Are Computer Viruses Still A Bad Idea

Free Articles

Essay, Research Paper

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

VirusAre & # 8220 ; Good & # 8221 ; Computer Viruses Still a Bad Idea? During the past six old ages, computing machine viruses have caused unexplainable sum of harm & # 8211 ; largely due to loss of clip and resources. For most users, the term & # 8220 ; computing machine virus & # 8221 ; is a equivalent word of the worst incubuss that can go on ontheir system. Yet some well-known research workers maintain take a firm standing that it is possible to utilize the reproduction mechanism ofthe viral plans for some utile and good purposes.This paper is an effort to sum up why precisely the general populace appreciates computing machine viruses as somethinginherently bad. It is besides sing several of the proposed theoretical accounts of & # 8220 ; good & # 8221 ; viruses and points out theproblems in them. A set of conditions is listed, which every virus that claims to be good must conform to. At last, a realistic theoretical account utilizing reproduction techniques for good intents is proposed and waies are given in which this technique can be improved further.The paper besides demonstrates that the chief ground for the struggle between those back uping the thought of a & # 8220 ; good virus & # 8221 ; and those opposing it, is that the two sides are presuming a different definition of what a computing machine virus is.1. What Is a Computer Virus? The general public normally associates the term & # 8220 ; computing machine virus & # 8221 ; with a little, awful plan, which aims to destruct the information on their machines. As usual, the general public & # 8217 ; s apprehension of the term is wrong. There are many sorts of destructive or otherwise malicious computing machine plans and computing machine viruses are merely one of them. Suchprograms include back doors, logic bombs, Trojan Equus caballuss and so on [ Bontchev94 ] . Furthermore, many computerviruses are non deliberately destructive & # 8211 ; they merely display a message, play a melody, or even do nil noticeable at all. The of import thing, nevertheless, is that even those non deliberately destructive viruses are non harmless & # 8211 ; they are doing a batch of harm in the sense of clip, money and resources spent to take them & # 8211 ; because they are generallyunwanted and the user wishes to acquire rid of them.A much more precise and scientific definition of the term & # 8220 ; computing machine virus & # 8221 ; has been proposed by Dr. Fred Cohen in his paper [ Cohen84 ] . This definition is mathematical & # 8211 ; it defines the computing machine virus as a sequence of symbols on thetape of a Turing Machine. The definition is instead hard to show precisely in a human linguistic communication, but an approximateinterpretation is that a computing machine virus is a & # 8220 ; plan that is able to infect other plans by modifying them to include a perchance evolved transcript of itself & # 8221 ; .Unfortunately, there are several jobs with this definition. One of them is that it does non advert the possibility of a virus to infect a plan without modifying it & # 8211 ; by infixing itself in the executing way. Some typical illustrations are the boot sector viruses and the comrade viruses [ Bontchev94 ] . However, this is a defect merely of the human-language look of the definition & # 8211 ; the mathematical look defines the footings & # 8220 ; plan & # 8221 ; and & # 8220 ; modify & # 8221 ; in a manner that clearly includes the sorts of viruses mentioned above.A 2nd job with the above definition is its deficiency of recursiveness. That is, it does non stipulate that after infecting a plan, a virus should be able to retroflex farther, utilizing the septic plan as a host. Another, much more serious job with Dr. Cohen & # 8217 ; s definition is that it is excessively wide to be utile for practical intents. In fact, his definition classifies as & # 8220 ; computing machine viruses & # 8221 ; even such instances as a compiler which is roll uping its ain beginning, a file director which is used to copy itself, and even the plan DISKCOPY when it is on floppy incorporating the operating system & # 8211 ; because it can be used to bring forth an exact transcript of the plans on this diskette.In order to understand the ground of the above job, we should pay attending to the end for which Dr. Cohen & # 8217 ; s definition has been developed. His end has been to turn out several interesting theorems about the computationalaspects of computing machine viruses [ Cohen89 ] . In order to make this, he had to develop a mathematical ( formal ) theoretical account of thecomputer virus. For this intent, one needs a mathematical theoretical account of the computing machine. One of the most commonly usedmodels is the Turing Machine ( TM ) . Indeed, there are a few others ( e.g. , the Markoff ironss, the Post Machine, etc. ) , but they are non every bit convenient as the TM and all of them are proven to be tantamount to it.Unfortunately, in the environment of the TM theoretical account, we can non talk about & # 8220 ; plans & # 8221 ; which modify & # 8220 ; otherprograms & # 8221 ; & # 8211 ; merely because a TM has merely one, individual plan & # 8211 ; the contents of