Programmers can stop Internet worms. Will they?

Building a brick wall for worms seems like an obvious improvement, but to make it work, de Raadt’s team had to rethink the entire way the operating system allocates and uses memory. It changes the way programs are compiled, and it slows down the computer’s performance (by only a few percentage points, de Raadt claims). Worst of all, it requires other techies to rewrite parts of mission-critical applications, update operating systems, and possibly reinstall the operating system on every one of their company’s computers in order to put the fix into place.

Such an upgrade could cost thousands of dollars for a small company, millions for a big one. Not to mention that any engineer knows that fixing one bug can introduce another, and “don’t break my applications” is an IT manager’s prime directive. That’s why no one’s bothered to stop buffer overflows—not even as an option—for the past 15 years. But the cost of refusing the cure keeps getting higher. In 1988, the Morris worm knocked out only a few geek enclaves. This past January, Slammer grounded airline flights, put 911 callers on hold, and shut down 900 computers at the Department of Defense.

That kind of threat led the Defense Advanced Research Projects Agency to underwrite a $2.3 million grant to OpenBSD in 2001 as part of a search for crack-proof computers. But DARPA withdrew its funding last week, allegedly because of an interview with the Globe and Mail in which de Raadt veered from explaining his team’s new code to call the war in Iraq an oil grab. Slate

“…(T)he political crisis that erupted in China this week—the sacking of two officials for covering up the extent of SARS, the government’s admission that it had mismanaged the emergency, and its subsequent apology for doing so—taught China-watchers two lessons about Hu Jintao: He controls more of the Chinese Communist Party than many had previously believed, and he controls less of China than you may have thought.” Slate