mcp@SEI.CMU.EDU (Mark Paulk) (07/13/89)
An article in the Computer Society News section of IEEE Computer,
July, 1989, pp. 83-84, discusses a draft position paper on software
vandalism, specifically computer viruses. I had some comments, which
I mailed to the acting chair of the Committee on Public Policy:
Ralph J. Preiss
12 Colburn Drive
Poughkeepsie, NY 12603
I think the article, and possibly my comments, will be of interest to
the VIRUS-L readers. Letter text follows:
- - -------
I have just finished reading the article in the July 1989 issue of
IEEE Computer on the code of ethics and computer viruses position
paper. First, let me compliment your group on their statement. It
seems so obvious what the correct ethical position with regard to
these issues is, yet I have communicated with all too many "unethical"
people where computer viruses and Trojan horses are concerned. I
support having the IEEE take a very clear and explicit stand in these
matters.
I have a minor interest in these matters. Although not of direct
professional interest, I just gave a presentation on "Computer Fauna:
Viruses, Worms, and Trojan Horses" where I discussed the differences
between these entities. I have some qualms about the definitions
given in the sidebar.
The second sentence in the definition of a "worm" is an overstatement.
Although worm programs @i(may) overlay or erase other programs or
data, in the original work with worm programs by J.F. Shoch and J.A.
Hupp ("The 'Worm' Programs - Early Experience with a Distributed
Computation," Communications of the ACM, Vol. 25, No. 3, March, 1982,
pp. 172-180) the worm model is "a program or a computation that can
move from machine to machine, harnessing resources as needed, and
replicating itself when necessary" aka distributed computation, a
program which spans machine boundaries. They quote the science
fiction writer John Brunner: a worm adds to itself; a phage wipes out
(Shockwave Rider).
The same problem of assuming malicious behavior holds with viruses.
In Cohen's work, he gives an example of a beneficient "compression" virus.
Although I agree that for all practical purposes, there are no benign
viruses, worm programs hold a great deal of promise as a distributed
computing technology.
The two different definitions of computer virus are also problematic.
Computer virus-A seems to be an attempt to address programs such as
the Christmas worm which propagate by the (inadvertent) action of humans.
This is NOT a computer virus. Terms which have been used for this
class of programs includes "rabbit" and "bacterium," although the emphasis
tends to be on denial of service rather than the infection mechanism.
I think the Trojan horse definition covers the class of program
described adequately.
Computer virus-B is a "reasonable" virus definition, although I have some
slight qualms about the assumption of malicious instructions as mentioned
earler.
Good definitions for these classes of programs are rather nebulous at
this time, and there are a number of candidates running around. Most
notably Fred Cohen and Peter Freeman have supplied readily available
definitions, although there are no rigorous ones yet. The discussions
on the VIRUS-L (Comp.virus) group, moderated by Ken van Wyk, covers
this ground now and again. I might suggest that you solicit some
discussion from the group. I will take the liberty of cross-posting
this missive to direct attention to the article.
All in all, my compliments. Keep up the good work.