by-step demo, Tom Bowers explains how to ensure an organization's intellectual property doesn't fall into the wrong hands.
Quiz: What's your infosec IQ?: Test your information security IQ with this short quiz.
The Controversy of Hacking Books and Classes: Read this excerpt and download Chapter 1, Ethics of Ethical Hacking from Shon Harris' Gray Hat Hacking.
Crash course: Vulnerability management: Is vulnerability management a measurable and proactive process in your organization? Attend our on-demand webcast, and learn new tactics for managing the vulnerability lifecycle.

LAST UPDATED: 27 Jan 2006

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- SearchSecurity.com offers a tip from Ed Skoudis, "Ethic worms: a bad idea."
- SearchNetworking.com offers a page listing white papers about "Network Security."
- Ed Skoudis's book is available at Amazon.com.





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
H.D. Moore speaks about Metasploit Project deal, Release 3.3
Founder talks about the community's reaction to the Rapid7 acquisition, big changes in the latest Metasploit Framework release and what the future...
Could Metasploit popularity erode?
The Metasploit Project, created by researcher H.D. Moore and kept open source since 2003, has been acquired by Rapid7 which has plans to integrate...
Metasploit Project acquired by vulnerability management firm Rapid7
The popular Metasploit Framework remains a free and open source hacking tool. Creator HD Moore joins Rapid7 as CSO, Metasploit architect.

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Cyber Storm  (SearchSecurity.com)
Cyber Storm is the name of a simulated attack exercise conducted by the U.S. Department of Homeland Security (DHS) February 6-10, 2006 to evaluate...
ethical hacker  (SearchSecurity.com)




Get More ethical worm Answers
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts