New Scientist has posted the article Friendly ‘worms’ could spread software fixes. Bruce Schneier has posted his thoughts. “Patching other people’s machines without annoying them is good; patching other people’s machines without their consent is not. A worm is not ‘bad’ or ‘good’ depending on its payload. Viral propagation mechanisms are inherently bad, and giving them beneficial payloads doesn’t make things better. A worm is no tool for any rational network administrator, regardless of intent.”
I agree that consent must be obtained before installing software. Yet this was one article in which I found myself disagreeing with Schneier. I get the impression that he, like so many others, are commenting without actually reading Milan Vojnovic’s work.
Does Vojnovic explicitly address permission? Not that I see. The focus is on rapid distribution. The key here is to build a system upon the mechanisms that worms use. Alright, so forget the sensitive term “worm”. Let us call this a distributed software delivery agent.
Such a distributed software delivery could be protected in many ways. A client side agent could provide a mechanism for the end-user to approve or deny the software package. The package itself could be code signed to mitigate tampering. Furthermore, in corporate environments, the package could come with a Kerberos ticket authorizing its distribution.
The last protection is an important one. It is not really the consent of the user that matters in corporate environments. It is the consent of the owner as delegated to the system administrator. The longer it takes the administrator, the greater the exposure is to the threat. It is difficult to patch organizations that are large, complex, subnetted, and have multiple sites. Using this distributed software delivery mechanism directly addresses these large vulnerable businesses.
Why not use a worm’s techniques to build a legitimate delivery mechanism?