Fight Virus With Virus

Paul Boutin argues that the laziness and cluelessness of computer users are the only things that permit computer viruses to spread. His solution:

The only way to stop MyDoom might be to out-hack the hackers. In the past, “white hat” programmers have launched viruses that expose security holes without causing destruction in an attempt to make computer users more security-conscious. Last year, one programmer took the next step. As the Blaster worm circled the globe, the do-gooder released a worm called Nachi that infiltrated the same security hole as Blaster. But Nachi wasn’t a Blaster variant, it was a Blaster antidote: It erased copies of Blaster it found on PCs it invaded, then downloaded and installed a Windows update from Microsoft to secure the computer against further Blaster (and Nachi) attacks. Ingenious! There was only one problem: Nachi overloaded networks with traffic, just like Blaster had.

So far, no one’s created an effective antidote to MyDoom, which has done far more damage and shows no sign of stopping. While someone tried to repurpose Nachi for the job in February, that’s the wrong approach. What we need is a final MyDoom variant—let’s call it MyDoom.Omega—that breaches the exact same security holes as versions A through O, yet spreads itself slowly and carefully to prevent traffic jams. It could even launch warnings on the user’s screen for a few days (“Hey dummy! Click here to protect yourself!”) before going ahead and patching the hole itself.

Interesting. This amounts to self-installing anti-virus software, which makes sense in theory. Of course, harmful viruses disguised as white knights would seem the obvious countermeasure.

FILED UNDER: Science & Technology
James Joyner
About James Joyner
James Joyner is Professor and Department Head of Security Studies at Marine Corps University's Command and Staff College and a nonresident senior fellow at the Scowcroft Center for Strategy and Security at the Atlantic Council. He's a former Army officer and Desert Storm vet. Views expressed here are his own. Follow James on Twitter @DrJJoyner.

Comments

  1. M. Murcek says:

    Exactly right – the Internet needs an immune system.

  2. Bithead says:

    James;

    As you may know, I’ve been doing this professionally for quite a few years, now, and can tell you this issue comes up now and again… generally from people who know a lot about an OS and alot about how a virus works, but not a bleedin’ clue about how to support several hundred desktops from a central location.

    The biggest objection to the concept is, let’s say we manage to get this ‘counter virus’ working. What is to say it won’t interact with some feature, either HW or SW on the systems it’s infecting?

    Every time you add a bit of software to a system, particularly when yo’re adding it to the OS, which in reality what any virus is… a patch on the OS… you’re running a serious risk of burning the system down.

    I can’t tell you how many times we’ve run into pacthes to NT/2000/XP applications flaked because of a seemingly inoccuous OS patch. Lotus Notes and NT patch 6, for example. Why do you think there’s a patch 6a? Major Oops time.

    And yes, Granted, MS creates their own problems. But such is what we’re dealing with for the forseeable future, I fear.