White Hat Worms and robots.txt?
Or maybe it's time to release our own Defender.A worm which could invasively close down the relevant "holes" in Internet security. A defensive worm could use standard intrusion tactics for benign result. For example, it could worm it's way into Windows XP computers and get the owner's permission to turn their firewalls on. It could survey open TCP/IP ports and offer to close them.
So, anger is my first reaction to the idea of any unwelcome visitors on any of my machines, well intentioned or not. I’m sure that there aren’t many who wouldn’t feel the same way. But, although a lot of us try to keep up on patches and maintain decent security, there’s the “great unwashed masses” who just want to “do email“.
<p>On one hand, it’s easy to say, “Tough. Learn the care & feeding of your equipment.” Yeah, as if that will help or get any response from all the people who’ve bought into <span class="caps">AOL</span> and have been reassured for years that computers are friendly and easy beasts (despite their intuitions to the contrary). Hell, I’d bet that, more often than not, the same person who gets regular oil changes and tune-ups for the car has no idea how to do the equivalent for a computer (or that it even needs it). Cars have been positioned differently than computers. No one expects a Spanish Inquisition when they live in a virtual preschool of a user interface with large and colorful buttons and happy smiling faces. They know there’s some voodoo going on underneath, but the UI tells them that it’s nothing to worry about (until <a href="http://www.decafbad.com/blog/geek/not_working.html">it isn’t working</a>).</p> <p>Now if the problem was just that stupid users ended up with broken computers, there’d be no problem. But, like cars with problems waiting to happen (like worn down tires), their users become a hazard to others. Unlike cars, however, the problems of stupid users’ computers are contagious and self-replicating: every tire blowout becomes a 1000 car pileup.</p> <p>It’s like everyone sits on their recliners watching TV in their houses; not even realizing that there are doors to lock; not even hearing the intruders rummaging through the fridge in the kitchen; and certainly not knowing that there’s a guy sleeping on the sofa at night working by day to let his army of clones into the neighbor’s houses.</p> <p>So, about what about vigilante “white hat” worms? Wouldn’t it be nice if there was a guy wandering the neighborhood locking door for the ignorant? Wouldn’t it be nice if there was a truck driver on the road that forced cars with bald tires off to the side for free tire replacement? Okay, maybe that’s a bit whacky, but then again, people with bald tires aren’t causing 1000 car pileups.</p> <p>I’m thinking that “white hat” virii and worms are one of the only things that will work, since I’m very pessimistic about the user culture changing to be more responsible. Though, what about a compromise? Install a service or some indicator on every network-connected machine, somewhat like <a href="http://www.robotstxt.org/wc/robots.html">robots.txt</a> , which tells friendly robots where they‘re welcome and where they‘re not. Set this to maximum permissiveness for white hat worms as a default. The good guys infect, fix, and self-destruct unless this indicator tells them to stay out. Then, all of us who want to take maintenance into our own hands can turn away the friendly assistance of white hat worms. It’s an honor system, but the white hats should be the honorable ones anyway. The ones which ignore the no-worms-allowed indicator are hostile by definition.</p> <p>So, then, the internet develops an immune system. Anyone can release a white hat worm as soon as they find an exploit to be nullified, and I’m sure there are lots of geeks out there who’d jump at the chance to play with worms and virii in a constructive way. And if you want to opt-out of the system, go for it. Hell… think of this on a smaller scale as a next-gen anti-virus software. Instead of internet-wide, just support <span class="caps">P2P</span> networks between installations of your anti-virus product. When it’s time to close a hole, infect your network with a vaccinating update. I doubt this would work as well as a fully open system, but might have less controversy.</p> <p>Anyway, it’s a whacky idea to a whacky problem that just might work.</p>