Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!wuarchive!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: C_Owen@qut.edu.au (CHRIS OWEN) Newsgroups: comp.virus Subject: re: Antivirus viruses Message-ID: <0003.9008221137.AA19228@ubu.cert.sei.cmu.edu> Date: 18 Aug 90 12:58:00 GMT Sender: Virus Discussion List Lines: 55 Approved: krvw@sei.cmu.edu Peter_Urka@ub.cc.umich.edu writes: > It has recently been suggested in this journal that sending >out 'helpful' viruses that would infect machines and destroy harmful >viruses should be thought about. I have and have reached these >conclusions: 1) It is a nice (even ethical) thing to do. 2) It would >not help virus programmer's in a technical sense. If they can write >these things now, new algorithms are but a matter of time. 3) It >should not be done. > It would be too easy to prey upon the unsuspecting, gullible, >and naive computer jock. What virus authors wish to do is make people >into suckers and a great way to do that is to write a 'nice' program. >... I don't normally read this list, so I didn't see the original posting. I also thought about this issue about a year ago, with the idea of writing a virus which attaches checksum verification code to its host. I came to the same conclusion, (3), that it shouldn't be done, but for different reasons. The idea of hunt and kill viruses is cute and follows along the same idea as biological virus specific vaccines. Biological organisms are much more complex than computers, and this approach may be the only means within our technical ability to deal with a number of viruses. Operating systems, however, we have more control over, and can be made more secure, by utilizing features of John McAffee's SCAN, SHIELD and Ross Greenberg's FLUSHOT etc. With the proliferation of new strains of viruses occurring at an ever increasing rate, and a number of mutating strains, some form of data cryptographic verification must be included in all systems, and the idea of hunter/killer viruses is not compatible with this approach. Software these days is difficult enough to debug without the effect of deliberately introduced self modifying code. The host programs for these viruses would be infected by the "nice" virus, defeating any cryptographic verification contained in them also. There are a large number of viruses which appear to have been written as harmless practical jokes, but which have caused data loss through coding errors. "Nice" viruses would probably suffer from the same bugs. Signature scanning products such as SCAN are much more useful, as full control remains in the hands of the user/system manager. With several hundred executable files on my system, I would hate to put up with numerous viruses requesting permission to infect/disinfect some or all of the other executables every time I run one. I would also MUCH rather rely on as FEW as possible trusted programs to do the disinfecting. Hunter-killers ought to be treated the same way as any other virus ... get rid of them. My two cents worth ... standard disclaimers apply (ie it's MY two cents worth). Computer Based Education Queensland University of Technology Brisbane, Australia