Benevolent worms
Will virus technology be part of future software delivery systems?
ALTHOUGH THE PROSPECT of using virus technology to simplify the task of delivering patches and software updates is tempting, the dangers can outweigh the benefits when the process is too automated. For example, the improved Windows Update feature in Windows XP now allows patches and updates to be downloaded automatically, although installation is still at the user’s discretion.
Trojan horses, worms, and other malicious code forms have proven to be incredibly successful at paralyzing e-mail systems and Internet providers. It is therefore only logical to conceive of ways to use them for productive purposes, much as the Bible exhorts its readers to beat their swords into plowshares and their spears into pruning hooks.
Granted, it would be wonderful if IT administrators could distribute patches and other software updates to desktops and servers as quickly as an e-mail virus can spread from one machine to the next. But is such a magic wand really a good idea?
Well, maybe not exactly. After all, unlike the human immune system, which produces defenses, or antibodies, automatically, the computer must wait for a human to analyze samples of a computer virus, prepare antidotes and vaccines for that specific situation, and only then apply the cure.
This observation alone would seem to discredit the idea of a “digital immune system” that the security community has tossed around during the past few years, but there’s an even more important point to consider. Similar to the way that autoimmune diseases turn the body’s own defenses against itself, so could one turn a viruslike software delivery system against its own computers. Although it would be difficult to monkey with the digital certificates that would conceivably be used to identify trusted patches, it’s not impossible to subvert the certificate issuing system, as Microsoft and VeriSign found to their dismay last March.
Ultimately, a viruslike software delivery system would require software publishers to deliberately put a back door into their systems, and few customers will tolerate that practice, even under shrinkwrap licensing terms. Because there’s no guarantee that such a tempting target wouldn’t be exploited by hackers, any IT manager deploying such a system would be foolhardy in the extreme.
