Vigilante Viruses
on Wednesday, July 28, 2004In Paul Boutin’s “Fight Virus With Virus” on MSN’s Slate, he mentions how the Blaster antidote worm, Nachi, was just as draining on network resources as Blaster itself:
”As the Blaster worm circled the globe, the do-gooder released a worm called Nachi that infiltrated the same security hole as Blaster. But Nachi wasn’t a Blaster variant, it was a Blaster antidote: It erased copies of Blaster it found on PCs it invaded, then downloaded and installed a Windows update from Microsoft to secure the computer against further Blaster (and Nachi) attacks. Ingenious! There was only one problem: Nachi overloaded networks with traffic, just like Blaster had.” [emphasis added]
Boutin says antidote viruses are a good idea, if written correctly so as not to cause further network issues, and even suggests how they should behave:
”What we need is a final MyDoom variant—let’s call it MyDoom.Omega—that breaches the exact same security holes as versions A through O, yet spreads itself slowly and carefully to prevent traffic jams.”
I admit that fighting viruses with viruses is a sexy idea, and it might work. However, I dislike the idea of them spreading in the usual viral manner by actively searching out and attacking any vulnerable machine they can find. I would prefer the anti-virus to be more reactive than proactive; to sit patiently on an inoculated system, listening for the signature of a specific viral attack, then to launch an attack against the offending machine and inoculate it. The anti-virus would then sit patiently again, on both machines, waiting for the next viral attack. After a number of months of inactivity, the anti-virus should quietly remove itself from the inoculated system to free up the computer resources it had been using.
This behavior might be a bit slower in spreading itself across the internet, but it is a far-sight less aggressive than Nachi and would only target those machines already known to be infected. It would also be self-limiting in life-span. Behaviors that are much easier to defend in the court of public opinion and, perhaps, a court of law.
