XRJDM@SCFVM.GSFC.NASA.GOV (Joe McMahon) (03/05/91)
Research viruses: just say no. Case in point: the purported author of the Scores virus, who is reportedly under arrest at the moment, wrote in the documentation for the Vaxene program (which removes Scores) that s/he never expected the virus to get loose. A research virus. A fine and a jail term. Thanks, I'll pass. I have enough troubles. If you have all of this inventive energy, why not write a real program and get some real recognition for your talents? --- Joe M.
keir@vms.macc.wisc.edu (Rick Keir, MACC) (03/08/91)
XRJDM@SCFVM.GSFC.NASA.GOV (Joe McMahon) writes...
>Research viruses: just say no.
(goes on to quote rumor that the Mac Scores virus author "didn't
expect it to get out", with implication that it was a "research"
virus.)
Several points:
I said "rumor" since no one has ever admitted to being the author of
Scores (numerous news stories in MacWeek, etc., quoting FBI and EDS
officials as saying they "suspect" they know who it it -- i.e. no one
has said they're the one). This makes is hard for the Vaxene
documentation to quote the author of Scores in any believable fashion.
Second, the comment about "didn't expect it to get out" is also
subject to the interpretation that he/she meant "I just thought I'd
screw up computers at EDS in Dallas and not anyone else's computers."
While Scores does specifically target internally developed software of
EDS, it infects all bootable systems and all applications that it
comes in contact with, and does not distinguish the EDS systems from
any other. This makes a claim that he/she was surprised by its spread
not very believable.
"Research" is becoming the computer equivalent of the claim that "I
didn't know the gun was loaded", whether uttered by the virus writer
or by the geek who abuses the net. Research is noted for :
publication, sharing of information, useful purpose, and most
importantly ETHICS OVERVIEW by one's peers. The so-called research of
the average virus writer would fail on all counts: no knowledge is
published; there is no knowledge to be gained; and no group of one's
peers would judge the writing and release of the virus to be ethical.
There can be useful research done on viruses, and for those purposes
viruses may be written; however, those authors are working openly,
publishing their work, and experimenting in conditions that prevent
the spread of a virus to the general public. I can count the number
of legitimate researchers I know of on one hand, and have fingers left
over.
CAH0@gte.com (Chuck Hoffman) (03/13/91)
keir@vms.macc.wisc.edu (Rick Keir, MACC) writes: > I can count the number > of legitimate researchers I know of on one hand, and have fingers left > over. I'll bet I know which finger(s)! I agree that "research" has become synonomous with "experimenting." Someone who is trying something out, unsupervised, with no intention of publishing, and with no go/nogo decision by peers with respect to ethics, may be "experimenting," but hardly is doing "research" in the sense that professional researchers use it. I guess I might note the same about about the use of the term "ethics." Same thing. Someone trying to understand the ethics of a situation, but unsupervised, with no intention of publishing or a go/nogo decision by peers, may be "deciding" about something, but hardly is going through the process of ethics review in the sense that professionals do. - - Chuck Hoffman, GTE Laboratories, Inc. | I'm not sure why we're here, cah0@bunny.gte.com | but I am sure that while we're Telephone (U.S.A.) 617-466-2131 | here, we're supposed to help GTE VoiceNet: 679-2131 | each other. GTE Telemail: C.HOFFMAN |
spaf@cs.purdue.edu (Gene Spafford) (03/16/91)
Research ethics are fairly well defined in other fields, and can be extended to computer viruses with a little thought. For instance, a researcher working on flu virus strains would be ethically (and legally) responsible for a mutated virus escaping into the population at large. Saying "I'm sorry -- I didn't mean for it to happen" is not an excuse. Good intentions do not substitute for taking precautions. Research on (computer) viruses that escape into the general population are clearly unethical because they affect subjects who have not given their informed consent to be part of the "experiment," and there is no way to end the "experiment." Also, there is no valid control for the experiment (e.g., "What would be the results in a similar population for the null hypothesis?"). Worse, most people "experimenting" doen't understand the basics of good scientific method. Research by writing viruses to see what happens is akin to throwing chemicals in a test tube to see if it explodes. Proper experimental research procedure requires that you establish a hypothesis that can be tested, establish a test with controls, and then analyze your test results with respect to the hypothesis. Some of the people who claim they are doing "research" in viruses and related areas are doing no such thing. I have refereed papers for professional forums that show a surprising lack of understanding of the basic principles of science or ethics -- then these individuals complain they are being "conspired against" because they can't get their work published. Sad. - -- Gene Spafford NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 Internet: spaf@cs.purdue.edu phone: (317) 494-7825