The Lessons of the Worm

It's hard to have a computer program shut down 60 thousand computers across the country, including those at research and military installations, without having a few people figuring out that something has to be very wrong with the status quo. The 1988 Worm proved to be no exception.
The worm pointed out a number of glaring security holes in UNIX networks which would probably have gone unknown, or at least been ignored as not very significant, had not the worm been so graphic in its exploitation of such "little" bugs. There are even those who suggest thanking Morris for his actions as they provided a serious wake up call to system administrators around the country. Of course, other people have pointed out that there might have been other ways of delivering the same message.
Before late 1988, computer security was not a major concern of internet community, at least, not to the degree it was after November 2. There were a number of other bugs that the worm did not exploit, but which were discovered during a close reinspection of operating systems and (hopefully) patched up.
In addition to trying to find all the security holes in a system, several other discoveries were made, thanks to the worm:

In conclusion, the Worm made the internet community better prepared to handle and repel another such attack. However, the fact is that security is often a trade off with convenience, and for most day-to-day users, convenience ranks pretty highly. UNIX itself was never designed with security as its highest priority, but designed for ease of use. Thus, as long as security and ease of use are competing factions, the temptation will be to overlook security holes that would hamper legitimate users, thus leaving the door open for the next worm.

Return to the main Worm page.