h a l f b a k e r yRenovating the wheel
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Consider W32/Nachi, a virus designed to use its powers for good instead of evil. Or that's the way it was supposedly intended anyway. As we all know, it had some problems, it was rather poorly designed and caused some denial of service type damage. It also has, in my opinion, some ethical problems
in that it forces the patch onto otherwise non-infected computers that for whatever reason were left unpatched by their administrators. In spite of this, perhaps we can still use the basic idea of utilizing the same security vulnerability that the virus uses to propagate against the virus.
The antivirus would be able to connect to a remote computer using the vulnerability but would not do so arbitrarily, but rather "on demand" so to speak, if another computer were to attempt to attack the antivirus infected computer using the target vulnerability. It would then connect to and then clean and patch the attacking computer. I argue that this is ethical because the attacking computer is infected at that moment, and is a clear and present danger. After the patch has been applied, the antivirus would make it's last act on the attacking computer a notification to the user, via a pop up window, or an email to the address found in the users email client configuration, describing what just happened and why. It would then offer a free download of the antivirus software (and source code.) The user would then have the choice weather to install the antivirus software on their computer, or even to unpatch their computer and risk reinfection by the original virus. The antivirus would therefore be ethical, because it would only attack in response to a clear attack, and would only spread by consent.
[brummo - I did search. "Doable" and "Commensal" are completely different because they call for the antivirus to spread virually without consent, an approach that has been discreated IRL with the W32/Nachi fiasco. "Tinkerbell" is kind of similar in that it calls for consent, but it still "touches" non-infected computers and is therefore unethical (IMO) and would cause undue network traffic.
jutta - I believe that my idea is distinct because only computers *actually infected* by a virus utilizing the target exploit, and only those infected that attack a computer with the antivirus installed, would get touched by the antivirus.
reensure - this antivirus would cause computers that are infected and are attempting to spread the virus to be disinfected and patched, which is different from the current practice because it does not require the user of the attacking computer to realize that they are infected and attacking other computers.
jutta - thanks. I should be a bit more clear, perhaps; this antivirus *would* connect to, clean, and patch a remote computer without consent, but it would not then take up residence on the remote computer and wait for new attacks without consent. I believe this is ethical because the non-consentual thing only happens when a computer attempts to attack and infect a computer that has the antivirus software installed. For an analogy, suppose you are out, and someone breaks into your house and starts throwing rocks at passers by. I don't think the police (or even regular citizens) should have to get your consent before going in and ousting them.]
Doable "Good" viruses
http://www.halfbake...22Good_22_20viruses [Brummo, Oct 05 2004, last modified Oct 17 2004]
Commensal computer virus
http://www.halfbake..._20computer_20virus [Brummo, Oct 05 2004, last modified Oct 17 2004]
Tinkerbell Virus
http://www.halfbake.../Tinkerbell_20Virus [Brummo, Oct 05 2004, last modified Oct 17 2004]
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Annotation:
|
|
There are several very similar posts on this topic here already, please search before posting. |
|
|
Edit: Removed my fishbone, since you clarified your idea and how it differed from existing posted ideas. |
|
|
I'm misunderstanding this, I must be. If the // would not then take up residence on the remote computer and wait for new attacks //, how does this "anti" virus find your computer? You added "without consent" - does this mean that people consent to allowing the virus to scan the net for other infected computers from their machines? |
|
|
Don't like this. It's still a virus and that's a bad thing, no matter what the intention is. |
|
|
Waugsqueke - it would work like this: an infected computer attempts to connect to a computer with the antivirus software installed, and tries to infect it. The antivirus software will be able to tell with certanty that it is an attack and not a ligitimate communication, as soon as virus/worm code is attempted to be transmitted. My assertion is that at that point, since it is known that the attacking computer is infected with the virus/worm, and it is known to be going out and trying to spread the virus/worm, it is ethical at that point to invade, clean up, and patch the offinding machine. The antivirus would never go out and scan for infected computers, infected computers would have to come to it. Once the offending machine is cleaned/etc., the antivirus would notify the user and then delete itself. The user would then be able to, iff they choose to do so, download and install the antivirus software. So its mode of spreading would not really be any more virus like than any other software program that you can choose to download for free. I admit that it does come dangerously close to being spam-like, and it has the limitation that it would only work against worms that spread like the slammer worm spreads, that is, via dirrect tcpip connection rather then via email. It would be impossible to trace an email back to an ip address quickly and automatically. |
|
|
Okay, so it's like I install the antivirus software on my machine, except that it fixes other peoples' computers, not mine. |
|
|
I'm not so sure it's ethical. That's like saying a doctor can go ahead and operate on someone who needs surgery, whether they want the surgery or not. They need it, so it's okay. |
|
|
Well, I don't know if that's quite the right doctor analogy, a person who needs surgery for their own good is not likely to be a risk to anyone else if they choose not to have the surgery, but suppose a person has TB, and works in a McDonalds or something. Suppose they have a history of not following their doctors orders, ie, they take the antibiotics only until they feel a little bit better and then stop, instead of taking the full course. Does society have the right to compel them to take a full course of a multi-antibiotic regimin, (and to take a vacation until it is finished) in order to prevent them spreading resistant TB to all their customers? I think it does. The computer situation isn't quite as loaded, but I think the same principle applies. |
|
|
This was baked, exactly as described, by one of the anti-worm worms last year, either after Code Red or Slammer. It fixed the vulnerability, and then only propagated if it saw a probe from another machine. |
|
|
Ethics aside, this is still illegal under the computer crime laws that most countries have adopted. Hell, running a simple scan utility like NMAP has been deemed illegal under some of them. |
|
|
Taken to a ludicrous extreme, this becomes some form of distributed operating system, with the user stations becoming effectually dumb terminals again, doesn't it? |
|
|
It's a scary world when the basic difference between this approach and Microsloth (and similar) auto-update push is an 'accept / decline' button and a few lines of legal rigamarole which nobody reads. |
|
| |