Vigilante hackers

 I read the following interesting snippet recently with some thoughts about ‘vaccination’
worms, related to the recent MSBlast worm:

“…It all makes me wonder why we have not evolved in this fight much in
a way that the medical field does. I am talking about vaccination. Vaccines in large
part work by giving a small dose of the problem and I do not understand why we do
not take that little tidbit and run with it. After knowledge of the vulnerability
was available someone could have created a worm vaccine that replicated and propagated
itself in an identical fashion but had an actual purpose; to download and install
the patch! Doing this coupled with a patch campaign would significantly reduce the
attack surface….”

I agree with him that legal issues would prevent any official release of this type
of software – but I could also easily see some hackers who might prefer being
“good guys” instead of “bad guys”, who choose to be hacker
vigilantes and release prophylactic worms “for our own good.”  While
I don’t condone such activity, I do think it would make a good element in a
SciFi book.  <grin>

Note that I don’t agree with some other comments in the link above; I fully
understand that a large, complex installation would have a great deal of difficulty
rolling out a patch quickly.  I’ve seen other posts that mention some companies
have actual legal limitations preventing them from rushing into a patch rollout.

Skip to main content