Why I Published The Network Worm
And, How and Why It Will Remain On My Site
Saturday, 26 February 2000

The Controversy My Decision A Summary of My Rationale

The Controversy

Two days ago, I encountered a self-replicating "worm" on a client's system which was written in the Windows Scripting language (Visual Basic Script). I cast about in UseNet and on search engines for evidence that this script was broadly known and found nothing at all.

Because I saw the desirability of making this unusual script known to others; and in order to illustrate the perils of the vulnerability it exploits; I published a page describing my discovery, which included the full text of the script and my analysis of its actions. I considered, and still consider this information to be of value to many good people.

That page is http://pc-help.org/news/scriptworm.htm.

I posted that URL to several relevant UseNet newsgroups, including alt.comp.virus and microsoft.public.activex.programming.scripting.vbscript.

To my surprise, I received an email from Nick FitzGerald, who implored me (his word) to remove the script from my page. Nick was polite and eloquent. He raised some concerns I considered valid, but I hesitated to comply with his wishes. I felt I had the thing in good perspective, but I was interested in examining the issues.

So I posted my concerns to alt.comp.virus, and invited input from the newsgroup's denizens.

I have received both scathing criticism and glowing praise for my publication of the script; and some responses in between. I was begged to leave it in place; and I was told to remove it immediately, and that I could expect my ISP to receive demands that they remove the material.

The core issue is not a new one. Well-intentioned and competent people can disagree, even where the most damaging and virulent code is concerned. Free availability of information, even to extremes, is a keystone of the personal philosophy of some. Others advocate the strictest of controls and exclusivity of computer exploits, even to the point of criminalizing the publication of code which fits their definition of "dangerous."

I have a strong tendency to agree with the unfettered sharing of information among responsible persons. I recoil from authoritarianism. Responsible persons are in the very great majority. Just as we can't spend our lives behind locked doors -- it would be a complete surrender to the evil from which we seek to protect ourselves -- we can't allow the potential for abuse to mean that we hide useful information from our more worthy fellows.

Nonetheless, there are no absolutes. I have taken the input under advisement, and I have come to a decision.

My Decision

The decision I have made is one of my own creation. No one suggested it to me.

I have decided to leave the script on my site.

However: I have now altered it to emasculate its ability to scan and to replicate. It required only a single change; which no person who is not very familiar with Windows Scripting is likely to recognize.

This change prevents the clueless-and-malicious from using it as-is or with simple alterations to cause any sort of trouble. Thus it addresses the most valid argument I have seen against the script's publication.

Meanwhile, it does not in any way compromise my reasons for publishing the code in the first place, which I believe remain completely valid.

I realize this may fall well short of the preferences of some respected and thoughtful people on both sides of the issue. But I hope they'll respect my choice all the same.

A Summary of My Rationale

Publishing this code will benefit readers in several ways.
The worm is not in itself a serious threat.
Publishing the code with slight alterations will not significantly benefit malefactors.
The probability that the code will be used maliciously is not high.
My publication of the code does not represent an ethical reversal.