the tape of that TM. That & # 8217 ; s whyCohen & # 8217 ; s theoretical account of a computing machine virus considers the history of the provinces of the tape of the TM. If a sequence of symbolson this tape appears at a ulterior minute someplace else on the tape, so this sequence of symbols is said to be acomputer virus for this peculiar TM. It is of import to observe that a computing machine virus should be ever considered asrelated to some given calculating environment & # 8211 ; a peculiar TM. It can be proven ( [ Cohen89 ] ) that for any particularTM there exists a sequences of symbols which is a virus for that peculiar TM.Finally, the proficient computing machine experts normally use definitions for the term & # 8220 ; computing machine virus & # 8221 ; , which are less precisethan Dr. Cohen & # 8217 ; s theoretical account, while in the same clip being much more utile for practical grounds and still being muchmore correct than the general public & # 8217 ; s obscure apprehension of the term. One of the best such definitions is ( [ Seborg ] ) : & # 8220 ; We define a computing machine & # 8216 ; virus & # 8217 ; as a self-replicating plan that can & # 8216 ; infect & # 8217 ; other plans by modifying them or their environment such that a call to an & # 8216 ; infected & # 8217 ; plan implies a call to a perchance evolved, and in most instances, functionally similar transcript of the & # 8216 ; virus & # 8217 ; . & # 8221 ; The of import thing to observe is that a computing machine virus is a plan that is able to retroflex by itself. The definition doesnot stipulate explicitly that it is a malicious plan. Besides, a plan that does non retroflex is non a virus, irrespective ofwhether it is malicious or non. Therefore the malice is neither a necessary, nor a sufficient belongings for aprogram to be a computing machine virus.Nevertheless, in the past 10 old ages a immense figure of deliberately or non deliberately destructive computing machine viruseshave caused an unexplainable sum of harm & # 8211 ; largely due to loss of clip, money, and resources to eliminate them- because in all instances they have been unwanted. Some harm has besides been caused by a direct loss of valuableinformation due to an deliberately destructive warhead of some viruses, but this loss is comparatively minor whencompared to the chief 1. Last, a 3rd, indirect sort of harm is caused to the society & # 8211 ; many users are forced tospend money on purchasing and clip on installation and utilizing several sorts of anti-virus protection.Does all this mean that computing machine viruses can be merely harmful? Intuitively, computing machine viruses are merely a sort oftechnology. As with any other sort of engineering, they are ethically impersonal & # 8211 ; they are neither & # 8220 ; bad & # 8221 ; nor & # 8220 ; good & # 8221 ; & # 8211 ; it isthe intents that people use them for that can be & # 8220 ; bad & # 8221 ; or & # 8220 ; good & # 8221 ; . So far they have been used largely for bad intents. It is hence natural to inquire the inquiry whether it is possible to utilize this sort of engineering for good purposes.Indeed, several people have asked this inquiry & # 8211 ; with Dr. Cohen being one of the most active advocates of the thought [ Cohen91 ] . Some less qualified people have attempted even to implement the thought, but have failed miserably ( seesection 3 ) . It is natural to inquire & # 8211 ; why? Let & # 8217 ; s see the grounds why the thought of a & # 8220 ; good & # 8221 ; virus is normally rejected by thegeneral public. In order to make this, we shall see why people think that a computing machine virus is ever harmful andcannot be used for good purposes.2. Why Are Computer Viruses Perceived as Harmful? About a twelvemonth ago, we asked the participants of the electronic forum Virus-L/comp.virus, which is dedicated todiscussions about computing machine viruses, to name all grounds they could believe about why do they comprehend the thought of a & # 8221 ; good & # 8221 ; virus as a bad 1. What follows is a systematized and generalised list of those reasons.2.1. Technical ReasonsThis subdivision lists the statements against the & # 8220 ; good virus & # 8221 ; thought, which have a proficient character. They are usuallythe most nonsubjective ones.2.1.1. Lack of ControlOnce released, the individual who has released a computing machine virus has no control on how this virus will distribute. It jumpsfrom machine to machine, utilizing the unpredictable forms of package sharing among the users. Clearly, it can easilyreach systems on which it is non wanted or on which it would be incompatible with the environment and would causeunintentional harm. It is non possible for the virus author to foretell on which systems the virus will run andtherefore it is impossible to prove the virus on all those systems for compatibility. Furthermore, during its spread, acomputer virus could make even a system that had non existed when that virus has been created & # 8211 ; and therefore it hadbeen impossible to prove the virus for compatibility with this system.The above is non ever true & # 8211 ; that is, it is possible to prove the virus for compatibility on a moderately big figure ofsystems that are supposed to run it. However, it is the detrimental potency of a plan that is distributing out of controlwhich is frightening the users.2.1.2. Recognition DifficultyCurrently a batch of computing machine viruses already exist, which are either deliberately destructive or otherwise harmful. There are a batch of anti-virus plans designed to observe and halt them. All those harmful viruses are non traveling todisappear nightlong. Therefore, if one develops a category of good viruses and people really begin to utilize them, so the anti-virus plans will hold to be able to do the difference between the & # 8220 ; good & # 8221 ; and the & # 8220 ; bad & # 8221 ; viruses & # 8211 ; inorder to allow the former in and maintain the latter out.Unfortunately, in general it is theoretically impossible even to separate between a virus and a non-viral plan ( [ Cohen89 ] ) . There is no ground to believe that separating between & # 8220 ; good & # 8221 ; and & # 8220 ; bad & # 8221 ; viruses will be much easier. While it might be possible to separate between them utilizing virus-specific anti-virus package ( e.g. , scanners ) , weshould non bury that many people are trusting on generic anti-virus defences, for case based on unity look intoing. Such systems are designed to observe alterations, non specific viruses, and hence will be triggered by the & # 8221 ; good & # 8221 ; virus excessively, therefore doing an unwanted qui vive. Experience shows that the cost of such false positives is thesame as of a existent infection with a malicious virus & # 8211 ; because the users waste a batch of clip and resources looking for anon-existing problem.2.1.3. Resource WastingA computing machine virus would eat up disk infinite, CPU clip, and memory resources during its reproduction. A computing machine virusis a self-replicating resource feeder. One typical illustration is the Internet Worm, by chance released by aCarnegie-Mellon pupil. It was non designed to be deliberately destructive, but in the procedure of its reproduction, themultiple transcripts of it used so much resources, that they practically brought down a big part of the Internet.Even when the computing machine virus uses a limited sum of resources, it is considered as a bad thing by the proprietor of themachine on which the virus is making it, if it happens without authorization.2.1.4. Bug ContainmentA computing machine virus can easy get away the controlled environment and this makes it really hard to prove such programsproperly. And so & # 8211 ; experience shows that about all computing machine viruses released so far suffer from important bugs, which would either forestall them from working in some environments, or even do unwilled harm in thoseenvironments.Of class, any plan can ( and normally does ) incorporate bugs. This is particularly true for the big and complex softwaresystems. However, a computing machine virus is non merely a normal balmy plan. It is a self-spreading roadster plan, which isout of control. Even if the writer of the virus discovers the bug at a ulterior clip, there is the about untreatable problemof revoking all bing transcripts of the virus and replacing them with fixed new versions.2.1.5. Compatibility ProblemsA computing machine virus that can attach itself to any of the user & # 8217 ; s plans would disenable the several plans on the marketthat execute a checksum on themselves at runtime and garbage to run if modified. In a sense, the virus will execute adenial-of-service onslaught and therefore do damage.Another job arises from some efforts to work out the & # 8220 ; deficiency of control & # 8221 ; job by making a virus that asks forpermission before infecting. Unfortunately, this causes an break of the undertaking being presently executed until theuser provides the proper response. Besides of being raging for the user, it could be sometimes even unsafe. See the undermentioned example.It is possible that a computing machine is used to command some sort of life-critical equipment in a infirmary. Suppose that such acomputer gets infected by a & # 8220 ; good & # 8221 ; computing machine virus, which asks for permission before infecting any particularprogram. Then it is absolutely possible that a state of affairs arises, when a peculiar plan has to be executed for the firsttime after the virus has appeared on the computing machine, and that this plan has to desperately execute some undertaking which iscritical for the life of a patient. If at that clip the virus interrupts the procedure with the petition for permission to infectthis plan, so the caused hold ( particularly if there is no operator around to authorise or deny the petition ) couldeasily consequence in the decease of the patient.2.1.6. EffectivenessIt is argued that any undertaking that could be performed by a & # 8220 ; good & # 8221 ; virus could besides be performed by a non-replicatingprogram. Since there are some hazards following from the capableness of self-replication, it would be hence muchbetter if a non-replicating plan is used, alternatively of a computing machine virus.2.2. Ethical and Legal ReasonsThe following subdivision lists the statements against the & # 8220 ; good virus & # 8221 ; thought, which are of ethical or legal sort. Sinceneither moralss, nor the legal systems are cosmopolitan among the human society, it is likely that those statements will hold

