[Metroactive Features]

[ Features Index | Silicon Valley | Metroactive Home | Archives ]


The Good Worm

By Annalee Newitz

MASON AND Dixon, two of my favorite devious hackers, were having one those conversations that occasionally happen in the early evening when your blood sugar is low, and dinner is still a few hours away. "Some people say that worms are mostly created by good Samaritans," Mason mused idly.

I thought of the Slammer worm, the one that clogged up traffic on the Internet for a couple of days early this year, taking down Bank of America ATMs and crashing the Korean cell phone system.

"How can that be?" I wondered.

"Think of it this way: most worms alert people to major security flaws without doing very much damage," Dixon said, warming to the topic. "What a worm does is make a lot of noise, so it's easy to detect. But it doesn't destroy people's data or ruin their operating systems. So the worm gets out, goes everywhere and then everybody patches up the hole it exploited in Windows or whatever, and now they're protected from something really bad in the future."

"Maybe even the NSA is releasing worms," Mason added. "That way they can protect the nation's infrastructure, because a lot of these unpatched vulnerabilities would be really dangerous if something worse than a worm got to them."

Their speculative chat seemed all too reasonable. Imagine the frustration of do-gooder programmers who are trying to get people to fix the software on their machines so that nobody can hack them. Unfortunately, people are lazy. They're not going to spend half an hour downloading and installing updates to their system based on some geek's warning. The idea that they might get hacked, their machine owned up and all its data destroyed (or, worse, stolen and used against them), seems as remote as catching the plague or being bombed by terrorists. And so, completely frazzled by clueless users, some cabal of hackers with hearts of gold releases an annoying but nondestructive worm.

Even the Slammer worm could have been such an effort. Sure, it clogged the Internet with lots of traffic and took down a couple of networks, but nobody's computers were destroyed. In the end, more computers are safe in the wake of the Slammer than before it. Fearing the worm, people actually did download patches to Windows that now protect them against all kinds of potentially ugly attacks.

It's tempting to indulge in this fantasy about who makes worms for a lot of reasons. First of all, most of us want to believe that there is some force of goodness out there protecting us, even if we don't understand it. It's like a happy conspiracy theory, where the powerful overlords who secretly rule our world are in fact a bunch of scrappy guys like us, trying to do the right thing and sometimes resorting to unorthodox tactics to make it happen.

Another reason that the good-worm theory appeals to us is that it wards off an uneasy sense that we are being messed with for no reason. What if the Slammer was just some high school prank? Does our information infrastructure run only as long as it suits the whims of hormone-addled, barely technical people who think it's fun to bust shit up?

Put that way, who wouldn't rather have a conspiracy than chaos?

Unfortunately, the Internet is still mostly anarchy--and not the nice Emma Goldman kind. Crazy, haphazard networks continue to spring up every day--networks that aren't secure, that are vulnerable to surveillance, that are set up so badly that they relay spam and worms and viruses without their administrators even realizing it. People send their passwords over the wires without encrypting them. Most Internet users don't realize that many popular applications like Kazaa come bundled with spyware, evil little programs designed to relay personal information from your computer to a third party.

I hope the good worms are out there protecting us. But we can't depend on that, and we can't expect that everyone who uses a computer will be technical enough to protect themselves. And that's why we need to regulate the Internet, the same way we regulate cities with building codes and police forces and politicians.

Right now, two pieces of anti-spam legislation are up for congressional vote after six years of endless debate. And at the December World Information Summit in Geneva, representatives will debate whether the Internet should be placed under U.N. governance, although it's unlikely to happen.

I'm still hopeful that someday we'll have a sane, open-government model to regulate the Internet. But sometimes I'd rather be ruled by worms.

Annalee Newitz ([email protected]) is a surly media nerd who can't believe how much zrnet sucks for making its free WiFi a pay-only service.

Send a letter to the editor about this story to letters@metronews.com.

[ Silicon Valley | Metroactive Home | Archives ]

From the November 27-December 3, 2003 issue of Metro, Silicon Valley's Weekly Newspaper.

Copyright © Metro Publishing Inc. Metroactive is affiliated with the Boulevards Network.

For more information about the San Jose/Silicon Valley area, visit sanjose.com.

Foreclosures - Real Estate Investing
San Jose.com Real Estate