erickson@lclark.BITNET (08/15/90)
I am a sophomore here at Lewis & Clark College in Portland, and I work in the campus computer support services. I have been subsribing to the comp.virus journal for a few months now, mainly to keep an eye out for any information about viruses that we may have to brace for out here. Up until now I have never felt inclined to submit anything to this journal. However, this new discussion on the ethics of producing viruses to kill harmful viruses is a fascinating one. Peter Ukra from somewhere or another (I am not yet Unix-path fluent) posed an interesting argument against the use of antiviruses. If antiviruses become an accepted phenomena, there is nothing to stop those perverts who write the viruses from writing new ones that will initially convince the user that they are a "good" virus before turning around and doing some form of damage. The scenerio Ukra uses is one where a virus pops up on a user's screen, identifying itself as a "virus that hunts down others" and gives the user a choice -- press "A" to proceed with the hunt, or "B" to delete this virus. If the user presses "A," the virus may show its true colors and inform the user that it has just erased his hard disk. Thus, there is an apparent danger in producing two kinds of viruses (good and bad). My point is this: How many "bad" viruses do you know of that ask the user if he wants to delete it before it does anything? None. Let's examine that scenerio and a couple of different possibilities for it: #1) The virus really DOES turn out to be a "good," virus-killing virus. The user wins if he choose either "A" (begin hunt) or "B" (delete virus). #2) The virus only says that it's a good virus, but it is really a badnastyevilugly virus. There is no guarantee, and in fact it would be naive to assume, that the virus would actually delete itself if the user chose "B." Seeing as how most if not all of today's badnastyevilugly viruses don't give any options at all -- they just erase a disk, etc. -- I don't see where the new and urgent danger is. My point is I don't see any additional danger the average user is put into with the innovation of antiviruses. Yes, it gives the virus perverts another way to make fools out of computer users. But the only difference between, say, a WDEF virus and this "Virus Hunter" virus in the scenerio is that a little more text is dumped on the screen and the user feels a bit more foolish when the virus erases his hard disk. Any other virus would have done the same thing and would never have given him the cute little option greeting in the first place. Viruses don't have to ask for user permission to infect files. Viruses do not spread by beguiling computer users; they simply hide in the shadows and slither from disk to disk. I see no new dangers users could find themselves in if antiviruses do in fact make an appearance in the computer world. - -- Scott Erickson (I have no idea what Lewis & Clark's opinions on this subject are, but it's safe to say that I probably don't represent them.)
robinson@cs.dal.ca (John Robinson) (08/16/90)
erickson@lclark.BITNET writes: > My point is I don't see any additional danger the average user >is put into with the innovation of antiviruses. Yes, it gives the I too fail to see a problem with this. I think the most important thing is not whether or not your virus fighting programs are of the antivirus variety or not, but rather the important questions is did you get them from a known reliable source (like directly from the author). The same argument about beguiling the user could be made against virus scanning programs. Such programs are not bad, one must simply be sure he is getting them from a known source. - -John Robinson robinson@dalcsug.uucp robinson@ac.dal.ca Internet
peter@ficc.ferranti.com (peter da silva) (08/16/90)
erickson@lclark.BITNET writes: > Viruses don't have to ask for user permission to infect files. > Viruses do not spread by beguiling computer users; they simply hide in > the shadows and slither from disk to disk. I see no new dangers users > could find themselves in if antiviruses do in fact make an appearance > in the computer world. How about this scenario: a slow fuse/fast cloning virus that pretends to be an antivirus. It could be quite widespread before the bombs start going off, and meantime the users are lulled into a false sense of security. And a real antivirus virus that comes into this pool of users would be ignored (the "crying wolf" effect). - -- Peter da Silva. `-_-' +1 713 274 5180. 'U` peter@ferranti.com (currently not working) peter@hackercorp.com
FXJWK@ALASKA (Jo Knox - UAF Academic Computing) (08/17/90)
