Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Virus Writers are Useful

Posted by CmdrTaco on from the so-are-mosquitos dept.

man_of_mr_e writes "Security site Zone-h.org has an interview with Professor Samuel D. Forrester, one of the worlds leading immunologists. In this interview he asserts that immunity is built by infection, and without it you would have a much weaker ecosystem. "

28 of 465 comments (clear)

  1. So if I understand well... by Kinniken · · Score: 4, Funny

    ...this guy is implying that people learn from virus attacks?
    lol!

    --
    What do you know about World Politic? Find out in this quiz
    1. Re:So if I understand well... by LBArrettAnderson · · Score: 4, Insightful

      yes, he is. i don't understand why this is even news, we don't need a professor telling us that the best way to make systems more secure is to learn of the insecure parts of the system. If a virus doesn't exploit an insecurity, a hacker will; and often the results of that are far, far worse.

    2. Re:So if I understand well... by nocomment · · Score: 4, Insightful

      " '..."They should stop, somebody stop them!" I hear all the time but... is this right?' "

      Of course it's right. Just because the virus writers do play a role in the "ecosystem" of the Internet, doesn't mean that they shouldn't be prosecuted for it.

      They knew in the middle ages that the black plague was being spread by the rats. Some towns cleaned up the sewers, and the water systems and killed off as many rats as they could find, those towns did relatively well during the plague. There were other towns that were convinced that the plague was sent by God (and maybe it was) and refused to clean or do anything about it, and those towns were wiped from the map.

      The plague played an important part in our development as people. In fact bubonic plage is still being spread and caught by people. The results are very minor because most of us that have european ancenstry survived because our genes were stronger...but does that mean the water systems shouldn't have been cleaned by the few towns that did it? Absolutely not.

      --
      /* oops I accidentally made a comment, sorry */
      /* http://allyourbasearebelongto.us */
  2. Absolutely!!! by eyegor · · Score: 5, Insightful

    Plus, it REALLY helps the bottom line of Symantec and McAfee.

    --

    Don't anthropomorphize computers, they don't like it.
  3. So by extension... by bc90021 · · Score: 5, Insightful

    ...criminals are useful because of the increase in security?

    I understand the point, but while response to a negative may bring about a better positive, not having the negative in the first place would, of course, be much better. But then, it's not a perfect world. ;)

    --
    libertarianswag.com
    1. Re:So by extension... by Acidic_Diarrhea · · Score: 4, Insightful
      Yes, criminals are useful. If America had no criminals in it there would be no need for a police force. Now, when a criminal does arrive from some far off land, no one is prepared for it. Basically, not having the negative (as you put it) is an unrealistic view of the world. You've got to assume that at some point, a criminal will exist in the world AND a virus will be released into the wild. Now, negatives such as all oxygen in a room suddenly moving to the corner of the room through random movements is a negative but it is not a likely negative.

      In regards to viruses being good for security, I am soon expecting virus writers to plan for the inevitable clean fixes from Symantec and such and, using predictive behavior, ensure that a user can't clean his or her system.

      --
      I hate liberals. If you are a liberal, do not reply.
    2. Re:So by extension... by fucksl4shd0t · · Score: 4, Insightful

      not having the negative in the first place would, of course, be much better.

      I have to disagree with you. :)

      First, in the case of virii and bacteria (forgetting for the moment that 95% of bacteria are beneficial, but anti-bacterial soap doesn't know that), our bodies do get stronger fighting them. Without them, would our bodies be strong enough to fight off other things? How much of our body's overall strength does the ability to fight disease and practice fighting it actually contribute to? Keep in mind that some diseases (most notably cancer) are not caused by either virus or bacteria, yet our centuries of medical research fighting vrii and bacteria have given us a pretty good start to fighting cancer. Without that research? Without that understanding? Well, think: Cancer in the 19th century. :)

      In a more general situation, is it in your philosophy that it's possible to appreciate the positive without at least an understanding of the negative? It has been my subjective experience, as well as my objective oberservation of what amounts to a less than perfect statistical universe, that people don't fully appreciate the positive things in their lives without actually experiencing the corresponding negatives. It seems like good lacks definition without evil providing a frame of reference. How can you know how good you have it if it's not even possible to have it any other way?

      --
      Like what I said? You might like my music
  4. summary by IFF123 · · Score: 5, Funny

    Whatever doesn't crash you makes you stronger.

    --
    Who took my tinfoil hat?
  5. in all reality by greechneb · · Score: 4, Insightful

    I view them as job security (so does he I am sure).

