in reply to So I have this crazy idea about an 'anti-virus virus'

Creating virii and worms to hunt down other virii and worms has been repeatedly discussed (though not here, that I'm aware) and repeatedly shot down. These ideas die for good reason.

You cannot predict where your targets are. If you could, you'd just go there and root them out. Therefore, you cannot predict where your "immune system worm" will go. There's the first problem: you have to build in a certain level of unpredictability. As you mentioned, this could have a significant impact on mail servers. Now others will need to build defences against your defences? I wonder what would happen if they fight your "immune system worms" with still more worms...?

Next problem: remember the Morris Worm? It was supposed to be benign. The more things that you need your code to do, the more likely it is to have bugs. Now what we have is a piece of software with an inherently umpredictable migration pattern and that software will have bugs! Note that I didn't say "might". It will be complicated and it will have bugs. Whether or not those bugs are significant is another story. So now we have unpredictable, buggy code out there.

Next problem: you've created your buggy code to travel over the 'Net on Seek out and destroy missions. Crackers are going to have fun taking your code and modifying it to seek out and destroy what they want. Or maybe they just attach virii to your worm and sit back and watch.

Interesting idea, but too many problems. Curious, though, I heard a rumor that Microsoft was thinking about adopting this tactic to deal with Code Red. I certainly hope someone talked sense into them. Don't release worms to fight worms.

Cheers,
Ovid

Update: Here's and interesting link on the problems with creating such technologies.

Vote for paco!

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

  • Comment on (Ovid) Re: So I have this crazy idea about an 'anti-virus virus'

Replies are listed 'Best First'.
Re: (Ovid) Re: So I have this crazy idea about an 'anti-virus virus'
by dragonchild (Archbishop) on Aug 03, 2001 at 21:02 UTC
    I'd like to address these points from the other point of view.

    You cannot predict where your targets are. ... Therefore, you cannot predict where your "immune system worm" will go.

    This is a good thing. Any sufficiently-complicated system will be "unpredictable", in that given a surface-level snapshot of a given state and a surface-level look at the stimuli, you cannot with certainty predict the next state. All we can do is say "It is likely that the system will move in this direction, probably hitting these states along the way."

    For example, we cannot predict the path a given packet will take to get from point A to point B, even in a small network. In fact, we don't want to be able to do that! We want the system to "think for itself", so to speak.

    Now what we have is a piece of software with an inherently umpredictable migration pattern and that software will have bugs!

    First off, you just described Windows. It's a piece of software that does way too much, we can't predict where it will be, and it has bugs. So what?

    Every complex piece of software is reasonably certain to have bugs. The trick is to minimize the number and the impact of those bugs. You know the usual methods - packages, objects, testing, etc. This really is a non-objection.

    Crackers are going to have fun taking your code and modifying it to seek out and destroy what they want.

    This is a more complicated objection to deal with. The first, obvious, answer is to have your anti-virus make sure that any program that says it's the anti-virus passes certain criteria when checked. Things like size, checksums, etc. That would keep a lot of the silliness in check.

    However, a better answer is to reformulate the idea. Instead of an anti-virus that goes around killing other virii, instead it should go around closing security holes.

    Yes, I know this is an intrusion into other peoples' systems and changing stuff around, but my response to that is twofold:

    1. Their systems are compromised, and thus are a threat to my systems.
    2. They may not be aware that this loophole exists, and may never be aware that it was fixed.

    Interesting idea, but too many problems.

    That's what they said about GUI OS'es, the airplane, and the re-useable spacecraft, as well as irrigation, I suppose. I seriously hope that this isn't the answer we will give in the future. Instead of dismissing an idea, how about working it over? How about coming up with possibilities? Maybe, the idea as initially presented doesn't work very well, if at all. I know 99.999% of my ideas never work at first. It's only after they've been hashed out and tested and retested and thrown out and brought back that they become useable. E-bitch has a good idea, one I (and thousands of other programmers) have thought about for a very long time. Maybe it's time that a few of us actually do something about it, instead of giving up and saying "Interesting idea, but too many problems." Very frankly, I give props to Micro$oft for actually thinking about how to make this work. (Never thought I'd say that, huh? *grins*)

    ------
    /me wants to be the brightest bulb in the chandelier!

[reply]
Re: (Ovid) Re: So I have this crazy idea about an 'anti-virus virus'
by E-Bitch (Pilgrim) on Aug 03, 2001 at 20:23 UTC
    Well, it was a thought at least. Thanks for the response!

    thanks!
    E-Bitch
[reply]

In Section Meditations