Scott Erickson (erickson@lclark.BITNET) writes: > Viruses don't have to ask for user permission to infect files. > Viruses do not spread by beguiling computer users; they simply hide in > the shadows and slither from disk to disk. I see no new dangers users > could find themselves in if antiviruses do in fact make an appearance > in the computer world. For the most part, I agree with Scott; however, the antiviruses we've been discussing (which present an alert box and options) will themselves be targets. That is, if some one releases an antivirus (call it VANTIV) which computer users become familiar with, then the next malicious virus will impersonate VANTIV. Users will lose trust in VANTIV and stop using it (losing the benefits); the author of VANTIV could be blamed for the effects of the impersonator (do we call this a "trojan virus"?) Rather than this scenario, I suggest a "quiet" antivirus. (No flames, yet; please read on!) Let's split computer users into two groups; there are those who are fairly "virus aware", literate users who check every new disk (most of us on this list). The second group is by far the majority; they know viruses exist, but only learn much about them *after* becoming infected, sometimes long after! I doubt anyone in the former group would welcome an antivirus, and the majority would catch and kill it before infection. I certainly wouldn't welcome this critter on my machine, which I know to be clean! However, I might write such a virus, and even distribute it "on the sly". I assume that those who don't need it won't get it (having killed it first), and those who do are quite possibly already infected (this campus is rife with nVir B). As far as the morality/ethics question, I have no problems with this idea; there's no reason you can't help someone without their knowledge! This entire scenario makes one possibly large assumption: that this "antivirus virus" is itself not too virulent, is well programmed in detection, eradication, and even prevention, and is generally well-behaved. Jo My musings herein are not necessarily endorsed by the University of Alaska And when this thing does show up, I didn't write it...
HUUSKONEN@CC.HELSINKI.FI (Taneli Huuskonen) (08/17/90)
erickson@lclark.BITNET writes: > ... > However, this new discussion on the ethics of producing > viruses to kill harmful viruses is a fascinating one. Peter Ukra from > somewhere or another (I am not yet Unix-path fluent) posed an > interesting argument against the use of antiviruses. > ... > The scenerio Ukra uses is one where a virus pops up on a > user's screen, identifying itself as a "virus that hunts down others" > and gives the user a choice -- press "A" to proceed with the hunt, or > "B" to delete this virus. If the user presses "A," the virus may show > its true colors and inform the user that it has just erased his hard > disk. > ... > My point is I don't see any additional danger the average user > is put into with the innovation of antiviruses. ... > Viruses don't have to ask for user permission to infect files. > Viruses do not spread by beguiling computer users; they simply hide in > the shadows and slither from disk to disk. I see no new dangers users > could find themselves in if antiviruses do in fact make an appearance > in the computer world. Antivirus viruses could be dangerous in at least two ways: 1. Think about a user who has an antivirus program monitoring disk reads and writes. If an ordinary virus tries to propagate, the monitoring program stops it and warns the user, but if the virus asks for permission and gets it, the user has no reason for getting suspicious about its virus-like behaviour. Of course, the virus would do the damage only after a long time in order to be able to multiply before being caught. Now the danger of Trojan horses is nothing new. This would be just another flavour of them, having an effective method of getting widely distributed. 2. A virus performs something quite dangerous when propagating: it modifies another program automatically. Therefore minor programming bugs in a genuine benevolent antivirus virus could destroy programs or other valuable data more easily than an ordinary program. I think there are several examples of viruses which apparently try to propagate only without causing any harm but which hang the system quite frequently in some circumstances. This is the more serious objection to antivirus viruses of these two, I think. I would suggest that the potential author of an antivirus virus should write an ordinary antivirus program, with a handy _explicit_ Copy Self command, and include instructions for making the program run automatically at bootstrap or something like that. It would require a bit more effort on the user's part, but IMHO the increased safety would outweigh the little loss of convenience. Taneli Huuskonen Huuskonen@cc.Helsinki.Fi I think, therefore I disclaim
C_Owen@qut.edu.au (CHRIS OWEN) (08/18/90)
