Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Fujitsu To Develop Vigilante Computer Virus For Japan

Soulskill posted more than 2 years ago | from the which-will-lead-to-anti-anti-virus-viruses dept.

Japan 129

wiedzmin writes "Japanese Defense Ministry has awarded Fujitsu a contract to develop a vigilante computer virus, which will track down and eliminate other viruses, or rather — their sources of origin. Are 'good' viruses a bad idea? Sophos seems to think so, saying, 'When you're trying to gather digital forensic evidence as to what has broken into your network, and what data it may have stolen, it's probably not wise to let loose a program that starts to trample over your hard drives, making changes.'"

cancel ×

129 comments

Sorry! There are no comments related to the filter you selected.

A Polite Virus (4, Interesting)

Marxist Hacker 42 (638312) | more than 2 years ago | (#38575422)

Would be the answer. A polite virus doesn't migrate automagically- it *asks* before it migrates.

Re:A Polite Virus (1)

ColdWetDog (752185) | more than 2 years ago | (#38575490)

Methinks the Japanese have been reading too much into the "Diamond Age [wikipedia.org] ".

Maybe Matter Compilers are next....

Ignore (0)

Anonymous Coward | more than 2 years ago | (#38575494)

undo moderation

Re:A Polite Virus (0)

Anonymous Coward | more than 2 years ago | (#38575498)

How about a polite evil virus that asks before it migrates?

Re:A Polite Virus (1)

Mitchell314 (1576581) | more than 2 years ago | (#38576002)

It does, in the form of "Would you like to [save|download] this file". Technically, permission is asked (by the browser) and it does pertain to malware . . . :P

If you don't believe me, contrast it to impolite malware (like most commercial AV, *cough*) that comes pre-installed. :D

Re:A Polite Virus (1)

Marxist Hacker 42 (638312) | more than 2 years ago | (#38576470)

Truly polite viruses and malware pop up a message box on install that says "I am a virus. My intent is to do X. Are you sure you want to Install? Type YeS (with that capitalization) to continue, anything else to cancel."

Re:A Polite Virus (1)

Anonymous Coward | more than 2 years ago | (#38577980)

It's all there on page 172 in the EULA that can only be viewed in a 2 row high textarea.

Re:A Polite Virus (5, Insightful)

nman64 (912054) | more than 2 years ago | (#38575586)

Malicious authors would love that - another angle for them to take advantage of. Anyone with clue isn't going to trust a polite virus unless they've been told to expect it, and by the time they've been told this polite virus is friendly, the malicious authors will already be using polite messages to get users clicking where they want them to.

Re:A Polite Virus (4, Insightful)

Moryath (553296) | more than 2 years ago | (#38575978)

You've got it right. Malicious authors will just reverse-engineer Sophos's virus, tweak the payload, and then they're off to the races.

And other antivirus houses, RIGHTLY, will peg Sophos's virus as malicious and work to block or eliminate it.

This is the catch-22. If your virus tries to use a "break in then pull up the ladder with it" mentality, someone else will co-opt your work. Pretty soon, your "beneficial virus" will be meaningless. In the real world, virus writers have been caught "pulling up the ladder" from time to time, removing their competitors' viruses and taking over existing botnets. Sophos is trying the same tactic, which isn't going to be helpful for anyone.

Re:A Polite Virus (1)

thoromyr (673646) | more than 2 years ago | (#38576050)

Sophos is trying the same tactic, which isn't going to be helpful for anyone.

Are you sure Sophos is trying the same tactic? Or is Sophos saying more-or-less what you are saying. Perhaps you meant Fujitsu? Or the Japanese Defense Ministry which is funding the effort? At least, that is according to the fine summary...

Re:A Polite Virus (3, Informative)

TFAFalcon (1839122) | more than 2 years ago | (#38576282)

That just trains people to click OK/ALLOW more. So the next 'polite' virus will do more then just kill other virii.

Re:A Polite Virus (0)

Anonymous Coward | more than 2 years ago | (#38577072)

"viruses", or "virus." "Virii" is wrong no matter how you look at it.

Re:A Polite Virus (1)

ae1294 (1547521) | more than 2 years ago | (#38577180)

Would be the answer. A polite virus doesn't migrate automagically- it *asks* before it migrates.

No a polite virus will offer you a nice warm blanket...

Re:A Polite Virus (1)

guruevi (827432) | more than 2 years ago | (#38577916)

Does Canada have virus programmers? I thought they would be too nice of a

Source (0)

Anonymous Coward | more than 2 years ago | (#38575434)

[eliminate] their sources of origin.

Windows XP users then.

Re:Source (4, Funny)

AngryDeuce (2205124) | more than 2 years ago | (#38575482)

Specifically, I.E. 6 users, because fuck them.

Re:Source (1)

Anonymous Coward | more than 2 years ago | (#38575484)

So Skynet was really just after Windows users?

