Are Computer Viruses Still A Bad Idea — страница 5

  • Просмотров 573
  • Скачиваний 9
  • Размер файла 22
    Кб

synonym for a malicious program. In fact, many people call “viruses”many malicious programs that are unable to replicate – like trojan horses, or even bugs in perfectly legitimatesoftware. People will never accept a program that is labelled as a computer virus, even if it claims to do somethinguseful.3. Some Bad Examples of “Beneficial” VirusesRegardless of all the objections listed in the previous section, several people have asked themselves the questionwhether a computer virus could be used for something useful, instead of only for destructive purposes.And several people have tried to positively answer this question. Some of them have even implemented their ideas inpractice and have been experimenting with them in the real world – unfortunately, without success. In

this section weshall present some of the unsuccessful attempts to create a beneficial virus so far, and explain why they have beenunsuccessful.3.1. The “Anti-Virus” VirusSome computer viruses are designed to work not only in a “virgin” environment of infectable programs, but also onsystems that include anti-virus software and even other computer viruses. In order to survive successfully in suchenvironments, those viruses contain mechanisms to disable and/or remove the said anti-virus programs and”competitor” viruses. Examples for such viruses in the IBM PC environment are Den_Zuko (removes the Brain virusand replaces it with itself), Yankee_Doodle (the newer versions are able to locate the older ones and “upgrade” theinfected files by removing the older version of

the virus and replacing it with the newer one), Neuroquila (disablesseveral anti-virus programs), and several other viruses.Several people have had the idea to develop the above behaviour further and to create an “anti-virus” virus – a viruswhich would be able to locate other (presumably malicious) computer viruses and remove them. Such aself-replicating anti-virus program would have the benefits to spread very fast and update itself automatically.Several viruses have been created as an implementation of the above idea. Some of them locate a few known virusesand remove them from the infected files, others attach themselves to the clean files and issue an error message ifanother piece of code becomes attached after the virus (assuming that it has to be an unwanted virus),

and so on. However, all such pieces of “self-replicating anti-virus software” have been rejected by the users, who have consideredthe “anti-virus” viruses just as malicious and unwanted as any other real computer virus. In order to understand why, itis enough to realize that the “anti-virus viruses” matches several of the rules that state why a replicating program isconsidered malicious and/or unwanted. Here is a list of them for this particular idea.First, this idea violates the Control condition. Once the “anti-virus” virus is released, its author has no means tocontrol it.Second, it violates the Recognition condition. A virus that attaches itself to executable files will definitely trigger theanti-virus programs based on monitoring or integrity checking. There

is no way for those programs to decide whetherthey have been triggered by a “beneficial” virus or not.Third, it violates the Resource Wasting condition. Adding an almost identical piece of code to every executable file onthe system is definitely a waste – the same purpose can be achieved with a single copy of the code and a single file,containing the necessary data.Fourth, it violates the Bug Containment condition. There is no easy way to locate and update or remove all instancesof the virus.Fifth, it causes several compatibility problems, especially to the selfchecking programs, thus violating theCompatibility condition.Sixth, it is not as effective as a non-viral program, thus violating the Effectiveness condition. A virus-specificanti-virus program has to carry thousands

of scan strings for the existing malicious viruses – it would be veryineffective to attach a copy of it to every executable file. Even a generic anti-virus (i.e., based on monitoring orintegrity checking) would be more effective if it exists only in one example and is executed under the control of theuser.Seventh, such a virus modifies other people’s programs without their authorization, thus violating the UnauthorizedModification condition. In some cases such viruses ask the user for permission before “protecting” a file by infectingit. However, even in those cases they cause unwanted interruptions, which, as we already demonstrated, in somesituations can be fatal.Eight, by modifying other programs such viruses violate the Copyright condition.Ninth, at least with the