Tuesday, 3 April 2012

The good computer virus

Is it possible or even advisable to create a good computer virus?

Let's take Wikipedia's current definition of a computer virus is of "a computer program that can replicate itself and spread from one computer to another."

There is no "malicious intent" in that definition, so it sounds like creating an automatic, self-distributing security program could work. Certainly Dr Cyrus Peikari thinks so.

I first heard Dr Peikari's argument in favour of creating good viruses, the presence of which would increase a host's immune system, at the Defcon conference in 2001. He wrote a paper on the subject three years later.

One significant problem with this approach is that once a viral program starts spreading there is no telling how it might affect systems. The creator may not be able to maintain control of the virus either, which means that they could initiate a potentially catastrophic sequence of events.

Let's say that someone wrote a worm that sought out and destroyed a (fictional) malware threat called Hercules. And let's say that this malware exists not only on home PCs but also on some smart TVs, mobile phones, ATMs and prison door control systems.

Our imaginary Hercules-killing worm might spread between all of these systems and attempt to deactivate the threats that it finds. It might work with 100 per cent effectiveness, or not. When it fails, or even when it succeeds, it might have unexpected side-effects.

As our benevolent worm interacts with Windows XP PCs running no anti-virus software, it does exactly as was intended. However, in other cases, where security software is in place, its unexpected presence is noted and blocked. As we all know, anti-virus software is not without its faults so maybe the worm makes some changes to the system before it is stopped.

We now have a damaged Windows XP PC.

The case becomes even more complex when you consider the other platforms in use (Android, Chromium OS, iOS, OS X, Linux etc.). The smart TVs might crash, mobile phones might be unaffected and hopefully any life-support systems or prison doors remain operational. But there is no guarantee.

There is also a legal issue. This worm, no matter how beneficial its intentions, and how effective its execution, is running on systems without authority. This falls foul of many laws, including the UK's Computer Misuse Act.

Some facts worth remembering, when thinking about well-intentioned viruses:
  1. One person's good intentions are not necessarily someone else's.
  2. The Morris Worm was allegedly written to discover the size of the internet, rather than to cause denial of service (DoS) problems. However, DoS it did.
  3. The Code Blue worm, when released in 2001, appeared to be designed to remove a prevalent threat at the time called the Code Red worm. It even patched infected systems to prevent re-infection. However, it reduced system stability (presumably unintentionally) and also launched DoS attacks (presumably intentionally).
In January 2012 Rig Ferguson wrote about a Japanese project to create a defensive virus. This supposed "cyberweapon" appears to have a benign, healing component. Let's hope that it works with the telly.