Are “good” Computer Viruses Still A Bad Idea?

Sample essay topic, essay writing: Are "good" Computer Viruses Still A Bad Idea? - 2283 words

Are 'Good' Computer Viruses Still a Bad Idea? Vesselin BontchevResearch AssociateVirus Test CenterUniversity of HamburgVogt-Koelln-Str. 30, 22527 Hamburg, - hamburg. de [Editor's note: Vesselin'scurrent email address is ]During the past six years, computer viruses have caused unaccountable amount ofdamage - mostly due to loss of time and resources. For most users, the term'computer virus' is a synonym of the worst nightmares that can happen on theirsystem. Yet some well-known researchers keep insisting that it is possible touse the replication mechanism of the viral programs for some useful andbeneficial purposes. This paper is an attempt to summarize why exactly the general public appreciatescomputer viruses as something inherently bad. It is also considering several ofthe proposed models of 'beneficial' viruses and points out the problems in them. A set of conditions is listed, which every virus that claims to be beneficialmust conform to. At last, a realistic model using replication techniques forbeneficial purposes is proposed and directions are given in which this techniquecan be improved further. The paper also demonstrates that the main reason for the conflict between thosesupporting the idea of a 'beneficial virus' and those opposing it, is that thetwo sides are assuming a different definition of what a computer virus is.1.

What Is a Computer Virus? The general public usually associates the term 'computer virus' with a small, nasty program, which aims to destroy the information on their machines. As usual, the general public's understanding of the term is incorrect. There are manykinds of destructive or otherwise malicious computer programs and computerviruses are only one of them. Such programs include backdoors, logic bombs, trojan horses and so on [Bontchev94]. Furthermore, many computer viruses are notintentionally destructive - they simply display a message, play a tune, or evendo nothing noticeable at all. The important thing, however, is that even thosenot intentionally destructive viruses are not harmless - they are causing a lotof damage in the sense of time, money and resources spent to remove them - because they are generally unwanted and the user wishes to get rid of them. A much more precise and scientific definition of the term 'computer virus' hasbeen proposed by Dr. Fred Cohen in his paper [Cohen84]. This definition ismathematical - it defines the computer virus as a sequence of symbols on thetape of a Turing Machine

The definition is rather difficult to express exactlyin a human language, but an approximate interpretation is that a computer virusis a 'program that is able to infect other programs by modifying them to includea possibly evolved copy of itself'.Unfortunately, there are several problems with this definition. One of them isthat it does not mention the possibility of a virus to infect a program withoutmodifying it - by inserting itself in the execution path. Some typical examplesare the boot sector viruses and the companion viruses [Bontchev94]. However, this is a flaw only of the human-language expression of the definition - themathematical expression defines the terms 'program' and 'modify' in a way thatclearly includes the kinds of viruses mentioned above. A second problem with the above definition is its lack of recursiveness. That is, it does not specify that after infecting a program, a virus should be able toreplicate further, using the infected program as a host. Another, much more serious problem with Dr. Cohen's definition is that it is toobroad to be useful for practical purposes.

In fact, his definition classifies as'computer viruses' even such cases as a compiler which is compiling its ownsource, a file manager which is used to copy itself, and even the programDISKCOPY when it is on diskette containing the operating system - because it canbe used to produce an exact copy of the programs on this diskette. In order to understand the reason of the above problem, we should pay attentionto the goal for which Dr. Cohen's definition has been developed. His goal hasbeen to prove several interesting theorems about the computational aspects ofcomputer viruses [Cohen89]. In order to do this, he had to develop amathematical (formal) model of the computer virus. For this purpose, one needs amathematical model of the computer. One of the most commonly used models is theTuring Machine (TM).

Indeed, there are a few others (e. g., the Markoff chains, the Post Machine, etc.), but they are not as convenient as the TM and all ofthem are proven to be equivalent to it. Unfortunately, in the environment of the TM model, we cannot speak about'programs' which modify 'other programs' - simply because a TM has only one, single program - the contents of the tape of that TM. That's why Cohen's modelof a computer virus considers the history of the states of the tape of the TM. If a sequence of symbols on this tape appears at a later moment somewhere elseon the tape, then this sequence of symbols is said to be a computer virus forthis particular TM. It is important to note that a computer virus should bealways considered as related to some given computing environment - a particularTM. It can be proven ([Cohen89]) that for any particular TM there exists asequences of symbols which is a virus for that particular TM. Finally, the technical computer experts usually use definitions for the term'computer virus', which are less precise than Dr. Cohen's model, while in thesame time being much more useful for practical reasons and still being much morecorrect than the general public's vague understanding of the term.

One of thebest such definitions is ([Seborg]):'We define a computer 'virus' as a self-replicating program that can'infect' other programs by modifyingthem or their environment such that a call to an 'infected' program impliesa call to a possibly evolved, and inmost cases, functionally similar copy of the 'virus'.'The important thing to note is that a computer virus is a program that is ableto replicate by itself. The definition does not specify explicitly that it is amalicious program. Also, a program that does not replicate is not a virus, regardless of whether it is malicious or not. Therefore the maliciousness isneither a necessary, nor a sufficient property for a program to be a computervirus. Nevertheless, in the past ten years a huge number of intentionally or nonintentionally destructive computer viruses have caused an unaccountable amountof damage - mostly due to loss of time, money, and resources to eradicate them -because in all cases they have been unwanted. Some damage has also been causedby a direct loss of valuable information due to an intentionally destructivepayload of some viruses, but this loss is relatively minor when compared to themain one. Lastly, a third, indirect kind of damage is caused to the society - many users are forced to spend money on buying and time on installing and usingseveral kinds of anti-virus protection. Does all this mean that computer viruses can be only harmful? Intuitively, computer viruses are just a kind of technology. As with any other kind oftechnology, they are ethically neutral - they are neither 'bad' nor 'good' - itis the purposes that people use them for that can be 'bad' or 'good'. So farthey have been used mostly for bad purposes.

It is therefore natural to ask thequestion whether it is possible to use this kind of technology for good purposes. Indeed, several people have asked this question - with Dr. Cohen being one ofthe most active proponents of the idea [Cohen91]. Some less qualified peoplehave attempted even to implement the idea, but have failed miserably (seesection 3). It is natural to ask - why? Let's consider the reasons why the ideaof a 'good' virus is usually rejected by the general public. In order to do this, we shall consider why people think that a computer virus is always harmful andcannot be used for beneficial purposes.2. Why Are Computer Viruses Perceived as Harmful? About a year ago, we asked the participants of the electronic forum Virus-L/comp. virus, which is dedicated to discussions about computer viruses, to listall reasons they could think about why do they perceive the idea of a'beneficial' virus as a bad one.

What follows is a systematized and generalizedlist of those reasons.2.1. Technical ReasonsThis section lists the arguments against the 'beneficial virus' idea, which havea technical character. They are usually the most objective ones.2.1.1. Lack of ControlOnce released, the person who has released a computer virus has no control onhow this virus will spread. It jumps from machine to machine, using theunpredictable patterns of software sharing among the users. Clearly, it caneasily reach systems on which it is not wanted or on which it would beincompatible with the environment and would cause unintentional damage.

It isnot possible for the virus writer to predict on which systems the virus will runand therefore it is impossible to test the virus on all those systems forcompatibility. Furthermore, during its spread, a computer virus could reach evena system that had not existed when that virus has been created - and thereforeit had been impossible to test the virus for compatibility with this system. The above is not always true - that is, it is possible to test the virus forcompatibility on a reasonably large number of systems that are supposed to runit. However, it is the damaging potential of a program that is spreading out ofcontrol which is scaring the users.2.1.2. Recognition DifficultyCurrently a lot of computer viruses already exist, which are eitherintentionally destructive or otherwise harmful. There are a lot of anti-virusprograms designed to detect and stop them.

