Are you saying the increase in vulnerability would be no more than that? -----Original Message----- From: Matt Mahoney [mailto:[EMAIL PROTECTED] Sent: Thursday, December 06, 2007 6:17 PM To: [email protected] Subject: RE: Distributed search (was RE: Hacker intelligence level [WAS Re: [agi] Funding AGI research])
--- Ed Porter <[EMAIL PROTECTED]> wrote: > Matt, > So if it is perceived as something that increases a machine's vulnerability, > it seems to me that would be one more reason for people to avoid using it. > Ed Porter A web browser and email increases your computer's vulnerability, but it doesn't stop people from using them. > > -----Original Message----- > From: Matt Mahoney [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 06, 2007 4:06 PM > To: [email protected] > Subject: RE: Distributed search (was RE: Hacker intelligence level [WAS Re: > [agi] Funding AGI research]) > > --- Ed Porter <[EMAIL PROTECTED]> wrote: > > > Matt, > > > > Does a PC become more vulnerable to viruses, worms, Trojan horses, root > > kits, and other web attacks if it becomes part of a P2P network? And if so > > why and how much. > > It does if the P2P software has vulnerabilities, just like any other server > or > client. Worms would be especially dangerous because they could spread > quickly > without user intervention, but slowly spreading viruses that are well hidden > can be dangerous too. There is no foolproof defense, but it helps to keep > the > protocol and software as simple as possible, to run the P2P software as a > nonprivileged process, use open source code, and not to depend to any large > extent on a single source of software. > > The protocol I have in mind is that a message contain searchable natural > language text, possibly some nonsearchable attached files, and a header with > the reply address and timestamp of the originator and any intermediate peers > through which the message was routed. The protocol is not dangerous except > for the attached files, but these have to be included because it is a useful > service. If you don't include it, people will figure out how to embed > arbitrary data in the message text, which would make the protocol more > dangerous because it wasn't planned for. > > In theory, you could use the P2P network to spread information about > malicious > peers and deliver software patches. But I think this would introduce more > problems than it solves because it would also introduce a mechanism for > spreading false information and patches containing trojans. Peers should > have > defenses that operate independently of the network, including disconnecting > itself if it detects anomalies in its own behavior. > > Of course the network is vulnerable even if the peers behave properly. > Malicious peers could forge headers, for example, to hide the true source of > messages or to force replies to be directed to unintended targets. Some > attacks could be very complex depending on the idiosyncratic behavior of > particular peers. > > > > -- Matt Mahoney, [EMAIL PROTECTED] > > ----- > This list is sponsored by AGIRI: http://www.agiri.org/email > To unsubscribe or change your options, please go to: > http://v2.listbox.com/member/?&; > > ----- > This list is sponsored by AGIRI: http://www.agiri.org/email > To unsubscribe or change your options, please go to: > http://v2.listbox.com/member/?&; -- Matt Mahoney, [EMAIL PROTECTED] ----- This list is sponsored by AGIRI: http://www.agiri.org/email To unsubscribe or change your options, please go to: http://v2.listbox.com/member/?&; ----- This list is sponsored by AGIRI: http://www.agiri.org/email To unsubscribe or change your options, please go to: http://v2.listbox.com/member/?member_id=8660244&id_secret=73394329-17b2b6