    After every big virus that comes out, I get at least 10 calls saying I think I have this virus. Of course they will pay me, but never will pay for antivirus software though! They think it is a rip-off

    1. Re:in all reality by arth1 · · Score: 4, Interesting

      There's a BIG LEAP from the observation that viruses are part of the computer evolution and will shape how it works to thinking Antivirus Software (or hardware) is the solution.
      It's simply ridiculous to jump to this conclusion -- if anything, you have to assume that Antivirus Software is a DEAD END in computer evolution, as it helps prevent the survival of the fittest.
      Only if the true outcome is safe design, safe code and safe users, have we been successful and have evolved. Even suggesting anti-virus here is like suggesting kevlar vests for bald eagles to protect them against hunters. After a few generations, you'll end up with eagles without feathers on their chests, who NEED the kevlar vest in order to not freeze to death.

      The successful business operator isn't the one who makes sure that there's anti-virus software installed on every workstation. He'll be likely to be hit by a virus that the anti-virus software couldn't handle, or who was brought in on a laptop without the latest definitions. That's a dead end, and even though many of them will survive, they don't represent an evolutionary change for the better. Tomorrow, you'll find these armadillos squished flat under the truck wheels they could never predict.
      The successful business operator whose business genes will win in the long run is the one who examines what he buys, educates the users, and can find alternatives when something goes wrong. He'll be able to adapt, and is evolving the business into something that can survive even as the environments and predators change. The human being might not have the armor plating of an armadillo, but it adapts and survives.

      Regards,
      --
      *Art

  6. robustness by Anonymous Coward · · Score: 5, Funny

    Database robustness is built by the /. effect, and without it you would have a much weaker ecosystem.

    No, wait...

  7. There are good comparisons, and bad ones by Liselle · · Score: 5, Insightful

    Comparing computer viruses to the biological sort is a BAD one. Firstly, you have to make a distinction between worms and viruses and such. Secondly, we don't infect new computers with lesser versions of MBLASTER, we patch the vulnerablilty.

    --
    Auto-reply to ACs: "Truly, you have a dizzying intellect."
    1. Re:There are good comparisons, and bad ones by tangent3 · · Score: 4, Interesting

      As you have seen MSBLASTER is the lesser version of WELCHIA or whatever worse worms could have came out exploiting RPC/DCOM. MSBLASTER was a weaker wor, because it advertised itself by rebooting the infected host, so people know they have caught on and get patched (i.e. immunized) before WELCHIA or other variants hit, those which are stronger and do not reboot the infected hosts, able to propogate better to other hosts without the host noticing anything.

  8. Logical conclusion... by fzammett · · Score: 4, Interesting

    Maybe we should follow things to it's logical conclusion and fully mimic biological workings...

    Let's release weakened forms of viruses into the wild so that "antibodies" can be built up against them!

    Ummm... not sure how to define a weakened virus... or antibodies in terms of software (antivirus scanners don't really fit the definition because they don't adapt for the most part).

    Ok, on second thought, never mind.

    --
    If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
  9. Why you should drink tap water by brejc8 · · Score: 5, Interesting

    My mother used to work as a water health scientist in Poland (It was just a cover job for working in the anti-biological warfare division but thats another story).
    She used to have to ensure that there was a correct ammount of flouride in the water. The ammount had to be quite exact, not because a little too much flouride is bad for you but because if you kill off all bacteria then the people didnt become immune to the different strains. The USSR did huge studies on this, varying the flourine levels and getting statistics.
    Its the same case with my friends who go to India and would never drink the tap water. They simply are not immune to the local bacteria while the locals are quite happy with it.

    --
    Mouse powered Chips, Open source Processors and Lego
  10. So that being the case by Ridgelift · · Score: 5, Funny

    So if that's the case, that viruses make operating systems strong, Windows is the best operating system in the world!

    Hmmm...

    --
    Ruby on Rails Screencast
  11. PROOF that Linux is weak! by Anonymous Coward · · Score: 5, Funny

    It never gets infected, so how can it build up immunity?!?

  12. Horseshit by Robber+Baron · · Score: 4, Insightful

    Nice troll...even managed to get it posted as a Slashdot article!