All those harmful viruses are notgoing to disappear overnight. Therefore, if one develops a class of beneficialviruses and people actually begin to use them, then the anti-virus programs willhave to be able to make the difference between the 'good' and the 'bad' viruses - in order to let the former in and keep the latter out. Unfortunately, in general it is theoretically impossible even to distinguishbetween a virus and a non-viral program ([Cohen89]). There is no reason to thinkthat distinguishing between 'good' and 'bad' viruses will be much easier. Whileit might be possible to distinguish between them using virus-specific anti-virussoftware (e. g., scanners), we should not forget that many people are relying ongeneric anti-virus defenses, for instance based on integrity checking. Suchsystems are designed to detect modifications, not specific viruses, andtherefore will be triggered by the 'beneficial' virus too, thus causing anunwanted alert. Experience shows that the cost of such false positives is thesame as of a real infection with a malicious virus - because the users waste alot of time and resources looking for a non-existing problem.2.1.3.

Resource WastingA computer virus would eat up disk space, CPU time, and memory resources duringits replication. A computer virus is a self-replicating resource eater. Onetypical example is the Internet Worm, accidentally released by a Carnegie-Mellonstudent. It was not designed to be intentionally destructive, but in the processof its replication, the multiple copies of it used so much resources, that theypractically brought down a large portion of the Internet. Even when the computer virus uses a limited amount of resources, it isconsidered as a bad thing by the owner of the machine on which the virus isdoing it, if it happens without authorization.2.1.4. Bug ContainmentA computer virus can easily escape the controlled environment and this makes itvery difficult to test such programs properly.

And indeed - experience showsthat almost all computer viruses released so far suffer from significant bugs, which would either prevent them from working in some environments, or even causeunintentional damage in those environments. Of course, any program can (and usually does) contain bugs. This is especiallytrue for the large and complex software systems. However, a computer virus isnot just a normal buggy program. It is a self-spreading buggy program, which isout of control. Even if the author of the virus discovers the bug at a latertime, there is the almost untreatable problem of revoking all existing copies ofthe virus and replacing them with fixed new versions.2.1.5.

Compatibility ProblemsA computer virus that can attach itself to any of the user's programs woulddisable the several programs on the market that perform a checksum on themselvesat runtime and refuse to run if modified. In a sense, the virus will perform adenial-of-service attack and thus cause damage. Another problem arises from some attempts to solve the 'lack of control' problemby creating a virus that asks for permission before infecting. Unfortunately, this causes an interruption of the task being currently executed until the userprovides the proper response. Besides of being annoying for the user, it couldbe sometimes even dangerous. Consider the following example. It is possible that a computer is used to control some kind of life-criticalequipment in a hospital. Suppose that such a computer gets infected by a'beneficial' computer virus, which asks for permission before infecting anyparticular program. Then it is perfectly possible that a situation arises, whena particular program has to be executed for the first time after the virus hasappeared on the computer, and that this program has to urgently perform sometask which is critical for the life of a patient. If at that time the virusinterrupts the process with the request for permission to infect this program, then the caused delay (especially if there is no operator around to authorize ordeny the request) could easily result in the death of the patient.2.1.6. EffectivenessIt is argued that any task that could be performed by a 'beneficial' virus couldalso be performed by a non-replicating program.

Since there are some risksfollowing from the capability of self-replication, it would be therefore muchbetter if a non-replicating program is used, instead of a computer virus.2.2. Ethical and Legal ReasonsThe following section lists the arguments against the 'beneficial virus' idea, which are of ethical or legal kind. Since neither ethics, nor the legal systemsare universal among the human society, it is likely that those arguments willhave different strength in...

Research paper and essay writing, free essay topics, sample works Are "good" Computer Viruses Still A Bad Idea?




Please do not pass this sample essay as your own, otherwise you will be accused of plagiarism. Our writers can write any custom essay for you!
Like this post? Please share to your friends:
Mann Erudite – Essays on Literary Works