Slashdot Mirror
Why Virus Writers are Useful
man_of_mr_e writes "Security site Zone-h.org has an interview with Professor Samuel D. Forrester, one of the worlds leading immunologists. In this interview he asserts that immunity is built by infection, and without it you would have a much weaker ecosystem. "
Plus, it REALLY helps the bottom line of Symantec and McAfee.
Don't anthropomorphize computers, they don't like it.
Yes, we need to have viruses. Or else, we'll have viruses.
How about Survival of the fittest... in which case MS hasn't been doing so good (and is trying to drag the other OS's down in the process).
...criminals are useful because of the increase in security?
;)
I understand the point, but while response to a negative may bring about a better positive, not having the negative in the first place would, of course, be much better. But then, it's not a perfect world.
libertarianswag.com
And when someone DOES decide to release a 'Melissa', we're all screwed, because we're all vulnerable.
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
I view them as job security (so does he I am sure).
After every big virus that comes out, I get at least 10 calls saying I think I have this virus. Of course they will pay me, but never will pay for antivirus software though! They think it is a rip-off
Comparing computer viruses to the biological sort is a BAD one. Firstly, you have to make a distinction between worms and viruses and such. Secondly, we don't infect new computers with lesser versions of MBLASTER, we patch the vulnerablilty.
Auto-reply to ACs: "Truly, you have a dizzying intellect."
I am just wondering if there are no viruses then what difference does a weaker ecosystem make?
I guess in the end he really isn't stating anything world shattering. It just get back to the adage "What ever doesn't kill you, only makes you stronger".
E.
Never rub another man's rhubarb - The Joker
yes, he is. i don't understand why this is even news, we don't need a professor telling us that the best way to make systems more secure is to learn of the insecure parts of the system. If a virus doesn't exploit an insecurity, a hacker will; and often the results of that are far, far worse.
See, if we didn't have drug laws, the government wouldn't have spy cameras, stop and search laws, phone taps, email snooping etc and they'd have no idea what people were up to. They'd have to invent another bogeyman to keep an eye on us. Terrorism for example. The advantage of having another excuse like that is to think ahead and plan for the day all drugs are legal, such as the direction Europe is taking.
Okay, so in the perfect world where there are no viruses/trojans/worms...why would you need systems to have resistance to viruses/trojans/worms? You don't.
If you isolate yourself from the world, disinfect everything, etc...yes, you're going to get really sick some day because your immune system will be unprepared. You don't need some rocket-scientist immuniologist to tell you this. However, that doesn't apply to computers- they don't develop an immune response to viruses, adapt, learn, whatever you want to call it. There's no difference between a system you just installed, one that's been sitting behind a firewall for two years w/antivirus software etc, and one that's been sitting outside with antivirus software, etc. If a new virus comes along, they will ALL get infected if left unprotected. One could argue linux and MacOS are succeeding because Windows is slowly killing itself off by pissing off IT departments and users...but that's darwinism.
Seriously, where did they dig up this nutjob who felt he could compare computers to biological immune systems, purely because the term "virus" is used in both contexts?
Please help metamoderate.
Nice troll...even managed to get it posted as a Slashdot article!
That may be true with a biological system, but it DOES NOT APPLY to electronics. The truth of the matter is, virus writers do nothing but cause havoc, and cost money. So I have a box that's unsecured...so what? That's MY business, NOT yours! Where does it say that you now have the right to fuck with it? Do you somehow think that by buggering it up, you're "helping" me? No, how you help is by leaving it the hell alone! What virus writers and crackers and kiddies do is the moral equivalent of wandering through a neighbourhood and trying everyone's door to see if it's unlocked and then stealing from those whose doors aren't locked. Either that or spraying grafitti or trashing the place. They are not heroes...they aren't "Morpheus" fighting against the "evil machines", they are common thieves and vandals and should be viewed as such and treated accordingly.
You're using her as bait, Master!
I've reluctantly come to appreciate the role that noisy blackhats and virus authors play in getting organisations to improve their information security infrastructure. If it weren't for them, I feel there would be a thriving underground economy of industrial espionage and personal information theft because it would be so easy. At least with the constant pressure applied by viruses and blackhats, the most gaping security vulnerabilities tend to get fixed, sooner or later (even if a few organisations end up being made examples to the rest).
Personally, I don't really care about catching virus authors and blackhats. I just care about keeping them out of the machines and networks I've been paid to care about.
--
I mean, if there were no infectious agents, we'd have no need for an immunity system. Since both Mother Nature and yer average geek are generally quite averse to expending energy needlessly, this would free up resources for other things, some of which might even have positive benefits.
We need to have viruses that just give our computers a cold, in order to build up defenses against the electronic equivalent of Ebola.
Will I retire or break 10K?
I think we can all agree that cracking is immoral. But put that aside for a second. The fact that cracking is simply possible means that someone will probably do it. Leaving your box open for attacks, which could in turn compromise other machines, simply because you're depending on the moral behaviour of someone else, is irresponsible.
Furthermore, I disagree that only damage can result. By assuming adverse behaviour, the result is a much stronger network, in which one malicious or malfunctioning node doesn't bring down service for everyone. Better understanding of network dynamics and network protection results from attacks, regardless of how much we hate them.
Toronto-area transit rider? Rate your ride.
there is nothing new about this idea; it's bean around for years. taken out of context, however, it leads people to the erroneous conclusion that if a bunch of virii are let loose on the net, all the systems that survive will somhow improve. to extend the bio-system analogy, that would be like dropping anthrax in time-square, figuring that whoever made it out would be better equipped to survive an attack. in reality, however, bio-systems are strengthened through either eons of evolution, or limited exposure to weakened strains. to extend this analogy, having a bunch of OS developers sitting in an isolated area studying the effects of a virus on a discreete system, then applying what was learned to the next itteration would help. thinking that letting worms loose to imporve the net as a whole is pure hooey.
!(^((ri)|(mp))aa$)
" '..."They should stop, somebody stop them!" I hear all the time but... is this right?' "
Of course it's right. Just because the virus writers do play a role in the "ecosystem" of the Internet, doesn't mean that they shouldn't be prosecuted for it.
They knew in the middle ages that the black plague was being spread by the rats. Some towns cleaned up the sewers, and the water systems and killed off as many rats as they could find, those towns did relatively well during the plague. There were other towns that were convinced that the plague was sent by God (and maybe it was) and refused to clean or do anything about it, and those towns were wiped from the map.
The plague played an important part in our development as people. In fact bubonic plage is still being spread and caught by people. The results are very minor because most of us that have european ancenstry survived because our genes were stronger...but does that mean the water systems shouldn't have been cleaned by the few towns that did it? Absolutely not.
/* oops I accidentally made a comment, sorry */
He's not saying that a world in which no viruses were created would have more security problems. Rather that a world in which no viruses were released into the wild (but in which viruses continued to be developed) would be very susceptible. Even better: if there were two completely disconnected internets (call them Europe and North America before 1492) only one of which had viruses released onto it then the other internet would be a security train wreck waiting to happen. The absence of such a large virus proving-ground explains why the propagation methods of most viruses are flawed.
Yes, but most people go to the Doctor and get some sort of "3rd party" shot or pill. Really, what's the differece.
I think that in either case it is either flaws in the origional design or new technology (bio or otherwise) which leave the "host" open to an attack.
--J
-- [Sig] Rome did not create a great empire by negotiation; They did it by killing everyone who opposed them.
You could do a little beter than just dynamic code unrolling. Each time the virus propagates, it needs to rewrite parts of itself at the machine code level, so that the bitpattern changes. For example, there's more than one way to zero a register (XOR with self, subtract from self, move immediate zero to self) and there's more than one way to add a constant (add one, subtract -1). This would make viruses harder to identify.
Viruses also need to propagate decoys. For example, 65 gigabytes of simple pattern, bzip'd, is less than 100k. So, to thwart scanning of compressed files, send around lots of compressed nothing, that will bog down the scanners. That will cause people not to use them.
SoBig's rendezvous scheme was also pretty silly. 20 fixed IP addresses? Get real. Each virus should carry around (say) 100 IP addresses, and as it propagates it should randomly replace old addresses with new ones (dynamically assigned IP addresses would give this some trouble -- imagine that, variable IP addresses as a good thing). That way the viruses form a mesh that is not vulnerable to the loss of just a few links. Communications over the mesh would need to be public-key-signed, so that it could not be hijacked by people attempting to trace the behavior of the virus.
It could also tear apart its "next step" into pieces so that anyone intercepting just a few copies of the virus would be unable to tell what to do. At the activation time, it could do peer-to-peer reassembly of the Next Step, either using simple cut-and-paste, or using something more clever like Reed-Solomon coding so that it need not be so picky about exactly which peers it finds. (The peers, of course, must be programmed not to reveal their part of the Next Step until after the activation time.)
There's also been not nearly enough multi-mode propagation. An email virus combined with a few buffer-overflow attacks could get in behind a firewall and make a thorough mess of things.
The virus could also undertake a DDOS against all the usual suspects after it had achieved critical mass (similar to the behavior of actual bacteria as individuals, versus as a group) to make it difficult to receive security updates or news.
So, yeah, life could get plenty interesting.
I reject the notion that my inaction would make me bear any sort of responsibility for someone else's criminal actions. That's like saying a woman who dresses a certain way deserves to get raped.
Of course, that being said, I am not going to make it easy for them, not because of any sort of ethical obbligation, but rather because I don't want to subject myself to the inconvenience.
You're using her as bait, Master!
I think they have no choice. In addition the horrid licensing schemes and bad business practices (most of which the common public is not aware of anyways), viruses and hacks are a major bane of MS products. If anything, I think that such problems are one of the major points causing people to look at alternate solutions. Many have pointed out that perhaps this is the point of current viruses such as slammer, to point out what a joke MS "security" is.
Now, push the fast-forward button. Microsoft doesn't improve security, they lose customers. Licensing schemes get worse... they lose customers. In the end, I think that we will see improvements in windows, or we'll see windows dying and linux improving where it once treaded (to make up ground). Personally, I'm not so attached to linux that I wouldn't shell out for MS if they managed to make a decently secure product without an insane license. And there are improvements... just try running an old 95 machine and see how many times it crashes over XP...
Remember about American Indians and people from Polynesia? The arrival of germs brought by Spanish and French invaders mostly exterminated them. The few of them whose immune system was strong enough and trained enough to sustain the arrival of new germs, have survived.
Mmm hmm. And we good old British WASPs played no role in that at all, eh?
I'm not saying that the French and the Spanish did nothing. But the spread of smallpox among t North American plains Indians was almost wholly the fault (even conscious in some cases) of the English-speaking settlers coming from the east.
Maybe I'm nitpicking, but the convenient omission of the now-dominant national group kind of pissed me off.