Are Worms Always Bad?

Self-replicating programs, which spread unchecked across the Internet, are always bad. Except when they're good. At least that's the theory behind U.S Patent number 7,296,923, awarded to Symantec for "Using a benevolent worm to assess and correct computer security vulnerabilities."

Alexander Wolfe, Contributor

May 9, 2008

3 Min Read

Self-replicating programs, which spread unchecked across the Internet, are always bad. Except when they're good. At least that's the theory behind U.S Patent number 7,296,923, awarded to Symantec for "Using a benevolent worm to assess and correct computer security vulnerabilities."True, this is not the newest story in the world: Symantec was granted this patent in November 2007, and it was originally filed back in 2002. Still, "good" worms periodically pop back into the news, so I guess you could say I'm simply ahead of the curve.

So just what exactly is a "good" worm? As inventor Henri Isenberg explained it in the Symantec patent -- I'm paraphrasing -- the intent of the benevolent is to assess potential security vulnerabilities of a computer. First, the worm attempts to copy itself onto the computer, to see if it can be done. (Really! That's how it checks for vulnerability; no copy, no problem.)

The worm then tries to replicate itself on a second computer. If it's able to multiply, the assumption is that a "bad" worm could do likewise. So goody-good worm "communicat[es] information concerning at least one security vulnerability ... to a benevolent worm controller."

Even better, the good worm can be used to execute antivirus software, in effect patching the problem at the source. (A form of targeted security software-microsurgery, really.)

Clearly, the intention of a benevolent worm such as Symantec is patenting is mostly to serve as an early warning system. It'll alert admins that their systems are potentially vulnerable.

That's a good plan, but just how workable is it? Authorities more knowledgeable than myself -- Bruce Schneier comes to mind -- don't think they're such a good idea. For one, worms, by their very self-replicating nature, suck up bandwidth. Also, a worm by definition runs without the user's consent. That's pretty much a violation of the security world's Star Trekian prime directive.

Clearly, there is a positive to the early-warning and vulnerability-assessment aspect of a good worm. Just as obviously, though, few people are brave enough to bite. As Luke Bellamy, Damien Hutchinson, and Jason Wells of Australia's Deakin University point out in their paper, User Perceptions and Acceptance of Benevolent Worms -- A Matter of Fear?: "There has been no hint of commercial adoption of these worms, which one researcher has described as being due to a 'fear factor.'" (This paper was delivered at an IEEE conference last year. I'd really like to read it. Unfortunately, only an abstract is available online.)

Fear factor of worms? Yeah, I get that. So what do you think; is there any value in this approach?

Symantec's Good Worm (Click picture to enlarge and see second flowchart.)

See also "8 Dirty Secrets Of The Security Industry"

Like this blog? Subscribe to its RSS feed, here.

For a mobile experience, follow my daily observations on Twitter.

Check out my tech videos on this YouTube channel.

About the Author(s)

Alexander Wolfe

Contributor

Alexander Wolfe is a former editor for InformationWeek.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights