I read the following interesting snippet recently with some thoughts about ‘vaccination’ worms, related to the recent MSBlast worm:

“…It all makes me wonder why we have not evolved in this fight much in a way that the medical field does. I am talking about vaccination. Vaccines in large part work by giving a small dose of the problem and I do not understand why we do not take that little tidbit and run with it. After knowledge of the vulnerability was available someone could have created a worm vaccine that replicated and propagated itself in an identical fashion but had an actual purpose; to download and install the patch! Doing this coupled with a patch campaign would significantly reduce the attack surface….”


I agree with him that legal issues would prevent any official release of this type of software – but I could also easily see some hackers who might prefer being “good guys” instead of “bad guys”, who choose to be hacker vigilantes and release prophylactic worms “for our own good.”  While I don’t condone such activity, I do think it would make a good element in a SciFi book.  <grin>

Note that I don’t agree with some other comments in the link above; I fully understand that a large, complex installation would have a great deal of difficulty rolling out a patch quickly.  I’ve seen other posts that mention some companies have actual legal limitations preventing them from rushing into a patch rollout.