I’ve always thought about the idea of “Good” malware as a solution to some of the problems out there. The idea being that you use the same techniques used to compromise systems but to change some settings to a more secure value, but using some of the subversive methods to propogate.
Some of the settings that I consider a good default to change:
* Daily checks for software updates + Auto-Install of these updates
* Disable compromising features (eg: AutoRun)
Things to perhaps change
* Disable ActiveX
* Enable firewall (w/ exception handling)
* Nuke all AutoRun items
* Nuke all MSIE malware/extensions except “safe” plugins, eg: flash, quicktime, silverlight, etc..
The natural problem with this is doing good things with these bad techniques would likely get you classified as a virus/malware, and certainly if you attempt to do some of the network-scanning activities to distribute yourself. Too bad one cannot justify such activities legally.