Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!iuvax!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: mweiner@bene.at (Michael Weiner) Newsgroups: comp.virus Subject: Hunter-Killer Vaccines (PC) Message-ID: <0007.9008171919.AA16211@ubu.cert.sei.cmu.edu> Date: 17 Aug 90 05:43:32 GMT Sender: Virus Discussion List Lines: 49 Approved: krvw@sei.cmu.edu Peter_Urka@ub.cc.umich.edu wrote: > It has recently been suggested in this journal that sending > out 'helpful' viruses that would infect machines and destroy > harmful viruses should be thought about. > I have and have reached these conclusions: > 1) It is a nice (even ethical) thing to do. > 2) It would not help virus programmer's in a technical sense. > If they can write these things now, new algorithms are > but a matter of time. > 3) It should not be done. It would be too easy to prey upon > the unsuspecting, gullible, and naive computer jock. I have thought about the problem too. 1) It can never be nice or ethical to spread a virus, no matter if it is a "good" or a "bad" virus. Viruses interfere with computer systems, spread without users' consent and modify executables. There is simply too much risk involved here. Let's assume an example: A "good" virus that removes 40 other viruses is developed under DOS 3.x. The author tests it and it works fine. The virus uses DOS interrupts 25h and 26h to perform absolute disk reads/writes. DOS 4.x appears: Suddenly, every program infected with this 'good' virus crashes.... No, I can live without 'good' viruses interfering with my work... Viruses that are 'on their way' can not be updated to reflect changes in the operating system :-( 2) I agree. There is too much secrecy when it comes to discussing algorithms. If anyone has a knowledge of assembler programming, TechRef documentation and some in-depth DOS book (that deals with MCBs, undocumented functions, advanced TSR and disk programming etc.) he can write a Stealth virus in a very short time. 3) I agree. Imagine a virus that asks you to 'innoculate' all your diskettes, infects and encrypts each and every of your executables and 14 days after you "protected" all your files, none of them work any longer... :-( Also, in the Amiga world we have the situation that killer viruses are hunting down other viruses. From what I have been told, the situation is pretty bad there... michael +----------------------+-----------------------+ I Michael Weiner I uucp: mweiner@bene.at I I Ghelengasse 4 +-----------------------+ I A-1130 Wien Austria I tel: ++43 1 8232400 I +----------------------+-----------------------+