Is there such a thing as a good worm? Jim Rapoza replied in the affirmative in his Tech Directions column of April 21, “Up with good worms,” suggesting that such a creation could crawl the Web to patch security holes. However, in considering the possibility of an automated, Internetwide fix, we must consider what we can do and what we may do. First, can we do this? Yes, but, like the Sorcerer’s Apprentice, the author of a well-meaning worm may find it going hideously awry. I have heard proposals to release exactly the sort of code you contemplate, and the most vocal opponents were technical experts. I don’t know whether a good worm can be safe and effective, but this merits serious technical study. In addition, who would carry the risk of liability if the code worked differently in the wild than it did in the lab? Second, may we do this? Under federal criminal law, I am prepared to argue that hacking a machine and altering its data without permission is an impairment to its integrity, which is a felony if it reaches a certain seriousness, such as a $5,000 loss. Even if a hacker cracks your network for a beneficial purpose, his unknowable state of mind is slim comfort. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.