Immunizing the Internet

jonny4001 writes "The Harvard Law Review has published a student-written article that argues that hackers, worms, and viruses are good for network security and that the law and public policy should encourage 'beneficial' hacking. From the article: 'Exploitation of security holes prompts users and vendors to close those holes, vendors to emphasize security in system development, and users to adopt improved security practices. This constant strengthening of security reduces the likelihood of a catastrophic attack -- one that would threaten national or even global security [...] Current federal law, however, does not properly value such strategic goals.'"

The well is poisoned.

[argent]

More than a quarter of a century ago I inadvertently found a hole in a UNIX based bulletin board system, went in and fixed the code, called the operator to tell him what I'd done and how to fix the rest of the problems, and ended up with a series of contracts.

A few years later I wouldn't have considered it. People who'd not done much more had spent time in court and been threatened with jail. Not much later, you had people actually doing jail time for simply "knocking on doors".

What happened?

The whole "ethical intruder" meme had spread, and people had started cracking into systems and then claiming they were just "rattling doorknobs" to "help security". Of course you couldn't tell an "ethical hacker" from a crook, and the crooks could claim they were just trying to help.

It's the "ethical hackers" themselves that have made it impossible for this kind of activity to be condoned.

Re:For those who won't RTFA

[arivanov]

Well...

Realistically this is the history repeating itself. Many times.

Prior to Edward Jenner discovering the vaccination the people tried to instill immunity to Smallpox in their children by a process known as variolation. The difference from vaccination was that people were deliberately infecting children with the real virus hoping that they have it in a milder form. Well... and if not, that was just a child, one more, one less who cares. In some more awkward and less developed parts of the world this is still done with Varicella, and less frequent Rubella, Measles and Mumps.

Society attitudes have changed since. The majority no longer consideres normal to infect children with the real viruses. Still, even now, there are idiots who insist that "having child diseases is good for the children as it improves their character" (or other such bollocks).

Similarly, infecting networks with real worms is not dissimilar to variolation. There are plenty of security tools out there nowdays which can detect the vulnerabilities that can be used by the worm and force the user to fix them. There is no real need to weed out the "weak" (yeah, I know, I am tempted myself to weed out the idiotz sometimes).

And as far as jo average user it will take some time for them to grow up, but it will end up the same as with vaccination. People were reluctant to do it initially. That is not the case now.