Peter_Urka@ub.cc.umich.edu (08/12/90)
It has recently been suggested in this journal that sending out 'helpful' viruses that would infect machines and destroy harmful viruses should be thought about. I have and have reached these conclusions: 1) It is a nice (even ethical) thing to do. 2) It would not help virus programmer's in a technical sense. If they can write these things now, new algorithms are but a matter of time. 3) It should not be done. It would be too easy to prey upon the unsuspecting, gullible, and naive computer jock. What virus authors wish to do is make people into suckers and a great way to do that is to write a 'nice' program. "Hi. I am a virus that hunts down others. A - Happy Hunting. B - Erase Virus Hunter" The victim presses A and in a few seconds up pops "Hi. The joke is on you sucker. I just erased your hard disk" Unfortunately there is a even worse chance of the victim of a virus attack to determine whether the program is friendly or hostile, than getting one. IF THE VICTIM BELIEVES THERE ARE NICE VIRUSES, he has a 50-50 chance of saying yes to a modified version. If everybody has the COMPLETE understanding that all viruses should be treated with vaccines and disk backups, the above scenario won't happen. - -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Peter Urka@ub.cc.umich.edu
frisk@rhi.hi.is (Fridrik Skulason) (08/14/90)
Here we go again.... > It has recently been suggested in this journal that sending >out 'helpful' viruses that would infect machines and destroy harmful >viruses should be thought about. I have and have reached these >conclusions: > 1) It is a nice (even ethical) thing to do. No - it is not, for numerous reasons - one is that the anti-virus-viruses may not be able to properly identify new variants of a virus they know, and destroy the infected program, instead of disinfecting it. There are also numerous other reasons. > 2) It would not help virus programmer's in a technical sense. If they > can write these things now, new algorithms are but a matter of time. If you provide anyone with a virus, even a "harmless" one - the risk arises that somebody might create a new, harmful virus, just by patching the "harmless" one. > 3) It should not be done. Agree 100% - -- Fridrik Skulason University of Iceland | Technical Editor of the Virus Bulletin (UK) | Reserved for future expansion E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 |
mweiner@bene.at (Michael Weiner) (08/17/90)
Peter_Urka@ub.cc.umich.edu wrote: > It has recently been suggested in this journal that sending > out 'helpful' viruses that would infect machines and destroy > harmful viruses should be thought about. > I have and have reached these conclusions: > 1) It is a nice (even ethical) thing to do. > 2) It would not help virus programmer's in a technical sense. > If they can write these things now, new algorithms are > but a matter of time. > 3) It should not be done. It would be too easy to prey upon > the unsuspecting, gullible, and naive computer jock. I have thought about the problem too. 1) It can never be nice or ethical to spread a virus, no matter if it is a "good" or a "bad" virus. Viruses interfere with computer systems, spread without users' consent and modify executables. There is simply too much risk involved here. Let's assume an example: A "good" virus that removes 40 other viruses is developed under DOS 3.x. The author tests it and it works fine. The virus uses DOS interrupts 25h and 26h to perform absolute disk reads/writes. DOS 4.x appears: Suddenly, every program infected with this 'good' virus crashes.... No, I can live without 'good' viruses interfering with my work... Viruses that are 'on their way' can not be updated to reflect changes in the operating system :-( 2) I agree. There is too much secrecy when it comes to discussing algorithms. If anyone has a knowledge of assembler programming, TechRef documentation and some in-depth DOS book (that deals with MCBs, undocumented functions, advanced TSR and disk programming etc.) he can write a Stealth virus in a very short time. 3) I agree. Imagine a virus that asks you to 'innoculate' all your diskettes, infects and encrypts each and every of your executables and 14 days after you "protected" all your files, none of them work any longer... :-( Also, in the Amiga world we have the situation that killer viruses are hunting down other viruses. From what I have been told, the situation is pretty bad there... michael +----------------------+-----------------------+ I Michael Weiner I uucp: mweiner@bene.at I I Ghelengasse 4 +-----------------------+ I A-1130 Wien Austria I tel: ++43 1 8232400 I +----------------------+-----------------------+