Peter_Urka@ub.cc.umich.edu writes: > It has recently been suggested in this journal that sending >out 'helpful' viruses that would infect machines and destroy harmful >viruses should be thought about. I have and have reached these >conclusions: 1) It is a nice (even ethical) thing to do. 2) It would >not help virus programmer's in a technical sense. If they can write >these things now, new algorithms are but a matter of time. 3) It >should not be done. > It would be too easy to prey upon the unsuspecting, gullible, >and naive computer jock. What virus authors wish to do is make people >into suckers and a great way to do that is to write a 'nice' program. >... I don't normally read this list, so I didn't see the original posting. I also thought about this issue about a year ago, with the idea of writing a virus which attaches checksum verification code to its host. I came to the same conclusion, (3), that it shouldn't be done, but for different reasons. The idea of hunt and kill viruses is cute and follows along the same idea as biological virus specific vaccines. Biological organisms are much more complex than computers, and this approach may be the only means within our technical ability to deal with a number of viruses. Operating systems, however, we have more control over, and can be made more secure, by utilizing features of John McAffee's SCAN, SHIELD and Ross Greenberg's FLUSHOT etc. With the proliferation of new strains of viruses occurring at an ever increasing rate, and a number of mutating strains, some form of data cryptographic verification must be included in all systems, and the idea of hunter/killer viruses is not compatible with this approach. Software these days is difficult enough to debug without the effect of deliberately introduced self modifying code. The host programs for these viruses would be infected by the "nice" virus, defeating any cryptographic verification contained in them also. There are a large number of viruses which appear to have been written as harmless practical jokes, but which have caused data loss through coding errors. "Nice" viruses would probably suffer from the same bugs. Signature scanning products such as SCAN are much more useful, as full control remains in the hands of the user/system manager. With several hundred executable files on my system, I would hate to put up with numerous viruses requesting permission to infect/disinfect some or all of the other executables every time I run one. I would also MUCH rather rely on as FEW as possible trusted programs to do the disinfecting. Hunter-killers ought to be treated the same way as any other virus ... get rid of them. My two cents worth ... standard disclaimers apply (ie it's MY two cents worth). Computer Based Education Queensland University of Technology Brisbane, Australia
CAH0@gte.com (Chuck Hoffman) (08/20/90)
FXJWK@ALASKA (Jo Knox - UAF Academic Computing) writes: > As far as the morality/ethics question, I have no problems with this > idea; there's no reason you can't help someone without their > knowledge! Getting prior, informed, consent is fundamental in our culture, when you're about to mess with someone else's "stuff," whether that stuff is a posession, a creation, or the person's own body or mind. Just think of how arrogant you would have to be to presume to make choices and "fix" things for another adult without that person's consent. Maybe, just maybe, that person would like to try to fix things on her or his own, before seeking help from someone else. It can be pretty degrading to get help that you didn't ask for, and didn't want, even though the other person thought you needed it. Maybe pushing uninformed "help" on someone else will lead to a dependency of that other person on you. Maybe that would be nice for *you*, but not so nice for the other person in some cases, and maybe the underlying motives could be more self serving than altruistic. Prior informed consent really is fundamental in our culture. - - Chuck Hoffman, GTE Laboratories, Inc. cah0@bunny.gte.com Telephone (U.S.A.) 617-466-2131 GTE VoiceNet: 679-2131 GTE Telemail: C.HOFFMAN
flaps@dgp.toronto.edu (Alan J Rosenthal) (08/21/90)
erickson@lclark.BITNET writes: >I see no new dangers users could find themselves in if antiviruses do in fact >make an appearance in the computer world. What about the dangers from the anti-viruses themselves?? You made an analogy between the wdef virus and a potential deceiving trojan- horse-like strain of an anti-virus. Perhaps the analogy could be better made between the wdef virus and an anti-virus itself. Like the wdef virus, an anti-virus would apparently be intended to spread without causing harm, but in reality would cause an increase in crashes and therefore data loss. I don't think "anti-virus" is an appropriate name. I recommend the name "virus". Nobody's saying they think the wdef virus is ok because it doesn't seem to be intended to do any harm; similarly I don't think an anti-virus would be acceptable just because of the author's good intentions. ajr
hartley@AIC.NRL.Navy.Mil (08/23/90)
