Digg this story   Add to del.icio.us  
'Good' viruses have a future
Shane Coursen, 2001-09-10

Should we fight viruses with more viruses? Mad cyber-scientists have made the moral question moot.

The concept of a self-replicating program was born in 1949, when computer pioneer John von Neumann presented a paper on the Theory and Organization of Complicated Automata. Many of us have come to call such programs computer viruses, and we rarely do so with fondness. The popular belief is that viruses are bad.

But two newly-released programs have challenged that belief, and renewed an old debate: should we create and launch so-called 'good' computer viruses to combat the bad ones?

The 'Code Green' and 'CRclean' programs use a fight-fire-with-fire approach to battle the Code Red worm. The utilities share a common, mostly benevolent purpose: they run a process that applies Microsoft patch MS01-033 to a system identified as being vulnerable to Code Red, which leaves it no longer vulnerable.

Each utility begins its life by the hand of a human. But, once launched, each automatically finds and work its way through other computers. The programs efficiently perform a useful act, but they do so as a virus -- something that, in the past, we have always deemed bad.

The availability of these utilities opens up a can of worms.

Virus vs. Virus
In some ways, Code Green and CRclean make sense. The flaw that Code Red exploits is an extraordinarily easy thing to plug up, yet we know that even when a patch is made available, it may not get applied to all systems, all of the time. We also know that in fighting computer viruses, the key to winning the battle is to kill the virus faster than it can create new copies of itself, obliterate it quickly and completely.

People have different ideas on how to do this, and the idea of automating the process is growing in popularity -- automating it so completely that, through a brute-force approach, no one is the wiser. In other words, use a virus to fight a virus.

Looking at this idea with detachment, I'll admit the only thing as fast as today's computers, are more of today's computers. And the only thing that can quickly correct the damage of a computer virus outbreak is another program with the efficiency of a virus. From this frame of reference, fighting fire with fire appears to be the most efficient method.

But most of the world isn't ready for a benevolent computer virus

Just as with genetic cloning, science -- in this case the science of developing computer software -- is proceeding too fast for any board of ethics and morals to administer. And, just as genetic engineers pressed on to learn how to clone life before they could be told to stop because maybe it wasn't such a good idea, software developers press on to develop new software, sometimes using dubious technologies.

CRclean's spreading mechanism arrives broken, deliberately crippled by the author, and both Code Green and CRclean come with usage warnings about their viral techniques.

Nevertheless, Code Green and CRclean are examples of programs using questionable techniques.

Putting that aside, the reality is that benevolent computer viruses, like genetic cloning, now exist. With the outcome of this debate already being a moot point, we might as well just skip to the question of how to proceed.

It's no longer a question of whether we should or should not create them, it is a question of just how far we go when we do.

Shane Coursen has worked in the field of antivirus research since 1992. He is currently CEO of WildList Organization International.
    Digg this story   Add to del.icio.us  
Comments Mode:
What's the problem with worms? 2001-09-10
Karsten Johansson
It's a bandwidth issue 2001-09-12
a system administrator


Privacy Statement
Copyright 2010, SecurityFocus