mlab2@kuhub.cc.ukans.edu (11/20/90)
Here's a dilemna...
Consider an anti-virus virus. The Mac community has a number of excellent
virus detection and repair programs available commercially and in the public
domain. Unfortunately, there are far too many people who are naive with regard
to viruses and/or do not practice safe computing. A virus whose sole intention
was to propagate and eradicate the more virile strains affecting the Mac
community might seem an effective solution.
Let me say a few things up front so as to circumvent a lot of flames and
confusion. I have not written such a beast, have never written a virus, do not
have the know-how to create any such virus, and would not write a virus -
however benevolent. I would niether encourage the creation of such a virus. I
propose this as more of an intellectual dilemna for debate. When both sides
are considered - cooly - there are some interesting arguments to support such a
beast. I do feel however that discussion of such an organism should not be
hushed net (as it has been suggested regarding topics of "hacking" and the
removal of copy-protection schemes).
The point of view I speak from. I work at an under-funded computer lab on a
university campus. The MDEF and nVIR viruses have been particularly rampant of
late. The typical user has no concept of the computer virus and come merely to
type up their term papers. Unfortunately, they are probably the primary
carriers (unwittingly) of the viruses. We don't have money for hard drives on
all our Macs, so virus-protecting INIT's and other system 'baggage' have to be
kept to a minumum. I can see no end to the proliferation of viruses.
A "travelling" virus eradicator occurred to me (as it has probably occurred to
others). It would not require the user to "manually" check their disks. It
would check to see that no more than one copy of itself resides on a disk. It
would have an expiration date (read off the Mac clock - say, 1992) at which
time it would erase itself. It would be small (say, less than 10K if
possible). It would not attatch itself to applications or files (perhaps it
would simply make itself invisible - a lame camouflage, but sufficient
considering the users it is targeted to serve).
Problems? The ethical one of course. That is, "No program or code shall copy
itself from one medium to another without the consent, knowledge, and approval
of the user." The only other problem I foresee is one of poor programing -
incompatibility with existing systems, software, or machines - and
incompatibility with future versions of systems, software and machines. A
final thought - the possibility that someone with less benevolant intent would
modify it to destructive ends.
Please, if you e-mail me, I can't reply. I STILL haven't figured out the mail
here. I can read but can't reply. (I think there's a file missing in my
account). Well, now that I've opened THIS can of worms up...
john calhoun
wln@cunixb.cc.columbia.edu (William L Nussbaum) (11/21/90)
In article <27013.27483646@kuhub.cc.ukans.edu> mlab2@kuhub.cc.ukans.edu writes: >Here's a dilemna... > >Consider an anti-virus virus. The Mac community has a number of excellent >virus detection and repair programs available commercially and in the public >domain. Unfortunately, there are far too many people who are naive with regard >to viruses and/or do not practice safe computing. A virus whose sole intention >was to propagate and eradicate the more virile strains affecting the Mac >community might seem an effective solution. > ... > >The point of view I speak from. I work at an under-funded computer lab on a >university campus. The MDEF and nVIR viruses have been particularly rampant of >late. The typical user has no concept of the computer virus and come merely to >type up their term papers. Unfortunately, they are probably the primary >carriers (unwittingly) of the viruses. We don't have money for hard drives on >all our Macs, so virus-protecting INIT's and other system 'baggage' have to be >kept to a minumum. I can see no end to the proliferation of viruses. > >A "travelling" virus eradicator occurred to me (as it has probably occurred to >others). It would not require the user to "manually" check their disks. It >would check to see that no more than one copy of itself resides on a disk. It >would have an expiration date (read off the Mac clock - say, 1992) at which >time it would erase itself. It would be small (say, less than 10K if >possible). It would not attatch itself to applications or files (perhaps it >would simply make itself invisible - a lame camouflage, but sufficient >considering the users it is targeted to serve). > >Problems? The ethical one of course. That is, "No program or code shall copy >itself from one medium to another without the consent, knowledge, and approval >of the user." The only other problem I foresee is one of poor programing - >incompatibility with existing systems, software, or