Re:Source (2)

iggymanz (596061) | more than 2 years ago | (#38575518)

even windows 7 has infection rate of 4 per 1,000 machines. Let's talk about using real OS instead of Bill Gate's stupid glorified program loader.

http://www.computerworld.com/s/article/9216654/Windows_7_s_malware_infection_rate_climbs_XP_s_falls [computerworld.com]

Re:Source (4, Insightful)

Moryath (553296) | more than 2 years ago | (#38576070)

Every time I see this, I remember the obvious counterargument.

- If OSX had better than 8% market share, wouldn't there be hordes of virus programmers (russian mafia, bored script kiddies and pranksters, whatever) looking for holes in it to take over?
- If Linux had better than 1% market share, wouldn't there be hordes of programmers trying to break it? Actually, if you look at the server market where Linux has a larger market share, they DO try to crack it - and lo and behold, they tend to succeed relatively on the same pace as breaking into Windows server boxes.

The question isn't, is Windows insecure? Of course it is - due in no small part to being not-securely-configured by hordes of user-level operators at their houses. But if everyone magically switched to your OS of choice, are we really likely to find that the situation improved at all? Probably not. Even at their smaller market share, it turns out OSX has had its fair share [google.com] , and Linux as well.

And then, of course, there's the old "Problem between keyboard and chair" issue. Users willing to click on ANYTHING are going to be your worst source of problems, especially in the home market. Again, would that change if all of them switched to OSX or Linux? Of course not, they're still going to click on anything and enter their password to install the Free Puppy Screensaver or whatever else it is.

Re:Source (2)

VortexCortex (1117377) | more than 2 years ago | (#38576590)

Did you by chance watch the Chaos Computer Club talk about Stuxnet? [youtube.com] I was thinking the whole time: "Well there's part of the reason right there, MS: You hire folks like this moron."

The vulns exploited are a direct evidence of lack of security in design. I mean, Guest accounts telling printer drivers to "print to file" ANY WHERE on the drive?! AS ROOT?!?

Don't give me that "Mac & Linux are just as bad" bullshit. I deal with the Linux sources, MS isn't even in the same league. I've seen the (leaked) source code that Microsoft devs write... IT'S SHIT. Their OS is full of insecure kludgey shit. Remember the Zune Leap Year BS? Just try to get away with committing some of that shit to the Linux Kernel team. Google Tried committing crap kernel code from Android, guess what? IT WAS REFUSED; Told to get cleaned up. I mean... fuck man.. GET REAL!

Re:Source (2)

Moryath (553296) | more than 2 years ago | (#38577250)

Yawwwwwnnnn. [theregister.co.uk]

Bugs are committed to Linux all the time. You just don't hear about it as much. It's not "big news" because (a) less people are trying to make a botnet out of a couple million Linux boxes and (b) it doesn't feed the "let's bash on MS" crowd on Slashdot.

I'm not a Microsoft fanboy, but I'm willing to recognize the hurdles they have to face: trying to not break backwards compatibility, dealing with the fact that most home users will be the "fuck security, I don't want to have to enter a password it's MY computer" types, and being targeted because of sheer numbers of marketshare. And I guarantee you, if Linux had even 30% of the desktop market, you'd see an absolute ton of malware being written for it and "0-day" exploits every day. Even if the bugs were only present in the main branch of the discordant, splintered Linux distro world, it'd happen.

Re:Source (0)

Anonymous Coward | more than 2 years ago | (#38577152)

FUD FUD FUD. Linux servers aren't spam spewing bots fuckwit. And OS X isn't suitable for a server OS. Apple really screwed things up when the took BSD code.

Re:Source (1)

forkfail (228161) | more than 2 years ago | (#38577422)

Linux 1% market share?

Well, maybe desktop. But internet backbone? Facebook/Amazon/Google/etc server farms? Hate to break it to you, but those are almost all Linux. And that's where the real data is.

Re:Source (1)

Moryath (553296) | more than 2 years ago | (#38577458)

I believe that was my point:
Actually, if you look at the server market where Linux has a larger market share, they DO try to crack it - and lo and behold, they tend to succeed relatively on the same pace as breaking into Windows server boxes.

But thanks for responding without reading.

Re:Source (1)

forkfail (228161) | more than 2 years ago | (#38577614)

Sorry, but the rate of success is nowhere near as good. If it were, ALL of your data would already be completely out in the open.

Also, you quote the 1% figure as though it were gospel - which it is not.

Both your logic and your presentation/writing are flawed.

Re:Source (1)

Moryath (553296) | more than 2 years ago | (#38577706)

Well let's go to the numbers [netmarketshare.com] .

Also, you quote the 1% figure as though it were gospel - which it is not.

So I rounded to whole numbers. BFD.

Re:Source (2)

forkfail (228161) | more than 2 years ago | (#38578100)

You persist in using desktop numbers, not internet server farm numbers. Which don't get published so much; they're mostly considered proprietary information. But it is easily verifiable that Google, Facebook, eBay, Amazon (including AWS), and pretty much all the other big names use Linux for their server farms, not Windows.