    That may be true with a biological system, but it DOES NOT APPLY to electronics. The truth of the matter is, virus writers do nothing but cause havoc, and cost money. So I have a box that's unsecured...so what? That's MY business, NOT yours! Where does it say that you now have the right to fuck with it? Do you somehow think that by buggering it up, you're "helping" me? No, how you help is by leaving it the hell alone! What virus writers and crackers and kiddies do is the moral equivalent of wandering through a neighbourhood and trying everyone's door to see if it's unlocked and then stealing from those whose doors aren't locked. Either that or spraying grafitti or trashing the place. They are not heroes...they aren't "Morpheus" fighting against the "evil machines", they are common thieves and vandals and should be viewed as such and treated accordingly.

    --

    You're using her as bait, Master!

    1. Re:Horseshit by PhxBlue · · Score: 4, Insightful

      Where does it say that you now have the right to fuck with it? Do you somehow think that by buggering it up, you're "helping" me? No, how you help is by leaving it the hell alone!

      All true; but have you considered that securing your system, like securing your house, is the best method of helping yourself? No, others don't have the right to break into your system; but if you don't care about it enough to at least make it inconvenient for hackers and thieves, don't expect anyone else to shed a tear for you when you get owned.

      --
      !#@%*)anks for hanging up the phone, dear.
  13. Flawed logic... by Junta · · Score: 4, Interesting

    Saying that if no attacks ever occured, then we would be vunerable is kinda silly. Of course it is true. It's like saying it is bad that elephants aren't falling regularly out of the sky, because it makes it so we are totally unprepared for the situation. Making a world without virus attacks automatically includes the consequence that virus attacks are not to be worried about.

    I guess the point is that immediate exploitation of every defect means that, in theory, a devastating attack that exploits everything at once is not possible. But I would say that the frequent, *extremely* impactful exploitation of 'minor' flaws is far more damaging than a rare, totally devastating blow in terms of cost.

    Or else he could be saying our culture is being trained in the ways of viruses so that the next unsuspecting invading alien race comes to attack, we can whip out a Powerbook and screw them over because their culture never dealt with viruses and worms...suckers.

    --
    XML is like violence. If it doesn't solve the problem, use more.
  14. If it weren't for viruses and blackhats... by cowbutt · · Score: 5, Insightful
    ...the situation would be worse not better. And I say this as a white-hatted security consultant.

    I've reluctantly come to appreciate the role that noisy blackhats and virus authors play in getting organisations to improve their information security infrastructure. If it weren't for them, I feel there would be a thriving underground economy of industrial espionage and personal information theft because it would be so easy. At least with the constant pressure applied by viruses and blackhats, the most gaping security vulnerabilities tend to get fixed, sooner or later (even if a few organisations end up being made examples to the rest).

    Personally, I don't really care about catching virus authors and blackhats. I just care about keeping them out of the machines and networks I've been paid to care about.

    --

  15. Re:Circular logic? by nanojath · · Score: 4, Insightful
    Well, look at it this way - if we didn't have the parade of sort of hokey viruses and worms being (usually fairly badly) written by, essentially, hobbyists, then our systems would be wide open to a couple of things -


    - Well written viruses properly designed for maximum impact, stealth and damage, propagated by terrorists or other people looking to take advantage of economic/information system instability, and


    Security holes not noticed or taken seriously being used in a less random way that doesn't broadcast itself in an obvious way - thus giving people with criminal intentions a lot of access to computer power and the ability to use it stealthily.


    Viruses force people to notice and take security holes seriously.

    --

    It Is the Nature of Information to Transgress Artificial Boundaries

  16. Should we drink tapwater, you Commie? by Henry+V+.009 · · Score: 5, Funny

    The USSR did huge studies on this, varying the flourine levels and getting statistics.

    Mod the parent down. I can no longer sit back and allow communist infiltration, communist indoctrination, communist subversion, and the international communist conspiracy to sap and impurify all of our precious bodily fluids.

  17. Re:He's kind-of wrong anyway by Psyx · · Score: 5, Informative

    "Immunity is exposed by infection. It isn't created out of thin air as needed."

    Immunity to computer viruses/worms and the ilk is indeed created/coded as soon as the susceptibility is detected. Sometimes that happens before an infection, sometimes it happens afterwards.

    So yes, infection can expose immunity, but it can also lead to the purposeful creation of immunity (immunization). For example: if smallpox didn't previously exist, would a vaccine have been developed against it? I doubt it. Then again, in that case, one could argue that the intelligence of the smallpox susceptible population had the effect of making them immune.

    Finally, since I can't read the Slashdotted site, I can only go from the tagline. It mentions building immunity, not creating it. Removing the susceptible parts of the population does build immunity in the population as a percentage.