machines - and >incompatibility with future versions of systems, software and machines. A >final thought - the possibility that someone with less benevolant intent would >modify it to destructive ends. ...why are you minimizing the ethical considerations? To affect someone or his or her work by deceit (or by force), REGARDLESS of the intent, is a violation of that person. I'm frightened about the fact that you could continue to pose the question, and that you seemed to take the idea somewhat seriously. Once you disregard the morality of your actions (on a rational individualism, not on an arbitrary religious morality), what standard do you have against which to judge your actions? The benefit to others? Have you discussed this personally with the several million people who would be susceptible to such a virus? Leave the individual decisions to the individual. If your lab needs protection, either make the equipment capable of handling it, or forgo the automatic protection, and prepare another procedure for dealing with the viruses you already have. Other problems? - You have no control over the extent of this virus. - You have no control over future modification of this virus. - You introduce another variable into problems people may have. - You cannot repair viruses with it. - Given that it's copying itself over and over, there are a number of opportunities for corruption. Think about what you're saying... | William Lee Nussbaum, Jr. | wln@cunixb.cc.columbia.edu
wilkins@jarthur.Claremont.EDU (Mark Wilkins) (11/21/90)
In article <1990Nov20.171542.8779@cunixf.cc.columbia.edu> wln@cunixb.cc.columbia.edu (William L Nussbaum) writes: >- You have no control over the extent of this virus. >- You have no control over future modification of this virus. >- You introduce another variable into problems people may have. >- You cannot repair viruses with it. >- Given that it's copying itself over and over, there are a number of > opportunities for corruption. What if it gives the user an opportunity to refuse? Throws up an informational dialog and lets the user choose whether to install it? Provides a means by which to remove it if it causes trouble? I think that if people were aware of such a thing it might not be so bad, as long as they were given the chance to refuse infection by such an anti-virus virus. I'm not necessarily posing this question seriously, but do you think this might lighten some of the ethical difficulty? -- Mark Wilkins -- ******* "Freedom is a road seldom traveled by the multitude!" ********** *-----------------------------------------------------------------------------* * Mark R. Wilkins wilkins@jarthur.claremont.edu {uunet}!jarthur!wilkins * ****** MARK.WILKINS on AppleLink ****** MWilkins on America Online ******
Garance_Drosehn@mts.rpi.edu (Garance Drosehn) (11/21/90)
In article <9720@jarthur.Claremont.EDU> wilkins@jarthur.Claremont.EDU (Mark Wilkins) writes: > In article <1990Nov20.171542.8779@cunixf.cc.columbia.edu> > wln@cunixb.cc.columbia.edu (William L Nussbaum) writes: > >- You have no control over the extent of this virus. > >- You have no control over future modification of this virus. > >- You introduce another variable into problems people may have. > >- You cannot repair viruses with it. > >- Given that it's copying itself over and over, there are a number of > > opportunities for corruption. > > > What if it gives the user an opportunity to refuse? Throws up an > informational dialog and lets the user choose whether to install it? > Provides a means by which to remove it if it causes trouble? > > I think that if people were aware of such a thing it might not be so bad, > as long as they were given the chance to refuse infection by such an > anti-virus virus. > > I'm not necessarily posing this question seriously, but do you think this > might lighten some of the ethical difficulty? Presumably we're talking about users who are not sophisticated enough to use the current virus protection methods. Most of your proposed safeguards would work OK for people who know what is going on, but those people aren't the target audience (so to speak). How does the user know that the anti-virus virus is the cause of any problems they are having? I think it's a bad idea. I think it's also unethical to be mucking around with other peoples disks and files, even to "protect" them. Garance_Drosehn@mts.rpi.edu
deane@payne.ifa.hawaii.edu (Rebel Without A Clue) (11/21/90)
In article <1990Nov20.171542.8779@cunixf.cc.columbia.edu> wln@cunixb.cc.columbia.edu (William L Nussbaum) writes: >In article <27013.27483646@kuhub.cc.ukans.edu> mlab2@kuhub.cc.ukans.edu writes: >>Here's a dilemna... >> >>Consider an anti-virus virus. The Mac community has a number of excellent ............... >> >>Problems? The ethical one of course. That is, "No program or code shall >>modify it to destructive ends. > > >...why are you minimizing the ethical considerations? To affect someone or >his or her work by deceit (or by force), REGARDLESS of the intent, is a >violation of that person. > > I'm frightened about the fact that you could continue to pose the question, >and that you seemed to take the idea somewhat seriously. Once you disregard >the morality of your actions (on a rational individualism, not on an arbitrary >religious morality), what standard do you have against which to judge your >actions? The benefit to others? Have you discussed this personally with the >several million people who would be susceptible to such a virus? Leave the >individual decisions to the individual. If your lab needs protection, either >make the equipment capable of handling it, or forgo the automatic protection, >and prepare another procedure for dealing with the viruses you already have. > >Other problems? > >- You have no control over the extent of this virus. >- You have no control over future modification of this virus. >- You introduce another variable into problems people may have. >- You cannot repair viruses with it. >- Given that it's copying itself over and over, there are a number of > opportunities for corruption. > >Think about what you're saying... > > >| William Lee Nussbaum, Jr. >| wln@cunixb.cc.columbia.edu I find your language to be patronizing, and your point not as obvious as it appears you see it. I see nothing wrong in a self-terminating bounty-hunter program which is designed and constructed to deal with troublemakers like viruses. I do believe that it should be written such that it seeks out only known, specific viruses: Once you start setting criteria for "what *looks* like a virus" then you open yourself to great risk of accidents or malicious redirection. Your other points: -- the self-termination gives control over the chronologic veracity of this code. As far as spreading, the darn thing's *supposed* to spread out; wherever viruses go, it should be able to go -- no one ever has control over code, written word or thought, once they're submitted to the public. Don't blame this idea for not doing the impossible. -- This variable should significantly reduce the problems made by the other variables. You can't solve all problems by stepping backwards in complexity -- Repairing a virus is a stupid idea. "Think about what you're saying...." -- Look at mutation rates of current viruses, and I bet you'll find they are comparable with disk-copy mutations, i.e. extremely rare. I think your attempt to shrug off the idea is hasty and ill-thought out. THIS IS NOT A FLAME for those who are succeptible to reading tones of voice into keystrokes. All I am saying is that William has been quick to throw out an idea that I believe deserves honest discussion. I am NOT NECESSARILY advocating the creation of such a beast. Think before you post. Jim -- James "Rebel Without A Clue" Deane Institute for Astronomy deane@galileo.ifa.hawaii.edu 2680 Woodlawn Dr "My God, it's full of *s!" Honolulu, HI 96822 Grad Student/Astronomer/Diver/Mac Technician
george@swbatl.sbc.com (George Nincehelser 5-6544) (11/21/90)
[Lots of points and counter-points deleted] The idea of a "bounty-hunter" to seek and destroy viri is an interesting idea in theory, but I don't think it would work well in the real world. Rather than get long winded, I would like to pose the following question: Who would be responsible for the actions of a bounty-hunter? -- / George D. Nincehelser \ uunet!swbatl!george \ / / Southwestern Bell Telephone \ Phone: (314) 235-6544 \ / / / Advanced Technology Laboratory \ Fax: (314) 235-5797 \ / / / /\ 1010 Pine, St. Louis, MO 63101 \ de asini umbra disceptare \
dplatt@coherent.com (Dave Platt) (11/21/90)
In article <27013.27483646@kuhub.cc.ukans.edu> mlab2@kuhub.cc.ukans.edu writes: > Here's a dilemna... Consider an anti-virus virus... A "travelling" virus > eradicator occurred to me (as it has probably occurred to others). Indeed it has. This topic has been discussed at some length in the comp.virus newsgroup (and I'm redirecting followups to that newsgroup, as it's really the appropriate place for discussions of this sort). In fact, it has been tried at least once. The originally-discovered variant of the nVIR virus was highly destructive... it deleted randomly-chosen files in the System folder. One user who discovered it, modified it to create a "phage"... which would detect the fact that applications were infected with the destructive nVIR and would overwrite them with a copy of itself. The "phage" was successful... the file-destroying variant of nVIR appears to be extinct. The phage is still with us... it's the nVIR you've been having so much trouble with. > It would not require the user to "manually" check their disks. It would > check to see that no more than one copy of itself resides on a disk. It > would have an expiration date (read off the Mac clock - say, 1992) at > which time it would erase itself. It would be small (say, less than 10K > if possible). It would not attatch itself to applications or files > (perhaps it would simply make itself invisible - a lame camouflage, but > sufficient considering the users it is targeted to serve). Ummm... if it doesn't infect applications or files, how will it propagate itself? Repairing a damaged application "on the fly" is a very difficult task. Viruses can modify applications in quite a few different ways. Virus-repair programs are, one and all, a maze of twisty little special cases, all different. The thought of embedding all of these into an INIT makes my skin crawl. And in 10k bytes? I think not. John Norstad's Disinfectant INIT is roughtly 5k... and it's a tightly-coded assembly-language routine which simply detects viruses and makes no attempt to repair the damage they've done. There's no way you'd get a solid repair facility into 10k bytes. > Problems? The ethical one of course. That is, "No program or code > shall copy itself from one medium to another without the consent, > knowledge, and approval of the user." Yup. Note the fact that the phage nVIR is still causing problems for many users. These users have a right to be thoroughly peeved if nVIR causes problems on their machine... they did not ask to receive this "help". > The only other problem I foresee > is one of poor programing - incompatibility with existing systems, > software, or machines - and incompatibility with future versions of > systems, software and machines. This is a much bigger problem than you perhaps realize. Ensuring full compatibility with all existing systems, applications, INITs, cdevs, etc. is extremely difficult. It's hard enough for the people who write full-fledged antiviral INITs and applications to achieve... note how frequently these products have been revised. It's probably impossible to achieve in the first version of any antiviral INIT. Ensuring full compatibility with all _future_ hardware, system software, applications, INITs is almost certainly impossible. Ensuring that the anti-virus-virus could cope adequately with as-yet-undiscovered viruses is _certainly_ impossible. And it's probably impossible to recall a defective self-propagating "anti-virus". If it turned out to be significantly defective, you'd have to release a modified version of the anti-virus, which would do everything the original version does, as well as find and destroy the defective version. > A final thought - the possibility that > someone with less benevolant intent would modify it to destructive ends. Yup. The odds are too high to risk it. And, from the point of view of the end-user (whether knowledgeable or ignorant), an "anti-virus virus" which makes even a slight mistake when repairing a file, or which interferes with a system in even a small way, is no less destructive than a deliberately-malicious virus. Good intentions do not excuse ill-considered actions. Would I trust such an anti-virus virus? Not on a bet! I'd remove it from my system ASAP... and I'd bet that every current freeware or commercial anti-virus package would be revised to smoke out and vaporize such a beast. And I'd predict that legal action would very probably be taken against the author of the anti-virus-virus, as soon as his/her name became known. Please, kids... do NOT try this at home. Or elsewhere. It's an idea which would cause us all far more trouble than it would save us. If you want to spend effort fighting viruses, do it by educating your fellow-user... pass around copies of Disinfectant! Try lobbying vendors to include better virus-protection features in their products and to write-protect the master diskettes they ship.
lorner@ecst.csuchico.edu (Lance Orner) (11/21/90)
In article <27013.27483646@kuhub.cc.ukans.edu> mlab2@kuhub.cc.ukans.edu writes: >Here's a dilemna... > >Consider an anti-virus virus. [reasons for this "virus" deleted] Part of the problems we have with the viruses we have now is not the fact that they actually do something malicious, but rather, they are just there taking up memory and disk space. There have been a number of reported problems with all sorts of systems with viruses, not because the virus is doing anything, but because the virus is there where the system does not expect it to be. This thing grows and moves to other systems where it causes the same problems. Now, I see where John is coming from, and it can be an interesting idea. But putting that and all ethical questions aside, this idea is still a virus, even if it is good natured and well-intentioned. And it seems like it would cause the same unintentional problems as a regular virus would, simply because it is there. Therefore, you're not fixing anything, but just adding another one of the beasts to the computer world. -- Lance M Orner | To get a hold of me -- Computer Engineering | --from Internet: lorner@ecst.csuchico.edu California State | --from America Online: Caradoc University, Chico | --from Eighth Ave.: "Hey! Lance!"
wilde@tigger.Colorado.EDU (Nick Wilde) (11/21/90)
In article <27013.27483646@kuhub.cc.ukans.edu> mlab2@kuhub.cc.ukans.edu writes: >Here's a dilemna... > >Consider an anti-virus virus. The Mac community has a number of excellent >virus detection and repair programs available commercially and in the public >domain. Unfortunately, there are far too many people who are naive with regard >to viruses and/or do not practice safe computing. A virus whose sole intention >was to propagate and eradicate the more virile strains affecting the Mac > At a seminar I attended at IBM's Watson Research Center this summer, one of the researchers there mentioned that several of the messy-dos type viruses were just such "cures" gone awry, and that often the "cure" ended up being more of a pain than the original afflication. My two cents worth: Me thinks the Macintosh community as a whole would end up cursing the creator of such a program, rather than praising him. Don't do it. -- ------------------------------------------------------------------------------- Nick Wilde wilde@boulder.colorado.edu
treeves@magnus.ircc.ohio-state.edu (Terry N Reeves) (11/21/90)
Having an anti-virus virus ask users for permission to infect sounds like a nifty way out of the ethical dilemma, but no. Your target audience is naive users. They will NOT understand the implications of the decision. These are people who will not run disinfectant even though we have backdrop screens asking them too. Those of us in the support area also do not appreciate another complication to the question "why does X fail?" . "Well gee, "have you said yes to any questions you didn't understand lately?" -- _____________________________________________________________________________ | That's my story, and I'm sticking to it! | |_____________________________________________________________________________| | Microcomputer software support, | treeves@magnus.IRCC.OHIO-STATE.EDU |
lee@quincy.cs.umass.edu (Peter Lee) (11/21/90)
In article <1990Nov20.171542.8779@cunixf.cc.columbia.edu> wln@cunixb.cc.columbia.edu (William L Nussbaum) writes: Path: dime!umvlsi!m2c!ernie.viewlogic.com!samsung!zaphod.mps.ohio-state.edu!sol.ctr.columbia.edu!cunixf.cc.columbia.edu!cunixb.cc.columbia.edu!wln From: wln@cunixb.cc.columbia.edu (William L Nussbaum) Newsgroups: comp.sys.mac.misc Date: 20 Nov 90 17:15:42 GMT References: <10490@ur-cc.UUCP> <1990Nov19.033747.29163@ux1.cso.uiuc.edu> <27013.27483646@kuhub.cc.ukans.edu> Sender: news@cunixf.cc.columbia.edu (The Daily News) Organization: Columbia University Lines: 66 In article <27013.27483646@kuhub.cc.ukans.edu> mlab2@kuhub.cc.ukans.edu writes: >Here's a dilemna... > >Consider an anti-virus virus. The Mac community has a number of excellent >virus detection and repair programs available commercially and in the public >domain. Unfortunately, there are far too many people who are naive with regard >to viruses and/or do not practice safe computing. A virus whose sole intention >was to propagate and eradicate the more virile strains affecting the Mac >community might seem an effective solution. > ... > >The point of view I speak from. I work at an under-funded computer lab on a >university campus. The MDEF and nVIR viruses have been particularly rampant of >late. The typical user has no concept of the computer virus and come merely to >type up their term papers. Unfortunately, they are probably the primary >carriers (unwittingly) of the viruses. We don't have money for hard drives on >all our Macs, so virus-protecting INIT's and other system 'baggage' have to be >kept to a minumum. I can see no end to the proliferation of viruses. > >A "travelling" virus eradicator occurred to me (as it has probably occurred to >others). It would not require the user to "manually" check their disks. It >would check to see that no more than one copy of itself resides on a disk. It >would have an expiration date (read off the Mac clock - say, 1992) at which >time it would erase itself. It would be small (say, less than 10K if >possible). It would not attatch itself to applications or files (perhaps it >would simply make itself invisible - a lame camouflage, but sufficient >considering the users it is targeted to serve). > >Problems? The ethical one of course. That is, "No program or code shall copy >itself from one medium to another without the consent, knowledge, and approval >of the user." The only other problem I foresee is one of poor programing - >incompatibility with existing systems, software, or machines - and >incompatibility with future versions of systems, software and machines. A >final thought - the possibility that someone with less benevolant intent would >modify it to destructive ends. ...why are you minimizing the ethical considerations? To affect someone or his or her work by deceit (or by force), REGARDLESS of the intent, is a violation of that person. I'm frightened about the fact that you could continue to pose the question, and that you seemed to take the idea somewhat seriously. Once you disregard the morality of your actions (on a rational individualism, not on an arbitrary religious morality), what standard do you have against which to judge your actions? The benefit to others? Have you discussed this personally with the several million people who would be susceptible to such a virus? Leave the individual decisions to the individual. If your lab needs protection, either make the equipment capable of handling it, or forgo the automatic protection, and prepare another procedure for dealing with the viruses you already have. Other problems? - You have no control over the extent of this virus. - You have no control over future modification of this virus. - You introduce another variable into problems people may have. - You cannot repair viruses with it. - Given that it's copying itself over and over, there are a number of opportunities for corruption. Think about what you're saying... | William Lee Nussbaum, Jr. | wln@cunixb.cc.columbia.edu At least equally relevant, I think, is that no program can be guaranteed to be bug-free. Since this 'anti-virus' could spread to any imaginable mac configuration without the user's permission, you need to guarantee that it would not aversely affect ANY such configuration, present or future. Developers of programs that are far less system-dependent than a virus already break into a cold sweat any time Apple introduces a new system or machine! In fact, it's my understanding that many of the current crop of viruses are meant to be non-harmful, yet cause bizarre crashes on various systems soley because of bugs. With traditional software, manufacturers can print 'requires mac 512K or later and System 6.0.1 or later' on the package, and users who don't meet those requirements can upgrade, or buy another package. If your anti-virus conflicts with the MyCruftyHack INIT running on SI's with ROM version 1.13a, your first indication of the conflict may come when someone files suit... -- |- Peter E. Lee, Staff Assistant -| | Software Development Lab at the University of Massachusetts at Amherst | | lee@cs.umass.edu or Fuligin@umass.bitnet or (413) 256-1329 | "When you expect whistles, it's flutes. When you expect flutes, it's whistles"
dhoyt@vx.acs.umn.edu (11/22/90)
Robert Morris is doing. david | dhoyt@vx.acs.umn.edu | dhoyt@umnacvx.bitnet
dhoyt@vx.acs.umn.edu (11/22/90)
In article <2749@ux.acs.umn.edu>, dhoyt@vx.acs.umn.edu writes... >Robert Morris is doing. This mailer likes eating first lines. What I wanted to say was, Before you unleash your 'anti-virus' virus, ask yourself what Robert Morris Jr. is doing.
mlab2@kuhub.cc.ukans.edu (11/26/90)
In article <~W|^{Z|@rpi.edu>, Garance_Drosehn@mts.rpi.edu (Garance Drosehn) writes: > References:<1990Nov19.033747.29163@ux1.cso.uiuc.edu> <27013.27483646@kuhub.cc.ukans.edu> <1990Nov20.171542.8779@cunixf.cc.columbia.edu> < > In article <9720@jarthur.Claremont.EDU> > wilkins@jarthur.Claremont.EDU (Mark Wilkins) writes: >> In article <1990Nov20.171542.8779@cunixf.cc.columbia.edu> >> >- You have no control over the extent of this virus. >> >- You have no control over future modification of this virus. >> >- You introduce another variable into problems people may have. >> >- You cannot repair viruses with it. >> >- Given that it's copying itself over and over, there are a number of >> > opportunities for corruption. >> >> >> What if it gives the user an opportunity to refuse? Throws up an >> informational dialog and lets the user choose whether to install it? >> Provides a means by which to remove it if it causes trouble? >> >> I think that if people were aware of such a thing it might not be so > bad, >> as long as they were given the chance to refuse infection by such an >> anti-virus virus. >> >> I'm not necessarily posing this question seriously, but do you think > this >> might lighten some of the ethical difficulty? > > I think it's a bad idea. I think it's also unethical to be mucking around > with other peoples disks and files, even to "protect" them. > > Garance_Drosehn@mts.rpi.edu I agree that the whole concept (even) is unethical to consider. I do not 'rationalize' it, I merely proposed it. Personally? It occurs to me that this MAY be the way of the future. I agree, I don't like it the idea at all. Consider however the trend: computer user interface --> friendlier (serving less sophisticated users) computer operating system --> more complex (from the programmers perspective - friendlier for the user implies a degree more complexity to attain this friendliness) I would suggest that viruses will persist. I would also suggest that viruses of more and more sophistication (given the platform and a sort of Darwinistic selectivity) will proliferate. I would finally suggest that anti-viral inncouations (so to speak) perhaps in the form of a counter-virus, may very well be in store for the future of computers. Call me a prophet of doom or such, I don't advocate these practices, I merely consider. john calhoun