|An article on last week's front page of SecurityPortal entitled Reflections on the Strange, Perplexing, Interminable, and Most Lamentable Phenomenon Known as the Viral Wars contains an alarming suggestion. |
It proposes that we..."Develop antiviral viruses (antibodies) that are polymorphic and mobile. Roaming the Internet they would seek out and destroy new viral strains. (SARC is doing some interesting work in this area. More needs to be done though.)". There are several problems with this idea.
First, it ignores the basic problem with viruses -- that they run on other people's computers without authorization. Presumably, a "beneficial" virus would propagate by similarly illegitimate means, but carry a "good" payload rather than a destructive one. For that reason, I believe that anyone who releases such a "good" virus should be charged with the same offense as one releasing a "bad" virus, although with reduced penalties for its perhaps lesser damage and less deliberately destructive intent.
Note that the good virus would not only propagate and execute without permission, but would also consume network bandwidth, processor cycles, memory, and disk space. Resulting, inevitably, in the denial of the system owner from using those resources. That is what is commonly called a "denial of service" attack, or DoS.
Next, there is the non-trivial problem of identifying malicious programs. Identifying a known, existing virus is easy in comparison to programmatically distinguishing between unknown good and bad code. Since many legitimate programs contain several ways to damage or remove files, the simple ability to delete and modify files cannot alone identify a program as bad. So, perhaps the good virus would limit itself to wiping out only programs that it could (somehow) identify as capable of replication by combining its own code with that of another program. That would surely be inconvenient for the makers of self-extracting archive software. But, assuming that that obstacle could be overcome, how would a good virus tell another good virus from a bad one? Both behave similarly, including the practice of damaging or destroying other files. Imagine the resources wasted in unintentional global wars between various strains of good viruses! We can only hope that all creators of such good viruses carefully write their code to recognize every other species of good virus -- a task made difficult or impossible by the fact that the good viruses would be cleverly polymorphic.
Note that, for liability reasons, good viruses would have to be very nearly perfect. To have them mistakenly delete a recently patched copy of Microsoft Word could be very inconvenient.
And, of course, let's not overlook the possibility of mutant evil strains of the so-called good virus -- strains created by shady programmers who would not otherwise be capable of writing such sophisticated code. The new evil -- and polymorphic -- strains would likely be mis-identified as good by unmodified good viruses yet carry a very destructive payload. A payload which could include the killing of all the unsuspecting good viruses that it can so easily identify.
Then, some time in the future, we will pause for a moment of silence while we remember the deceased good viruses that first invaded our computers, escalated the virus wars, then gave their very essence to improving the breed of their sworn enemies before being themselves ruthlessly destroyed by derivatives of their own code.