An argument for breaking the law (I think)
OK, first of all I have no sympathy for people who are “suffering” from outages due to the LoveSan virus. A patch was released weeks ago and Microsoft did everything save running commercials to warn people that there was a flaw and the patch was available. But of course, few listened.
It all makes me wonder why we have not evolved in this fight much in a way that the medical field does. I am talking about vaccination. Vaccines in large part work by giving a small dose of the problem and I do not understand why we do not take that little tidbit and run with it. After knowledge of the vulnerability was available someone could have created a worm vaccine that replicated and propagated itself in an identical fashion but had an actual purpose; to download and install the patch! Doing this coupled with a patch campaign would significantly reduce the attack surface.
It took hours for the LoveSan worm to spread and less than 48 for the spread multiplication factor to begin tailing off. Giving the worm writers the benefit of the doubt I would argue it took just a few days to build the exploit. So why not build a worm vaccine once a potential virus is identified and beat the malicious hacks to the point? Well, first because the ACLU would call it an invasion of privacy and I am pretty sure it would be against the law…But would it not be for the greater good?