informa
Quick Hits

Critics: Microsoft's 'Friendly Worm' Is a Dumb Idea

Proposed method of deploying patches is swatted by industry experts

Microsoft researchers have posted a new paper that offers an interesting solution to the patch management problem: a friendly worm.

In a nutshell, the paper suggests that epidemiological, worm-like solutions might be used to automatically make security updates to users' machines without the user's involvement -- or even knowledge.

The proposal might go a long way toward solving IT departments' ongoing challenge of patching and re-patching machines as new vulnerabilities are found. There's only one problem, according to critics: It's dangerous.

"[It's] a stupid idea," said BT Counterpane security guru Bruce Schneier in his blog.

"Patching other people's machines without annoying them is good; patching other people's machines without their consent is not," Schneier said. "A worm is not 'bad' or 'good' depending on its payload. Viral propagation mechanisms are inherently bad, and giving them beneficial payloads doesn't make things better. A worm is no tool for any rational network administrator, regardless of intent."

— Tim Wilson, Site Editor, Dark Reading

Recommended Reading: