This is such a bad idea I've a hard time coming up with adjectives for it. Just a couple of the problems:

- How do you deal with bugs in the code that keeps it confined to a given network, or the code to shut it down? Bugs in either of those places could give you a worm that'll propagate across the entire Internet and couldn't be shut down remotely as intended. Laptops that move between networks are just one way for a worm to escape physical containment, and wireless networks make it even more likely.

- How do you deal with bugs in the payload that make a supposedly-beneficial payload lethal instead? We all know how much havoc Windows updates can cause with other software, and those are tested before release. I hesitate to think of the havoc less-tested payloads could cause on machines like laptops with unexpected configurations.

Remember that the Morris worm was intended to be limited to a single network and to not do any actual damage. That didn't stop it from wreaking havoc on the world-wide Internet. I don't think any of the advocates of "good" worms can absolutely positively 100% guarantee that they won't recreate the Morris worm's results by accident, and with the number of networks out there anything less translates to not whether we'll have another global meltdown but how long before it happens (and I'd be betting the time's measured in months, not years).

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11373/33021#33021