Critics: Microsoft's 'Friendly Worm' Is a Dumb Idea

Proposed method of deploying patches is swatted by industry experts

Dark Reading Staff, Dark Reading

February 22, 2008

1 Min Read

Microsoft researchers have posted a new paper that offers an interesting solution to the patch management problem: a friendly worm.

In a nutshell, the paper suggests that epidemiological, worm-like solutions might be used to automatically make security updates to users' machines without the user's involvement -- or even knowledge.

The proposal might go a long way toward solving IT departments' ongoing challenge of patching and re-patching machines as new vulnerabilities are found. There's only one problem, according to critics: It's dangerous.

"[It's] a stupid idea," said BT Counterpane security guru Bruce Schneier in his blog.

"Patching other people's machines without annoying them is good; patching other people's machines without their consent is not," Schneier said. "A worm is not 'bad' or 'good' depending on its payload. Viral propagation mechanisms are inherently bad, and giving them beneficial payloads doesn't make things better. A worm is no tool for any rational network administrator, regardless of intent."

— Tim Wilson, Site Editor, Dark Reading

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights