Are Worms Always Bad? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // CIO Insights & Innovation
Commentary
5/9/2008
01:16 PM
Alexander Wolfe
Alexander Wolfe
Commentary
Connect Directly
Facebook
Twitter
RSS
E-Mail
50%
50%

Are Worms Always Bad?

Self-replicating programs, which spread unchecked across the Internet, are always bad. Except when they're good. At least that's the theory behind U.S Patent number 7,296,923, awarded to Symantec for "Using a benevolent worm to assess and correct computer security vulnerabilities."

Self-replicating programs, which spread unchecked across the Internet, are always bad. Except when they're good. At least that's the theory behind U.S Patent number 7,296,923, awarded to Symantec for "Using a benevolent worm to assess and correct computer security vulnerabilities."True, this is not the newest story in the world: Symantec was granted this patent in November 2007, and it was originally filed back in 2002. Still, "good" worms periodically pop back into the news, so I guess you could say I'm simply ahead of the curve.

So just what exactly is a "good" worm? As inventor Henri Isenberg explained it in the Symantec patent -- I'm paraphrasing -- the intent of the benevolent is to assess potential security vulnerabilities of a computer. First, the worm attempts to copy itself onto the computer, to see if it can be done. (Really! That's how it checks for vulnerability; no copy, no problem.)

The worm then tries to replicate itself on a second computer. If it's able to multiply, the assumption is that a "bad" worm could do likewise. So goody-good worm "communicat[es] information concerning at least one security vulnerability ... to a benevolent worm controller."

Even better, the good worm can be used to execute antivirus software, in effect patching the problem at the source. (A form of targeted security software-microsurgery, really.)

Clearly, the intention of a benevolent worm such as Symantec is patenting is mostly to serve as an early warning system. It'll alert admins that their systems are potentially vulnerable.

That's a good plan, but just how workable is it? Authorities more knowledgeable than myself -- Bruce Schneier comes to mind -- don't think they're such a good idea. For one, worms, by their very self-replicating nature, suck up bandwidth. Also, a worm by definition runs without the user's consent. That's pretty much a violation of the security world's Star Trekian prime directive.

Clearly, there is a positive to the early-warning and vulnerability-assessment aspect of a good worm. Just as obviously, though, few people are brave enough to bite. As Luke Bellamy, Damien Hutchinson, and Jason Wells of Australia's Deakin University point out in their paper, User Perceptions and Acceptance of Benevolent Worms -- A Matter of Fear?: "There has been no hint of commercial adoption of these worms, which one researcher has described as being due to a 'fear factor.'" (This paper was delivered at an IEEE conference last year. I'd really like to read it. Unfortunately, only an abstract is available online.)

Fear factor of worms? Yeah, I get that. So what do you think; is there any value in this approach?



Symantec's Good Worm (Click picture to enlarge and see second flowchart.)

See also "8 Dirty Secrets Of The Security Industry"

Like this blog? Subscribe to its RSS feed, here.

For a mobile experience, follow my daily observations on Twitter.

Check out my tech videos on this YouTube channel.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Slideshows
Flash Poll