Critics: Microsoft's 'Friendly Worm' Is a Dumb Idea
Proposed method of deploying patches is swatted by industry experts
Microsoft researchers have posted a new paper that offers an interesting solution to the patch management problem: a friendly worm.
In a nutshell, the paper suggests that epidemiological, worm-like solutions might be used to automatically make security updates to users' machines without the user's involvement -- or even knowledge.
The proposal might go a long way toward solving IT departments' ongoing challenge of patching and re-patching machines as new vulnerabilities are found. There's only one problem, according to critics: It's dangerous.
"[It's] a stupid idea," said BT Counterpane security guru Bruce Schneier in his blog.
"Patching other people's machines without annoying them is good; patching other people's machines without their consent is not," Schneier said. "A worm is not 'bad' or 'good' depending on its payload. Viral propagation mechanisms are inherently bad, and giving them beneficial payloads doesn't make things better. A worm is no tool for any rational network administrator, regardless of intent."
— Tim Wilson, Site Editor, Dark Reading
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024