Taken individually, the Cheese Worm is not a good thing. The last thing we need is another invasion by some nameless hacker using up our network resources.
But when I first heard about it, I couldnt escape the feeling that this is the right way to fight security holes and malicious hackers. One of the biggest causes of security breaches and attacks on the Internet is the ignorance or laziness of many system administrators. Too many people put up systems with known security holes, and too few bother to install easily available patches.
The Internet is like a person who doesnt take care of his or her health but lacks an immune system. And thats the key: If respected security vendors and organizations released identifiable programs similar to the Cheese Worm, it would be a big step toward creating an immune system and leveling the playing field between the bad guys, who are always on offense, and the good guys, who must react after an attack takes place.
Some administrators will argue that they dont want programs coming onto their systems and loading patches. Thats a valid point—a patch could conflict with applications. So how about a good worm that notifies systems when its found a vulnerability? This would solve problems for administrators who cant keep track of all the vulnerabilities out there.
Some will say that they dont want uninvited programs on their systems. All I can say is: Guess what, if you didnt have a security hole in the first place, these programs couldnt get in. Would you rather have a program that tries to help you or something that will harm your systems and possibly use them as a launching point to attack others?
This last is a major point. Your security holes arent just your problem; they could also be a problem to other networks. I may not want to get a needle stuck in me to vaccinate against infectious diseases, but its part of coexisting in society.
Right now, the bad guys are winning big time. Whether you call them good worms, agents or bots, these programs would be the first proactive step toward plugging security holes. The Internet is sick; its time to start vaccinating systems.