Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!iuvax!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: HUUSKONEN@CC.HELSINKI.FI (Taneli Huuskonen) Newsgroups: comp.virus Subject: Re: Antivirus viruses Message-ID: <0011.9008171919.AA16211@ubu.cert.sei.cmu.edu> Date: 17 Aug 90 10:54:00 GMT Sender: Virus Discussion List Lines: 56 Approved: krvw@sei.cmu.edu erickson@lclark.BITNET writes: > ... > However, this new discussion on the ethics of producing > viruses to kill harmful viruses is a fascinating one. Peter Ukra from > somewhere or another (I am not yet Unix-path fluent) posed an > interesting argument against the use of antiviruses. > ... > The scenerio Ukra uses is one where a virus pops up on a > user's screen, identifying itself as a "virus that hunts down others" > and gives the user a choice -- press "A" to proceed with the hunt, or > "B" to delete this virus. If the user presses "A," the virus may show > its true colors and inform the user that it has just erased his hard > disk. > ... > My point is I don't see any additional danger the average user > is put into with the innovation of antiviruses. ... > Viruses don't have to ask for user permission to infect files. > Viruses do not spread by beguiling computer users; they simply hide in > the shadows and slither from disk to disk. I see no new dangers users > could find themselves in if antiviruses do in fact make an appearance > in the computer world. Antivirus viruses could be dangerous in at least two ways: 1. Think about a user who has an antivirus program monitoring disk reads and writes. If an ordinary virus tries to propagate, the monitoring program stops it and warns the user, but if the virus asks for permission and gets it, the user has no reason for getting suspicious about its virus-like behaviour. Of course, the virus would do the damage only after a long time in order to be able to multiply before being caught. Now the danger of Trojan horses is nothing new. This would be just another flavour of them, having an effective method of getting widely distributed. 2. A virus performs something quite dangerous when propagating: it modifies another program automatically. Therefore minor programming bugs in a genuine benevolent antivirus virus could destroy programs or other valuable data more easily than an ordinary program. I think there are several examples of viruses which apparently try to propagate only without causing any harm but which hang the system quite frequently in some circumstances. This is the more serious objection to antivirus viruses of these two, I think. I would suggest that the potential author of an antivirus virus should write an ordinary antivirus program, with a handy _explicit_ Copy Self command, and include instructions for making the program run automatically at bootstrap or something like that. It would require a bit more effort on the user's part, but IMHO the increased safety would outweigh the little loss of convenience. Taneli Huuskonen Huuskonen@cc.Helsinki.Fi I think, therefore I disclaim