Yes, I concede that for desktops, Linux has a tiny market share.

For the internet backbones, server farms, research farms, and so forth, Windows doesn't get used all that much. And that's where the real concentration of data is.

Also, you don't take into consideration the value of a compromise. The value of compromising J Random Luser's home PC is far, far less than that of compromising say a Facebook server with personal information or getting into some company's AWS virtual hosts.

Re:Source (1)

LWATCDR (28044) | more than 2 years ago | (#38577518)

Except that Linux has a large percentage of the server market so that makes it a high value target.

I will admit that Windows gets blame for things that I just do not think are it's fault.
For instance I do not think it is right to blame any OS for trojans. If you run a program as admin that infects your system that isn't the OSs fault. Of course for the longest time Windows pretty much was useless if you where not running as admin and it has taken a while for software to learn to play nice when it is being run by a normal user.
AKA it isn't Windows falt if you click on "hot naked chicks.exe" in your email.

Re:Source (1)

Moryath (553296) | more than 2 years ago | (#38577670)

Except that Linux has a large percentage of the server market so that makes it a high value target.

Did I NOT say the following: "Actually, if you look at the server market where Linux has a larger market share, they DO try to crack it - and lo and behold, they tend to succeed relatively on the same pace as breaking into Windows server boxes."

Yes. I'm looking at my post and it is RIGHT FREAKING THERE. Wow.

In the server market, Linux is a high value target. So it gets hacked into. Fairly regularly.
In the home desktop market, where botnets take hold (because a botnet of 100 servers is infinitesimally less useful than a botnet of a couple million home boxes on cable/dsl lines), Microsoft OS'es are the high value target because they control the vast majority of market share. It's really that simple. The fact that the home desktop market is where people who will click on "hot naked chicks.exe" with no problem tend to concentrate? Well, that wouldn't change no matter what the OS of choice was.

Re:Source (2)

forkfail (228161) | more than 2 years ago | (#38578178)

Except that they don't have the same rate of success, as evidenced by the fact that all the hosts on AWS and Google and so forth haven't been turned into bot farms and all the data exposed to the world.

Re:Source (0)

Anonymous Coward | more than 2 years ago | (#38577924)

8% is enough, wip, thanks for your interest

Re:Source (4, Insightful)

sootman (158191) | more than 2 years ago | (#38578328)

OS X has it's fair share? Really? They have, say, 10% of the computer market, and about 0.0001% of the actual, in-the-wild viruses. The main problem on OS X is trojans (to which ANY platform is vulnerable) and OS X has NEVER had a self-replicating virus the way Windows has. (Nimda, Code Red, Sasser, etc.)

So yeah, if everyone switched to OS X or Linux, we probably WOULD be better off. Maybe not perfect, but much, much better.

Re:Source (1)

Baloroth (2370816) | more than 2 years ago | (#38576078)

4 per 1,000 is about right for simple user stupidity, so I'm not sure what your point is. If those people were using Linux, Linux would have a similar infection rate (actually, probably higher, since they would run root constantly and Linux has little protection against a stupid root user). Only iOS style walled-garden tactics can fix that problem for good. And XP is still at a rate of 15.9/1,000 machines.

Re:Source (-1)

Anonymous Coward | more than 2 years ago | (#38575528)

Don't you mean Linux users? The people that write these viruses from their parents basements out of frustration because they'll never get laid because they are too busy being losers? You know, the people that are too obsessed with ideology to actually use the computer as a tool for anything other than some misplaced vendetta? You know, like you?

Re:Source (4, Informative)

nman64 (912054) | more than 2 years ago | (#38575678)

Face the facts. The malware problem today is the result of large, highly-profitable, highly-competitive criminal empires. These programs are written by hired developers working in a business infrastructure, not random script kiddies locked away in their parents' basements. The developers creating this malware are typically doing so on Windows systems, though much of the delivery infrastructure does run on other platforms. It has nothing to do with ideology, vendettas, social failures or platform choices. It's all about the money.

Re:Source (1)

nopainogain (1091795) | more than 2 years ago | (#38575746)

he also seems to think that virus creation is more sport than business. lets not forget that the disgruntled social outcast isnt making the identity theft virus/malware that originates in east asia and steals your bank information.

Ugh (4, Insightful)

afabbro (33948) | more than 2 years ago | (#38575452)

Any "good" virus will be caught, captured, studied, mutated, and turned into a "bad" virus very quickly.

Also, a virus by definition installs software on a machine without the owner's consent. So it's never a good idea.

Re:Ugh (1)

Marxist Hacker 42 (638312) | more than 2 years ago | (#38575500)

"Also, a virus by definition installs software on a machine without the owner's consent."

I disagree with that definition. KOH is an example of a good virus that asked *before* it installed.

Re:Ugh (0)

Anonymous Coward | more than 2 years ago | (#38575602)

KOH is potassium hydroxide. What KOH are you talking about?