different strength in the different states. However, they have to be taken into account.2

.2.1. Unauthorized Data ModificationIt is usually considered unethical to modify other people’s data without their authorization. In many countries this isalso illegal. Therefore, a virus which performs such actions will be considered unethical and/or illegal, regardless ofany positive outcome it could bring to the infected machines. Sometimes this problem is perceived by the users as “thevirus writer claims to know better than me what software should I run on my machine”.2.2.2. Copyright and Ownership ProblemsIn many cases, modifying a particular program could mean that copyright, ownership, or at least technical supportrights for this program are voided.We have witnessed such an example at the VTC-Hamburg. One of the users who called us for help with a computervirus was a sight-impaired lawyer, who was using special Windows software to display the documents he was workingon with a large font on the screen – so that he could read them. His system was infected by a relatively non-damagingvirus. However, when the producer of the software learned that the machine was infected, they refused any technicalsupport to the user, until the infection was removed and their software – installed from clean originals.2.2.3. Possible MisuseAn attacker could use a “good” virus as a means of transportation to penetrate a system. For instance, a person withmalicious intent could get a copy of a “good” virus and modify it to include something malicious. Admittedly, anattacker could trojanize any program, but a “good” virus will provide the attacker with means to transport hismalicious code to a virtually unlimited population of computer systems. The potential to be easily modified to carrymalicious code is one of the things that makes a virus “bad”.2.2.4. ResponsibilityDeclaring some viruses as “good” and “beneficial” would just provide an excuse to the crowd of irresponsible viruswriters to condone their activities and to claim that they are actually doing some kind of “research”. In fact, this isalready happening – the people mentioned above are often quoting Dr. Fred Cohen’s ideas for beneficial viruses as anexcuse of what they are doing – often without even bothering to understand what Dr. Cohen is talking about.2.3. Psychological ReasonsThe arguments listed in this section are of psychological kind. They are usually a result of some kind ofmisunderstanding and should be considered an obstacle that has to be “worked around”.2.3.1. Trust ProblemsThe users like to think that they have full control on what is happening in their machine. The computer is a verysophisticated device. Most computer users do not understand very well how it works and what is happening inside. The lack of knowledge and uncertainty creates fear. Only the feeling that the reactions of the machine will be alwaysknown, controlled, and predictable could help the users to overcome this fear.However, a computer virus steals the control of the computer from the user. The virus activity ruins the trust that theuser has in his/her machine, because it causes the user to lose his/her belief that s/he can control this machine. Thismay be a source of permanent frustrations.2.3.2. Negative Common MeaningFor most people, the word “computer virus” is already loaded with negative meaning. The media has already widelyestablished the belief that a computer virus is a synonym for a malicious program. In fact, many people call “viruses”many malicious programs that are unable to replicate – like trojan horses, or even bugs in perfectly legitimatesoftware. People will never accept a program that is labelled as a computer virus, even if it claims to do somethinguseful.3. Some Bad Examples of “Beneficial” VirusesRegardless of all the objections listed in the previous section, several people have asked themselves the questionwhether a computer virus could be used for something useful, instead of only for destructive purposes.And several people have tried to positively answer this question. Some of them have even implemented their ideas inpractice and have been experimenting with them in the real world – unfortunately, without success. In this section weshall present some of the unsuccessful attempts to create a beneficial virus so far, and explain why they have beenunsuccessful.3.1. The “Anti-Virus” VirusSome computer viruses are designed to work not only in a “virgin” environment of infectable programs, but also onsystems that include anti-virus software and even other computer viruses. In order to survive successfully in suchenvironments, those viruses contain mechanisms to disable and/or remove the said anti-virus programs and”competitor” viruses. Examples for such viruses in the IBM PC environment are Den_Zuko (removes the Brain virusand replaces it with itself), Yankee_Doodle (the newer versions are able to locate the older ones and “upgrade” theinfected files by removing the older version of the virus and replacing it with the newer one), Neuroquila (disablesseveral anti-virus programs), and several other viruses.Several people have had the idea to develop the above behaviour further and to create an “anti-virus” virus – a viruswhich would be able to locate other (presumably malicious) computer viruses and remove them. Such aself-replicating anti-virus program would have the benefits to spread very fast and update itself automatically.Several viruses have been created as an implementation of the above idea. Some of them locate a few known virusesand remove them from the infected files, others attach themselves to the clean files and issue an error message ifanother piece of code becomes attached after the virus (assuming that it has to be an unwanted virus), and so on. However, all such pieces of “self-replicating anti-virus software” have been rejected by the users, who have consideredthe “anti-virus” viruses just as malicious and unwanted as any other real computer virus. In order to understand why, itis enough to realize that the “anti-virus viruses” matches several of the rules that state why a replicating program isconsidered malicious and/or unwanted. Here is a list of them for this particular idea.First, this idea violates the Control condition. Once the “anti-virus” virus is released, its author has no means tocontrol it.Second, it violates the Recognition condition. A virus that attaches itself to executable files will definitely trigger theanti-virus programs based on monitoring or integrity checking. There is no way for those programs to decide whetherthey have been triggered by a “beneficial” virus or not.Third, it violates the Resource Wasting condition. Adding an almost identical piece of code to every executable file onthe system is definitely a waste – the same purpose can be achieved with a single copy of the code and a single file,containing the necessary data.Fourth, it violates the Bug Containment condition. There is no easy way to locate and update or remove all instancesof the virus.Fifth, it causes several compatibility problems, especially to the selfchecking programs, thus violating theCompatibility condition.Sixth, it is not as effective as a non-viral program, thus violating the Effectiveness condition. A virus-specificanti-virus program has to carry thousands of scan strings for the existing malicious viruses – it would be veryineffective to attach a copy of it to every executable file. Even a generic anti-virus (i.e., based on monitoring orintegrity checking) would be more effective if it exists only in one example and is executed under the control of theuser.Seventh, such a virus modifies other people’s programs without their authorization, thus violating the UnauthorizedModification condition. In some cases such viruses ask the user for permission before “protecting” a file by infectingit. However, even in those cases they cause unwanted interruptions, which, as we already demonstrated, in somesituations can be fatal.Eight, by modifying other programs such viruses violate the Copyright condition.Ninth, at least with the current implementations of “anti-virus” viruses, it is trivial to modify them to carry destructivecode – thus violating the Misuse condition.Tenth, such viruses are already widely being used as examples by the virus writers when they are trying to defend theirirresponsible actions and to disguise them as legitimate research – thus the idea violates the responsibility conditiontoo.As we can see from the above, the idea of a beneficial anti-virus virus is “bad” according to almost any of the criterialisted by the users.3.2. The “File Compressor” VirusThis is one of the oldest ideas for “beneficial” viruses. It is first mentioned in Dr. Cohen’s original work [Cohen84]. The idea consists of creating a self-replicating program, which will compress the files it infects, before attaching itselfto them. Such a program is particularly easy to implement as a shell script for Unix, but it is perfectly doable for thePC too. And it has already been done – there is a family of MS-DOS viruses, called Cruncher, which appends itself tothe executable files, then compresses the infected file using Lempel-Zev-Huffman compression, and then prepends asmall decompressor which would decompress the file in memory at runtime.Regardless of the supposed benefits, this idea also fails the test of the criteria listed in the previous section. Here iswhy.First, the idea violates the Control condition. Once released, the author of the virus has no means to controls itsspread. In the particular implementation of Cruncher, the virus writer has attempted to introduce some kind of control. The virus asks the user for permission before installing itself in memory, causing unwanted interruptions. It is alsopossible to tell the virus to install itself without asking any questions – by the means of setting an environmentvariable. However, there are no means to tell the virus not to install itself and not to ask any questions – which shouldbe the default action.Second, the idea violates the Recognition condition. Several virus scanners detect and recognize Cruncher by name,the process of infecting an executable triggers most monitoring programs, and the infected files are, of course,modified, which triggers most integrity checkers.Third, the idea violates the Resource condition. A copy of the decompressor is present in every infected file, which isobviously unnecessary.Fourth, the idea violates the Bug Containment condition. If bugs are found in the virus, the author has no simplemeans to distribute the fix and to upgrade all existing copies of the virus.Fifth, the idea violates the Compatibility condition. There are many files which stop working after being compressed. Examples include programs that perform a self-check at runtime, self-modifying programs, programs with internaloverlay structure, Windows executables, and so on. Admitedly, those programs stop working even after beingcompressed with a stand-alone (i.e., non-viral) compression program. However, it is much more difficult to compressthem by accident when using such a program – quite unlike the case when the user is running a compression virus.Sixth, the idea violates the Effectiveness condition. It is perfectly possible to use a stand-alone, non-viral program tocompress the executable files and prepend a short decompressor to them. This has the added advantage that the codefor the compressor does not have to reside in every compressed file, and thus we don’t have to worry about its size orspeed – because it has to be executed only once. True, the decompressor code still has to be present in each compressedfile and many programs will still refuse to work after being compressed. The solution is to use not compression at afile level, but at a disk level. And indeed, compressed file systems are available for many operating environments(DOS, Novell, OS/2, Unix) and they are much more effective than a file-level compressor that spreads like a virus.Seventh, the idea still violates the Copyright condition. It could be argued that it doesn’t violate the Data Modificationcondition, because the user is asked to authorize the infection. We shall accept this, with the remark mentioned above -that it still causes unwanted interruptions. It is also not very trivial to modify the virus in order to make it malicious,so we’ll assume that the Misuse condition is not violated too – although no serious attempts are made to ensure thatthe integrity of the virus has not been compromised.Eighth, the idea violates the responsibility condition. This particular virus – Cruncher – has been written by the sameperson who has released many other viruses – far from “beneficial” ones – and Cruncher is clearly used as an attempt tocondone virus writing and to masquerade it as legitimate “research”.3.3. The “Disk Encryptor” VirusThis virus has been published by Mark Ludwig – author of two books and a newsletter on virus writing, and of severalreal viruses, variants of many of which are spreading in the real world, causing real damage.The idea is to write a boot sector virus, which encrypts the disks it infects with a strong encryption algorithm (IDEA inthis particular case) and a user-supplied password, thus ensuring the privacy of the user’s data. Unfortunately, this ideais just as flawed as the previous ones.First, it violates the Control condition. True, the virus author has attempted to introduce some means of control. Thevirus is supposed to ask the user for permission before installing itself in memory and before infecting a disk. However, this still causes unwanted interruptions and reportedly in some cases doesn’t work properly – that is, thevirus installs itself even if the user has told it not to.Second, it violates the Recognition condition. Several virus-specific scanners recognize this virus either by name or asa variant of Stealth_Boot, which it actually is. Due to the fact that it is a boot sector infector, it is unlikely to triggerthe monitoring programs. However, the modification that it causes to the hard disk when infecting it, will trigger mostintegrity checkers. Those that have the capability to automatically restore the boot sector, thus removing any possiblypresent virus, will cause the encrypted disk to become inaccessible and therefore cause serious damage.Third, the idea violates the Compatibility condition. A boot sector virus that is permanently resident in memoryusually causes problems to Windows

Related posts:

  1. Uart Chips Essay Research Paper EET211 Introduction
  2. Word 2000 Features Essay Research Paper Microcomputer
  3. Scarlet Letter Proof Of Atrophine Poisoning Essay
  4. Abortion Essay Research Paper Should LateTerm Abortion
  5. The Assessed Causes Of The First World
  6. Science Project For Biology Essay Research Paper
  7. A Bug
  8. Gps Essay Research Paper The new Avionics
  9. Democracy In America Essay Research Paper Alexis

Post a Comment

Your email address will not be published. Required fields are marked *

*

x

Hi!
I'm Katy

Would you like to get such a paper? How about receiving a customized one?

Check it out