In Paul Boutin’s “Fight Virus With Virus” on MSN’s Slate, he mentions how the Blaster antidote worm, Nachi, was just as draining on network resources as Blaster itself:
”As the Blaster worm circled the globe, the do-gooder released a worm called Nachi that infiltrated the same security hole as Blaster. But Nachi wasn’t a Blaster variant, it was a Blaster antidote: It erased copies of Blaster it found on PCs it invaded, then downloaded and installed a Windows update from Microsoft to secure the computer against further Blaster (and Nachi) attacks. Ingenious! There was only one problem: Nachi overloaded networks with traffic, just like Blaster had.” [emphasis added]
Boutin says antidote viruses are a good idea, if written correctly so as not to cause further network issues, and even suggests how they should behave:
”What we need is a final MyDoom variant—let’s call it MyDoom.Omega—that breaches the exact same security holes as versions A through O, yet spreads itself slowly and carefully to prevent traffic jams.”
I admit that fighting viruses with viruses is a sexy idea, and it might work. However, I dislike the idea of them spreading in the usual viral manner by actively searching out and attacking any vulnerable machine they can find. I would prefer the anti-virus to be more reactive than proactive; to sit patiently on an inoculated system, listening for the signature of a specific viral attack, then to launch an attack against the offending machine and inoculate it. The anti-virus would then sit patiently again, on both machines, waiting for the next viral attack. After a number of months of inactivity, the anti-virus should quietly remove itself from the inoculated system to free up the computer resources it had been using.
This behavior might be a bit slower in spreading itself across the internet, but it is a far-sight less aggressive than Nachi and would only target those machines already known to be infected. It would also be self-limiting in life-span. Behaviors that are much easier to defend in the court of public opinion and, perhaps, a court of law.