Re:Ugh (2)

Marxist Hacker 42 (638312) | more than 2 years ago | (#38576418)

KOH virus, used in several industries to encrypt hard drives across a network. Or at least was back in the 1990s. It was very polite- asked by drive letter if you wanted it to migrate, asked you for each boot volume for a 256 byte private key and a pass phrase. It was NOT just "Click OK to install" either- you needed to type YeS, with both capitals, to go, at least in the version my company sold as "CasinoCrypt" to casinos in British Columbia (based on a gaming commission requirement). It would even migrate to floppies, again asking first, effectively locking that floppy into use on that computer.

Re:Ugh (1)

morcego (260031) | more than 2 years ago | (#38575616)

So, by your virus definition, Windows is a virus ?

Re:Ugh (5, Funny)

badboy_tw2002 (524611) | more than 2 years ago | (#38575732)

I propose then we name the new "good virus" "Agent Smith"

Agent Smith: I'd like to share a revelation that I've had during my time here. It came to me when I tried to classify your operating system and I realized that its not actually an operating system at all. Every OS on the Internet develops a natural equilibrium with the surrounding hardware environment, but your Windows does not. Its installed on fresh hardware and grows and grows until every hardware resource is consumed and the only way you can survive is to wipe the machine and start over. There is another program on the Internet that follows the same pattern. Do you know what it is? A virus. Windows is a disease, a cancer of the Internet. You're a plague and we are the cure.

Re:Ugh (1)

EdIII (1114411) | more than 2 years ago | (#38575998)

I have found my new sig.

Oh, and thanks butthead. I have to go get some windex and paper towels to get the coffee off my monitors :)

P.S - I think we should create a crowd funded website to pay that actor to make a commercial for Linux with your script.

Re:Ugh (1)

morcego (260031) | more than 2 years ago | (#38577584)

I would totally chip in for that. However, I'm not sure we could get away with it:
- We could be accused of libel/defamation
- We could have problems with trademark (Microsoft)
- We could have problems with copyright (Matrix's authors)

However, if we had the backing of any established comedy/humor media, we could get away with it. Maybe The Onion. SNL could pull this one, but I doubt they would buy the idea. Hummmm ... Does anyone know the people from SNL ? :)

Re:Ugh (1)

EdIII (1114411) | more than 2 years ago | (#38578250)

Does anyone know the people from SNL?

Oh sure. I go to temple all the time with Adam Sandler. I'll ask him this weekend.

Re:Ugh (0)

Anonymous Coward | more than 2 years ago | (#38576164)

So, by your virus definition, Windows is a virus ?

No, Windows is not a virus. Here's what viruses do:
They replicate quickly - okay, Windows does that.
Viruses use up valuable system resources, slowing down the system as they do so - okay, Windows does that.
Viruses will, from time to time, trash your hard disk - okay, Windows does that too.
Viruses are usually carried, unknown to the user, along with valuable programs and systems. Sigh... Windows does that, too.
Viruses will occasionally make the user suspect their system is too slow (see 2) and the user will buy new hardware. Yup, that's with Windows, too.
Until now it seems Windows is a virus but there are fundamental differences:Viruses are well supported by their authors, are running on most systems, their program code is fast, compact and efficient and they tend to become more sophisticated as they mature.

So Windows is not a virus.

It's a bug.

Re:Ugh (1)

wiedzmin (1269816) | more than 2 years ago | (#38576310)

Also, a virus by definition installs software on a machine without the owner's consent.

Well, technically, by definition, viruses don't install anything - they inject themselves into existing host files/applications/processes. You're thinking of worms... which is technically, by definition, what this is :) But regardless, yes, this is a bad idea.

P.S. Yay, my story got posted.

Re:Ugh (1)

unrtst (777550) | more than 2 years ago | (#38576576)

I'm almost certain that nearly everyone that's even a little involved in IT has had the idea mentioned in the summary. This isn't a new thought, and I believe it hasn't been done because we all keep deciding in the end that it'd cause more harm than good (or may have bad/legal repercussions the good guys aren't willing to deal with).... but it sure is tempting.

I'm all for them giving it a go. If designed right, it'd reduce the number of virus-laden machines and leave no additional vector for infection:

* work like a vulnerability scanner
* if you find something, exploit it, close the hole, and leave it be
* also attempt to detect other virus' and, if possible, close them down.
* report unfixable stuff to somewhere else, where network admins can kick the box offline

You wouldn't get everything, and you're bound to cause some colatteral damage, but I'd bet it'd help clean up the mess quite a bit.
Assuming it only scans from a set block of IP's, it'd also be easy to "opt out" of it by blocking it at your firewall. If you don't have one in this day and age and your window box is directly connected to the net, you have no business being online without a babysitter.

Honestly, my only concern would be scope and slippery-slope. If they operate like a virus and spread from machine to machine and install resident software, and that software keeps doing stuff, then it'd be trivial for them (or someone else) to turn it into something worse - keylog everyone for the gov't; remove software you don't agree with (ex. tor); use it as an attack platform against other countries; etc. If it's not installing anything, but just closing obvious holes, I don't have a problem with that.

Begun the Core Wars has (1)

SchroedingersCat (583063) | more than 2 years ago | (#38575454)

... or Core Wars Reloaded?

Um, no. (5, Funny)

JustAnotherIdiot (1980292) | more than 2 years ago | (#38575468)

Are 'good' viruses a bad idea?

McAfee, Norton, AVG, etc have built businesses around good viruses.

Re:Um, no. (2)

Riceballsan (816702) | more than 2 years ago | (#38575822)

Nope, a virus is a self replicating self installing piece of software, a Trojan tricks people into installing it by claiming to do something desired. Thus McAffee and Norton are high grade trojans, and some of the few that can trick you into paying to install them.

Re:Um, no. (1)

virgnarus (1949790) | more than 2 years ago | (#38576444)

While initially I figured deeming them "rogueware" would be nonsensical, I then realized their incapacity to perform their advertised functions makes it appropriate.

We know where this is going... (2)

SJHillman (1966756) | more than 2 years ago | (#38575470)

Skynet, Landru, M5, the Matrix, HAL

There's plenty of art for reality to follow.

Re:We know where this is going... (1)

EdIII (1114411) | more than 2 years ago | (#38576054)

Which brings up a good point, or question that is.

Does art imitate life, or does life imitate art?

How much Japanese Mange and Anime out there have the premise, much like Johnny Mnemonic, that there can be AI viruses out there designed to travel from system to system carrying out search and destroy orders.

I think the new Japanese politicians are Ghost in the Shell fans.....

It's going to be hard to tell... (4, Insightful)

forkfail (228161) | more than 2 years ago | (#38575474)

... the white cells from the attacking entities.

And the ramifications could get interesting.

For example, will it be illegal to tamper with such a white cell virus that's on your system? To reverse engineer it? To release your own distributed anti-virus system that might view such a white cell virus as a threat, and hunt it down and destroy it across multiple networks?

Re:It's going to be hard to tell... (2)

Bucky24 (1943328) | more than 2 years ago | (#38575562)

For example, will it be illegal to tamper with such a white cell virus that's on your system? To reverse engineer it? To release your own distributed anti-virus system that might view such a white cell virus as a threat, and hunt it down and destroy it across multiple networks?

Only if they copyright it.

Back Hack? (2)

Tavor (845700) | more than 2 years ago | (#38575476)

Considering this is Japan, I'm pretty sure they got the idea from Ghost in the Shell. The Major often times references performing a Back Hack, to determine the location of an attacker. Now if only I could teach Windows how to enter Autistic Mode...

Re:Back Hack? (2)

vlm (69642) | more than 2 years ago | (#38575566)

Considering this is Japan, I'm pretty sure they got the idea from Ghost in the Shell. The Major often times references performing a Back Hack, to determine the location of an attacker. Now if only I could ...

... I was thinking more along the lines of what to do with those who bring virii onto my network ... tentacles ....

Re:Back Hack? (0)

Anonymous Coward | more than 2 years ago | (#38575814)

Tentacle rape is a suitable punishment for people who mis-pluralize the term virus in an attempt to sound like l33t hax0rz, I agree.

Re:Back Hack? (1)

Iamthecheese (1264298) | more than 2 years ago | (#38575714)

Windows does literally what the user asks for in most cases. It has a rigid response system that, while carefully considered, can't in any way respond intuitively to users' desires. Windows can't empathize, it can't be creative. It can, however direct you to gigabytes of information on many topics. Windows is highly autistic.

Source of Origin (5, Funny)

JoeCoder7 (989774) | more than 2 years ago | (#38575506)

What happens when the Fujitsu virus meets itself and destroys its own source of origin?

An Exercise in Futility (3, Interesting)

nman64 (912054) | more than 2 years ago | (#38575532)

An arms race against an opponent that know no boundaries is typically futile.

It would be extremely difficult to develop a virus that could effectively spread and eliminate other infections without stooping to the same low levels as the malicious developers, at which point the friendly virus isn't so friendly anymore.

Sophos is right that such a counter-attack launched on a managed network with security-aware personnel capable of removing the malicious infections and performing a proper investigation is only going to complicate matters.

Re:An Exercise in Futility (1)

Shadow99_1 (86250) | more than 2 years ago | (#38576726)

This is for companies like Sony who just don't seem to want to hire competent security personnel. I really don't think it's any surprise this is coming out of Japan, the home country of Sony. While I pick on Sony lots of Japanese companies don't seem to care about security in any way except physical. The Japanese government has had some issues as well with seeming complete lack of network security concepts the last couple decades as well.

I think the bigger issue is even if they go ahead and make this it will only cause even more issues and not really solve the problem as the malware authors retool the virus or manipulate it so it can't do it's intended function.

Collateral Damage (2)

jjp9999 (2180664) | more than 2 years ago | (#38575542)

I could see this having a lot of collateral damage, since hackers like to bounce their connections off of legitimate IPs to hide their own locations. The Chinese hackers, for example, use HTran to do this for them - it makes it look like the attacks are coming from University campuses or from IPs belonging to dissident groups.

Re:Collateral Damage (1)

jjp9999 (2180664) | more than 2 years ago | (#38575592)

Just adding to that, what if the attackers are using a VPN? Does that mean the Japanese systems will automatically take down a VPN server is they get hit? I think retaliation for cyberattacks could be a good thing, but you really need a human mind behind it - having an automated counterattack system is asking for trouble.

Distributed IDS (1)

vlm (69642) | more than 2 years ago | (#38575546)

Aside from all the hype, its basically a distributed IDS. Since everything I do as a sysadmin is done in puppet, and my ids image is an ids image because of about one line, I'm half way tempted to try it at home, "everything under puppet control instantly becomes an IDS".

The biggest problem I can find is scalability of alerts. So now when one machine sees something weird I get it in the daily status report. What happens when 25 or so machines see something weird and all decide to simultaneously spam me?

Already done (0)

Anonymous Coward | more than 2 years ago | (#38575554)

There are viruses and malware out there that already does this sort of in that they delete out competing virus/malware and patch the vulnerability they entered from. This is because often times, viruses/malware can conflict with each other causing large problems especially if they use the same exploit.

Overall though, I think it's a good idea though limited in success. A virus that attacks other viruses and fixes security holes for people who don't know how or are too lazy to would be sorta like an antibody rather then a virus. But really, it would be extremely limited in success. The winner of the fight would be the first to access the system, and these antibodies would be reactive rather then active meaning viruses can be designed to lock these special viruses out much like some do for other viruses.

Imposters? (1)

h5inz (1284916) | more than 2 years ago | (#38575564)

If there will be defense measures that will avoid deleting the "vigilante virus", then it seems likely that there will also be viruses with a similar signature to this one, with a slightly different agenda of course.

what would be better is (2)

FudRucker (866063) | more than 2 years ago | (#38575580)

to develop operating systems that are impervious to viruses, trojans, worms and rootkits & etc... probably could not be done to 100% certainty but it can be implemented so the bad software is the rare exception to the rule rather than wide spread chronic infections like you see with that software from Redmond...

that would more than likely put Microsoft in to a niche corner and out of the desktop operating system & office software suite business...

Re:what would be better is (1)

Anonymous Coward | more than 2 years ago | (#38575892)

This is beyond silly - a OS resistant to malware is by nature resistant to users. Something I would HOPE the /. crowd would be against.

The problem with the government getting into the malware business is the way malware spreads. Do you want the government to be doing fishing attacks (possibly with the knowledge of confidential information) or sending you 0-day exploit enabled trojans through email? I don't. Though the intention to remove malware is nice, the problem is it first has to get onto my system to make the determination. Once the government has a bot net though, do you think it will stop at only removing the competition? I don't. There are lots of other "worthwhile" task they'll try to promote - you know it will start with "tracking down child pornography" and eventually the RIAA et al will get involved. I don't trust them to be responsible - this is too much power for them.

I'm one of the people who thinks that if a machine has been compromised (provably), it should be fair game to hack it again for the purpose of removing the offender (and itself). Security companies are usually against even this though - and it be a lot less intrusive than the summary here indicates.

Re:what would be better is (1)

SecurityGuy (217807) | more than 2 years ago | (#38576502)

I'm one of the people who thinks that if a machine has been compromised (provably), it should be fair game to hack it again for the purpose of removing the offender (and itself). Security companies are usually against even this though - and it be a lot less intrusive than the summary here indicates.

How do you prove it without getting in? How do you differentiate the actions of an authorized user on THEIR system from a hacker who compromised them? If my employee is attacking your system, you contact me, and I fire them (after investigating your claim, of course).

I used to work for a hospital. I very much don't want some anonymous coward hacking my systems because they THINK they're hacked and because they THINK they can fix it without breaking anything on a system they know nothing about.

Re:what would be better is (1)

dmgxmichael (1219692) | more than 2 years ago | (#38576250)

There exists no lock that will secure a house when the owner doesn't use common sense and lock the door.

There exists no OS that will secure a computer when the owner doesn't use common sense and not execute unknown code.

There are very few true 'viruses' on any OS these days - a virus being a program that can propagate without any user assistance at all. The vast majority of malware is trojans et al that exploit the user.

Re:what would be better is (1)

hedwards (940851) | more than 2 years ago | (#38576454)

This is a much easier problem to deal with. Users who can't be bothered to learn to keep their computer secured shouldn't be permitted to own a HDD. If you boot from a CDROM, DVD or a read only thumb drive your chances of getting a virus is going to be quite low and the rewards for people to write them would be practically non-existent.

The way to win this in the long term is to remove the incentive to write the viruses in the first place.

Re:what would be better is (1)

dmgxmichael (1219692) | more than 2 years ago | (#38576648)

This is a much easier problem to deal with. Users who can't be bothered to learn to keep their computer secured shouldn't be permitted to own a HDD

It's easy to pose 'bell the cat' solutions. Easy, but never helpful.

Re:what would be better is (1)

Anonymous Coward | more than 2 years ago | (#38576328)

Actually, there have been a number of experiments around this for a number of years. A File and OS immunity system was the concept, and it was working in the labs to some degree.

Re:what would be better is (0)

Anonymous Coward | more than 2 years ago | (#38578172)

"operating systems that are impervious to viruses, trojans, worms and rootkits & etc"

Here: http://www.debian.org/

The t-850 says (1)

nopainogain (1091795) | more than 2 years ago | (#38575646)

IT IS TIME.

Cane Toads in Australia (3, Insightful)

jenningsthecat (1525947) | more than 2 years ago | (#38575710)

The Internet and the vast number of computers connected to it form a vast, dynamic, and complex system whose detailed behaviour is difficult to fully understand and impossible to confidently predict.

Just like the introduction of Cane Toads in Australia, ( http://en.wikipedia.org/wiki/Cane_toads_in_Australia [wikipedia.org] ), and so many other similar introductions of organisms to 'fix' some problem in a complex ecosystem, this will probably turn out badly. And it may be impossible to undo once the virus is released into the favourable ecosystem that is the Internet.

The Simpsons answer to this (0)

Anonymous Coward | more than 2 years ago | (#38576114)

SKINNER
Well, I was wrong. The lizards are a godsend.

LISA
But isn't that a bit short-sighted? What happens when we're overrun by lizards?

SKINNER
No problem. We simply unleash wave after wave of Chinese needle snakes. They'll wipe out the lizards.

LISA
But aren't the snakes even worse?

SKINNER
Yes, but we're prepared for that. We've lined up a fabulous type of gorilla that thrives on snake meat.

LISA
But then we're stuck with gorillas!

SKINNER
No, that's the beautiful part. When wintertime rolls around, the gorillas simply freeze to death.

that reminds me to some anime from 2011 (0)

Anonymous Coward | more than 2 years ago | (#38575804)

Summer Wars anyone ?

Bad idea, it will become and exploit vector. (1)

gstrickler (920733) | more than 2 years ago | (#38575812)

In theory, if you could deploy such a worm within your own network (e.g. corporation) and guarantee it wouldn't infect any other machines, then MAYBE, but how would you guarantee that?

What works is a vulnerability scanner (e.g. satan type programs) to detect and inform you of potential vulnerabilities in your system
plus a known malware scanner (e.g. MSRT, MalwareBytes, AV software).
plus "behavior detection" software that flags malware-like behavior.

Such software must be installed and run by an administrator/root and should be scheduled to run periodically. You can't rely upon users to run it because users who are sufficiently security aware to run it periodically are the ones least likely run untrusted software and get infected.

Skynet (0)

Anonymous Coward | more than 2 years ago | (#38575824)

A few years later than predicted, but coming nonetheless.

Re:Skynet (1)

LifesABeach (234436) | more than 2 years ago | (#38576612)

I have this vision of a Japanese Software Engineer sitting in the back of the room mumbling, "A Skynet solution approach? OK. This is what Skynet is, and this is were we are at. High! we could make this work!"

"Com with me if you want to live." - Terminator, 1984

Well, back cycle to the Amiga and Atari ST again : (0)

Anonymous Coward | more than 2 years ago | (#38575846)

"Anti-virus Virus" were a common thing back in the day; boot from a floppy and if the screen didn't fade blackwhite a couple times, you knew something more evil was present. And of course, a few virii came out that mimiced the 'all clear!' animation....

Cycle, repeat!

Charles Bronson in DeathWish! (1)

Danathar (267989) | more than 2 years ago | (#38575876)

Depends on if you liked that movie and what the character did. Or..if you like the "Jack Bauer" consequentialism approach to justice. You know...."Chaotic Good" in D&D parlance where the ends justifies the means.

Except when the ends don't end up the way you wanted it to go after exercising your idea of what the "means" should be....

Designed by retards (0)

Anonymous Coward | more than 2 years ago | (#38575890)

And created by worshipers of SATAN.

The only good thing that can come of this is that those who use technology will realize that it Just Isn't Worth It. When people realize that things like mathemagic, science, and the Higgs Boson will only bring about the End of Days, that will be the day that we won't have to worry about scientists destroying humanity and the Earth.

We can't continue to pollute our planet, and we can't keep eating animals!

Do you people not know what is happening here?!

This path leads us not only unto temptation, but to damnation as well! We must strive to purify ourselves! We must rid ourselves of anything more advanced than the abacus!

I will begin by not posting anymore. This is my last post as Anonymous Coward. If you see any more posts from me, know that it is not I, but an impostor. A charlatan, pretending to me, but not me. Quite possibly someone wearing my skin, stolen from my murdered cadaver. And know that they probably inseminated my male corpse with their semen. Anally, orally, and they probably managed to put some semen inside my penis.

im torn (1)

bhenson (1231744) | more than 2 years ago | (#38575926)

Im torn between liking this and hating it. On one hand it could mean less spam but on the other i will loose money from removing viruses from peoples computers.

Goodby Redmond! (1)

drainbramage (588291) | more than 2 years ago | (#38576206)

Don't let the door hit you on the bob side!

What Could Possibly Go Wrong? (1)

LifesABeach (234436) | more than 2 years ago | (#38576396)

The Land of the Raising Sun is full of wonder, but the day of the Ronan is long past. There appears to be an classical arthritic choke point in Japanese culture that does not allow for information to travel UP TO policy makers. It appears that after the cluster fuck that is the Fukushima Daiichi nuclear disaster, that those in charge of making policy do so in a "dark room," still. If the policy makers of Japan are so caviler about insulting the intelligence of their constituents, then the contempt for the people of planet earth is a fore gone conclusion.

Sorta like the Morris Worm? (1)

knorthern knight (513660) | more than 2 years ago | (#38576542)

See http://en.wikipedia.org/wiki/Morris_worm [wikipedia.org] That didn't turn out so well, did it? One minor miscalculation, and it'll shut down the internet. And how will it adjust itself to handle different versions of Windows, let alone different versions of Mac, Linux, PalmOS, etc, etc?

Re:Sorta like the Morris Worm? (1)

Em Adespoton (792954) | more than 2 years ago | (#38576930)

Mac? PalmOS? What decade did you dredge this comment out of?

This comment sounds like something that would have been posted on /. in 1998....

Of course, it's still true with s/Mac/OS X/, s/PalmOS/Android, WebOS and iOS/ etc. :D

Call them "agents." (1)

repetty (260322) | more than 2 years ago | (#38576592)

Call good viruses "agents" and then it's perfectly okay.

History repeats (1)

dissy (172727) | more than 2 years ago | (#38576602)

They should first read some history about the very first computer virus, written by Robert Morris (Jr) in 1988. If for no other reason than to realize they are so very late to this ideas party...

He had the same idea and only wanted to make a program that can spread itself around, but not actually do anything (aka payload), however due to a single incorrect counter value in an otherwise harmless virus, the very act of spreading itself so aggressively is what ended up taking down the entire Internet (Or at least all 6000 sendmail servers, which was basically all of it at the time.)

They seemingly are calling it the Morris Worm now:
http://en.wikipedia.org/wiki/Morris_worm [wikipedia.org]
Or just Google on "Robert Tappan Morris" (To not be confused with his father, whom was also at MIT and also had some involvement with the initial Internet)

In either case, this is an especially poor *name* for what they are doing.

Either A) It infects machines they do not own (aka a Virus), which is a crime, and a very very bad/stupid thing to do,
or B) They run it on their own machines only, where they have permission and authority to do so, in which case this is not a virus but is instead is called "Pushing an app to my network"

Already exists (1)

wiseachoo (625398) | more than 2 years ago | (#38576980)

Nothing new to see here, move along. "Good" virus == Existing virus scanners with pre-approved permissions to "handle" said virus (i.e. quarantine, delete, etc...) Now if a virus scanner is considered a virus (many think they are), then I sense a recursion problem ahead...

Are good viruses a bad idea? (0)

Anonymous Coward | more than 2 years ago | (#38577608)

TL;DR: They're a bad idea due to possible unintended consequences.

It's a more than two decades old issue. Real-life 20-year old example? The "Den Zuko" virus (written by a guy called Denny Yanuar [vxheavens.com] , from Bandung, Indonesia) was designed to kill the Pakistani/(C) Brain virus.

Before long there were more Denzuko infections than Pakistani ones. So far, so good. But "Den Zuko" cleverly used track 41 and 42 of floppy disks, space that on a normally formatted floppy disk wasn't used. There were utilities around, however, that permitted floppy disks to be formatted at 420kb by using those last 2 tracks and by formatting each track at 10 sectors each (double sided). Guess what happened if you had formatted your floppy disks like that and ran into this "Good" virus? Bye bye data!

Agree (1)

hesaigo999ca (786966) | more than 2 years ago | (#38577624)

I think it is a great idea but is not legal, as it can also delete by error files that are infected, so that legal copy of LMFAO mp3 is deleted because it had a virus...no thank you! The best is what MS is doing, hunting down the C&C and shutting them down as well as shutting down all infected pcs.

No, thanks (1)

EliSowash (2532508) | more than 2 years ago | (#38577888)

I have a solution for combating malware on PC already. It's called antivirus, and while it's not perfect, it's predictable. Software that I didn't put on my machine doesn't belong there. Regardless of the intention.

Giant Robot must be fought with Giant Robot! (1)

Kaz Kylheku (1484) | more than 2 years ago | (#38578370)

It's obvious!!!

Bad idea (1)

nurb432 (527695) | more than 2 years ago | (#38578472)

Reminds me of some movie plots.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?