I think there are situations in which the release of such viruses would be both ethical and desirable. I can think of at least one precedent from the medical profession - - the Saulk (sp?) vaccine (the primary polio vaccine in the US). This vaccine is a live, contagious, virus. Any Physician who administers it is releasing a virus into the population. This is considered an advantage. Contagion is not considered a problem because: 1 - The virus is beneficial (it blocks a much more virulent virus) 2 - It is intended that the entire population be inoculated anyway. The computer analog of such a transmissible live attenuated virus would be a version of a highly destructive virus from which the destructive code has been removed. The vaccine would spread to exactly the population susceptible to the original virus, because it would spread by the same mechanism and would be stopped by the same protective software. It would then compete with the virulent virus by means of of its shared self recognition site. To be effective such a vaccine would have to reach a target machine before the virulent strain. This can be insured in two ways. a - by making the vaccine spread more rapidly than its target. Small increases (which could result simply from the removal of the destructive payload) might be sufficient. Regardless of how fast it spreads, however, the vaccine will sill arrive too late for some machines. b - Give the vaccine a head start by distributing it widely by means other than contagion. E.g by distributing it as part of a package of anti-viral tools. Possible objections: A - The vaccine would lull people into a false sense of security. Response - The people who don't have conventional anti-viral software (which would stop both the target virus and the vaccine) have a false sense of security already. B - The vaccine will inevitably contain bugs which will harm some users. Response - So does the polio vaccine. Through mutation into virulent forms and unusually susceptible individuals, the polio vaccine does (rarely) cause disease. People die from it. This is considered acceptable because the vaccine reduces the total probability of disease. C - If this is allowed there will be a flood of "beneficial" viruses. Response - I am not suggesting that every hacker (in either the prejorative sense of the word or not) be given license to go out and release his own vaccine to any virus he sees fit. Unilateral release of a virus is unconscionable and should be illegal. But with proper review and testing through a "computer FDA", use of live vaccines Should not be dismissed out of hand. The above is not the official position Ralph Hartley of any organization of more than one member. hartley@aic.nrl.navy.mil
rubinoff@linc.cis.upenn.edu (Robert Rubinoff) (08/25/90)
hartley@AIC.NRL.Navy.Mil writes: > I think there are situations in which the release of such viruses >would be both ethical and desirable. > > I can think of at least one precedent from the medical profession >- - the Saulk (sp?) vaccine (the primary polio vaccine in the US). This >vaccine is a live, contagious, virus. Any Physician who administers it >is releasing a virus into the population. This is considered an >advantage. Contagion is not considered a problem because: This is actually an illustration of why "anti"-viruses are a bad idea. First of all, the administration of the polio vaccine is done on an individual basis. No-one is vaccinated unless a doctor confirms that it will be safe and effective for that individual. Some people *don't* receive the vaccine, because there are possible risks. (For example, anyone with a weakened immune system wouldn't receive it.) Even more significantly, the vaccine is not given (or precautions are taken) if anyone in the same household as the patient has a weakened immune system. That is, the live vaccine is not given if there is even a slight chance that it would be passed on to someone else. "Anti"-vaccines don't fit this pattern, because they are spread without any concern for their suitability on particular systems. Also, by their nature they inevitably spread to other systems which may not be able to tolerate them. Like the polio vaccine, if administered indiscriminately they would end up causing serious "infections". Robert
cbp@foster.avid.oz.au (Cameron Paine) (08/27/90)
Thus far, the debate has concentrated on the ethics of viruses designed to `destroy' other viruses. One or two contributors have touched on the *real* issue but their comments seem to have been lost in the hubbub. While I'm unfamiliar with other parts of the world, I'm sure you can all think of non-indigenous (biological) organisms which when released, ran rampant in their new environment. In Australia, we have many examples: cane toads, rabbits, blackberries and the prickly-pear cactus spring immediately to mind. Since none of you can *guarantee* that you can write software that will perform without fail on all potential hosts, there is no question. Such an approach is doomed before it starts. A case in point is SCANV66 (no offence to John intended - I selected it because most readers will have read about it recently). Since it wasn't an auto-propagating program we simply had to note John's bug report and replace it with 66B. Think about it... and then stop thinking about it. It's a disaster waiting to happen. cbp - -- cbp@foster.avid.oz - ACSnet cbp%foster.avid.oz.au@uunet.uu.net - Internet ..!{hplabs,mcvax,nttlab,ukc,uunet}!munnari!foster.avid.oz.au!cbp - UUCP
