Up With Good Worms
from the not-this-again... dept
This sort of story seems to pop up every few months or so, and each time it gets a lot of attention. The idea is that some people believe we should create “good computer worms” that go out and patch broken systems to stop them from being vulnerable to security holes, viruses, DNS attacks, and whatever else. The argument is that sys admins are lazy or overwhelmed, and no matter how many times new patches get put out to fix security holes, they rarely get installed. So, the “good worm” would go around and force the patches on everyone. At least this article recognizes the criticisms of this concept, but then tries to respond to each. To the usual complaint that “it’s my system, get your hands off” – he says that if you have poorly managed your system, then you’ve abdicated your right to control it. On that one he might have a point. However, the other big complaint he tries to brush off too easily. People point out that patches often muck up a system that works. And, testing patches and making sure they don’t screw up other things is a time consuming process. Forcing live machines to be patched without a chance for any testing will cause all sorts of problems. His response to this is basically “well, it’s better than being hacked” – which isn’t necessarily true. I still think that the unintended consequences of letting such a “good worm” loose may outweight the benefits.