Ethics, not increased security, are the best defense against computer "worms" like the one unleashed last fall by a Cornell University graduate student, a school official said.
A special university commission reported Monday that Robert T. Morris Jr. acted alone and with "reckless disregard" on Nov. 2 when he launched a debilitating program into the Internet network, causing thousands of computers around the country to clog and overload.The commission concluded that Morris did not intend for the worm to destroy data or files but that he did want it to spread widely.
It said the program was not technically a "virus" - a program that inserts itself into a host program to propagate - but was a "worm," an independent program that replicates itself once placed in a computer system.
Contrary to Morris' claim, release of the worm was not a "heroic event that pointed up the weaknesses of operating systems," the commission wrote. The panel also denied that Morris was a genius for creating the worm. It said although the worm was technically sophisticated, it could have been created by many students.
In fact, Morris' "juvenile act" did little to provide insights into the already well-known security flaws of the Internet system, a national research network used by universities, industry and government, said M. Stuart Lynn, Cornell's vice president of technologies.
Lynn and Cornell Provost Robert Barker said the incident's greatest impact was the breach of trust it had caused among researchers who use the network.
The panel made no recommendation about disciplinary action against the first-year graduate student.