sheinfel@grad1.cis.upenn.edu (Aviad Sheinfeld) (08/28/90)
FXJWK@ALASKA (Jo Knox - UAF Academic Computing) writes: > As far as the morality/ethics question, I have no problems with this >idea; there's no reason you can't help someone without their >knowledge! I have to disagree. You have absolutely no right to mess with my computer or any of its contents, no matter what your intentions. Who are you to decide what strings of bytes I may or may not have in my personal machine? What right do you, a well-meaning (?) programmer have to affect my personal property? If I am walking along down the street and notice that your car's leaking break fluid, I might leave a note on the windshield, but I certainly wouldn't jack up your car and fix the problem. That is your responsibility. I can educate you, warn you - but I can't keep you from making mistakes. Another point is that you are killing these viruses with a virus! Look at what you're proposing! You decide what piece of code may roam unchecked in my machine and what piece of code may not?! I'm sorry, but I don't know you well enough to support such a dangerous idea. I feel that those who have learned to protect themselves are fairly safe from virus attacks by being careful and using available virus-detectors. As for those ignorant enough or foolish enough to go without protection ... they'll learn eventually. Education is the key, not forced action. (Wait a second, shouldn't this last paragraph have been posted to alt.sex instead?! :-) Aviad...
elw@netxcom.DHL.COM (Edwin Wiles) (08/30/90)
User hartley@AIC.NRL.Navy.Mil writes: > I can think of at least one precedent from the medical profession >- - the Saulk (sp?) vaccine (the primary polio vaccine in the US). This >vaccine is a live, contagious, virus. Any Physician who administers it >is releasing a virus into the population. Bzzzzt! Bad analogy. The Salk vaccine is under fire for multiple reasons: 1) It has definitely been the CAUSE of cases of polio. Not a large percentage of the population, to be sure. 2) The concept of the vaccine spreading by 'contagious' means has been called into serious doubt. 3) There are much safer DEAD vaccines now, which have been in use in Europe for many years now that have absolutely NO cases of CAUSING a case of polio, that are cheaper to make, and easier to administer. The Salk vaccine is a much closer parallel with the best reasons for NOT having anti-virus viruses: 1) An Anti-virus virus COULD cause damage by infecting a boot block or other file and damaging it in the process by ignorance of special conditions. 2) Although it might spread, I believe it would not spread as fast or as effectively as a 'harmful' virus. 3) There are much safer ways to protect yourself from viri, other than by exposing yourself to a theoretically 'harmless' live virus. I see later in your message that you do mention that the Salk vaccine does cause the occasional case of polio. However, I find your minimal emphasis on that danger when there are *known*safer* methods rather alarming. Back when Salk was the only vaccine around, it made sense to use it. It was better than having polio epidemics, and the chances of getting polio from the vaccine were much less than those of contracting it 'naturally'. If all we HAD were anti-virus-viri, then I would agree to their existance. But we have MUCH safer methods to protect ourselves from viri, so as far as I am concerned, there is NO reason to sanction AVV's as 'acceptable behaviour'. In parallel, if all we had were the Salk vaccine, I would use it. But we have much safer vaccines available now, so I see NO reason to use the Salk vaccine. Those who refuse to protect themselves deserve what they get. Some will decry this as a 'cold', 'brutal' answer. Well it is, and so is nature. If you don't get vaccinated for the various diseases for which we have safe vaccines, then you've only yourself to blame. Edwin.
francis@cis.ohio-state.edu (RD Francis) (09/04/90)
elw@netxcom.DHL.COM (Edwin Wiles) writes: > 1) An Anti-virus virus COULD cause damage by infecting a boot > block or other file and damaging it in the process by ignorance > of special conditions. This is certainly a cause for concern to me. As a Macintosh user and system administrator, I am reasonably well acquainted with the various Macintosh viruses. It is my understanding that, as far as anyone can determine, every Mac virus has caused problems not by design, but rather through bugs which led to problems with specific applications, or the system in general (which is not to say no Mac virus has ever been written with malicious intent; simply that said intent has been on a much smaller scale than the actual effects of the virus might indicate). - -- R David Francis francis@cis.ohio-state.edu