  18. You're kind-of wrong by loose_change · · Score: 5, Interesting
    Immunity is exposed by infection. It isn't created out of thin air as needed.

    While in some measure your statement has validity, it doesn't quite get the point.

    In the creation of antibodies and other receptors in the immune system, cells literally rearrange their chromosomal DNA to create antibodies with different specificities. That means each cell has a different potential specificity. When the body gets exposed to a new pathogen, it probably has one or two cells that will make an antibody that can respond to it. If it does, it only has a very few cells that make appropriate antibodies -- in effect, at the moment of exposure, the body has no immunity, only the potential for immunity. Those cells have to be stimulated to reproduce and develop into specialized antibody factories before the body has anything sufficient to fight the infection. The immunity gets created based on existing potential.

    Immunology works as a metaphor. The analogy in this case is the following:

    A virus is released. Several people have the knowledge to patch the security hole exploited by the virus. The larger system of users does not become immune until those with the knowledge write and distribute the patch. The patch doesn't exist before the virus challenges it. It gets created out of existing potential.

  19. Re:Not too bad of an idea by HiThere · · Score: 4, Insightful

    The real benefit is that most of the virus releases are "essentially" harmless. Annoying, but not *really* damaging. So the fixes are done, and something viscious can't get in through the same hole.

    Just try to imagine how bad things could be if someone set out to really damage your computer.

    Let's pick an example, and say that someone released a virus that created a spoof of the MS Updater. Now people aren't surprised that it's engaging in horrendous uploads and downloads. And their computers could easily download all non-system files to the hacker (he'd better be off-shore, and working through cut-outs!). And it could download *anything* as a system fix. And get people to license it's installation on their system. It might well be that only the initial install would be illegal. Everything else would have been authorized through the EULA. With sufficient cleverness, even the initial installation might be EULA authorized. In that case would any laws be violated? No matter WHAT was done? I'm sure that an EULA could be created that, via obfuscated text, authorized the program to transfer all funds from your bank account to another bank account. And to max out your credit cards. (Fraud? What fraud? It said it clearly right there in the agreement!)

    Of course to make the legal agreements binding one would need to provide some tender. Perhaps some png files? Of a sort that the person wouldn't want to be caught with? I understand that those are often exchanged for credit card information. It's just that this time it wouldn't be intentionaly done...perhaps. Certainly he wouldn't know the bill that was coming due.

    Wouldn't that be a lot more effective than a simple "deltree C:". And they wouldn't even know that they'd been penetrated until they went to the bank. Even then they wouldn't know *why* their account was drained.

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.
  20. That's very true by LeoDV · · Score: 4, Interesting

    As most of us know (the article's been slashdotted, so I don't know if it's there), vaccines actually work by inoculating a small quantity of the agent into our system so that our immunodefensive system can learn how to combat it when it comes back full force.

    When I was a baby and a kid, my parents let me walk on the floor naked, put things in my mouth and all things that most parents shriek at. But the consequence is that my immunodefensive system got extremely strong very soon, so now I don't have any problems. In kindergarten and school I would drive teachers mad because I'd play in the rain with only a shirt on, and they'd call my mom and she'd simply reply "Well, does he get sick? ... No? Well, there's nothing wrong with letting him play in the rain, then." And indeed there wasn't. Now I don't care about the cold, I'm very resistant to common disease and pain (I once had an ingrown toenail that I foolishly let grow and infect, and the podologist said it was the biggest she'd ever seen and exclaimed "It must hurt like hell!" and my genuinely surprised reply was "It's supposed to hurt?"). When most people I know catch the flu and so do I, they're floored for two weeks and load up on antibiotics (which don't make a fucking difference because the flu is a virus and antibiotics only kill bacterias!), and I just sniffle for a few days and go on with my life like nothin'.

    I know it sounds like I'm recounting all of this just to brag, but it's actually to prove a point. Most people will cover up with a bunch of sweaters (especially their children) whenever it's a bit cold, or it rains. We're not made of sugar! The rain won't melt us! It's good to be a little exposed to the Bad Things of this world, because it's the only way we can fight them when we get really exposed.

  21. Re: Linux by bussdriver · · Score: 5, Interesting

    Do Linux, BSD, and Mac OS X have enough people checking for security flaws? Or do all these viruses actually HELP windows catch up?

    Will windows eventually become better as a result of all these attacks?

    --
    Democracy Now! - uncensored, anti-establishment news