I was using this exact same analogy to explain this to someone earlier, although I have to admit that I agree with the person above. Going out and starting forest fires in national forests without official government sanction, even if your intention is to create controlled burns and prevent a bigger fire will still land you with a verdict of arson.
If there weren't any forest rangers/firefighters organization to back-burn, then the lone person trying to do some good may be the only way forward. But for forest fires, such an organization does exist, and no-one should be burning by themselves.
There is no such organization for the internet. So we are left with lone white-hats who risk personal safety to do some good. I wish there's a better way.
> Going out and starting forest fires in national forests without official government sanction, even if your intention is to create controlled burns and prevent a bigger fire will still land you with a verdict of arson.
I'm probably starting to stretch the analogy a bit thin but: In Australia, similar issues, but we've been doing back-burning/fuel-reduction-burns for quite a few years now to deal with these problems (the indigenous population practiced controlled burns for a variety of purposes well before whitefellas arrived). However, some evidence is now starting to emerge that the mode controlled burns is effecting the long term ecology of the forests, and favouring certain species over others, and preventing the build-up of larger, less-flammable trees.
So, to tie it back to IoT: Would a 'controlled burn' (i.e. a bot which bricks vulnerable devices) only destroy the low hanging fruit (i.e easily exploitable devices) and leave the harder vulnerabilities in place, building up for the bigger fire in a years time?
As humans fought fires, there was a buildup of flammable material in the forests, making each successive fire incrementally worse.