Unrealistic Defenses Everyone should patch Can't be achieved Even if you patch, someone else wont Everyone should filter heavily Can't filter in core Not everyone filters egress at the edge Keep IDS signatures up to date Lag between worm introduction, signature Only says worm in progress, doesn't stop propagation IPS not a tenable solution yet Counterworms More damage that good Cheese (2001), Welchia (2003) backdoors, network congestion You already have access to your machines