Slashdot Mirror
Fujitsu To Develop Vigilante Computer Virus For Japan
wiedzmin writes "Japanese Defense Ministry has awarded Fujitsu a contract to develop a vigilante computer virus, which will track down and eliminate other viruses, or rather — their sources of origin. Are 'good' viruses a bad idea? Sophos seems to think so, saying, 'When you're trying to gather digital forensic evidence as to what has broken into your network, and what data it may have stolen, it's probably not wise to let loose a program that starts to trample over your hard drives, making changes.'"
Would be the answer. A polite virus doesn't migrate automagically- it *asks* before it migrates.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
Any "good" virus will be caught, captured, studied, mutated, and turned into a "bad" virus very quickly.
Also, a virus by definition installs software on a machine without the owner's consent. So it's never a good idea.
Advice: on VPS providers
... or Core Wars Reloaded?
Are 'good' viruses a bad idea?
McAfee, Norton, AVG, etc have built businesses around good viruses.
What do I know, I'm just an idiot, right?
Skynet, Landru, M5, the Matrix, HAL
There's plenty of art for reality to follow.
... the white cells from the attacking entities.
And the ramifications could get interesting.
For example, will it be illegal to tamper with such a white cell virus that's on your system? To reverse engineer it? To release your own distributed anti-virus system that might view such a white cell virus as a threat, and hunt it down and destroy it across multiple networks?
Check your premises.
Considering this is Japan, I'm pretty sure they got the idea from Ghost in the Shell. The Major often times references performing a Back Hack, to determine the location of an attacker. Now if only I could teach Windows how to enter Autistic Mode...
Windows has detected an undetectable error.
Specifically, I.E. 6 users, because fuck them.
So Skynet was really just after Windows users?
What happens when the Fujitsu virus meets itself and destroys its own source of origin?
even windows 7 has infection rate of 4 per 1,000 machines. Let's talk about using real OS instead of Bill Gate's stupid glorified program loader.
http://www.computerworld.com/s/article/9216654/Windows_7_s_malware_infection_rate_climbs_XP_s_falls
An arms race against an opponent that know no boundaries is typically futile.
It would be extremely difficult to develop a virus that could effectively spread and eliminate other infections without stooping to the same low levels as the malicious developers, at which point the friendly virus isn't so friendly anymore.
Sophos is right that such a counter-attack launched on a managed network with security-aware personnel capable of removing the malicious infections and performing a proper investigation is only going to complicate matters.
I could see this having a lot of collateral damage, since hackers like to bounce their connections off of legitimate IPs to hide their own locations. The Chinese hackers, for example, use HTran to do this for them - it makes it look like the attacks are coming from University campuses or from IPs belonging to dissident groups.
Aside from all the hype, its basically a distributed IDS. Since everything I do as a sysadmin is done in puppet, and my ids image is an ids image because of about one line, I'm half way tempted to try it at home, "everything under puppet control instantly becomes an IDS".
The biggest problem I can find is scalability of alerts. So now when one machine sees something weird I get it in the daily status report. What happens when 25 or so machines see something weird and all decide to simultaneously spam me?
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
If there will be defense measures that will avoid deleting the "vigilante virus", then it seems likely that there will also be viruses with a similar signature to this one, with a slightly different agenda of course.
to develop operating systems that are impervious to viruses, trojans, worms and rootkits & etc... probably could not be done to 100% certainty but it can be implemented so the bad software is the rare exception to the rule rather than wide spread chronic infections like you see with that software from Redmond...
that would more than likely put Microsoft in to a niche corner and out of the desktop operating system & office software suite business...
Politics is Treachery, Religion is Brainwashing
Face the facts. The malware problem today is the result of large, highly-profitable, highly-competitive criminal empires. These programs are written by hired developers working in a business infrastructure, not random script kiddies locked away in their parents' basements. The developers creating this malware are typically doing so on Windows systems, though much of the delivery infrastructure does run on other platforms. It has nothing to do with ideology, vendettas, social failures or platform choices. It's all about the money.
The Internet and the vast number of computers connected to it form a vast, dynamic, and complex system whose detailed behaviour is difficult to fully understand and impossible to confidently predict.
Just like the introduction of Cane Toads in Australia, ( http://en.wikipedia.org/wiki/Cane_toads_in_Australia ), and so many other similar introductions of organisms to 'fix' some problem in a complex ecosystem, this will probably turn out badly. And it may be impossible to undo once the virus is released into the favourable ecosystem that is the Internet.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
In theory, if you could deploy such a worm within your own network (e.g. corporation) and guarantee it wouldn't infect any other machines, then MAYBE, but how would you guarantee that?
What works is a vulnerability scanner (e.g. satan type programs) to detect and inform you of potential vulnerabilities in your system
plus a known malware scanner (e.g. MSRT, MalwareBytes, AV software).
plus "behavior detection" software that flags malware-like behavior.
Such software must be installed and run by an administrator/root and should be scheduled to run periodically. You can't rely upon users to run it because users who are sufficiently security aware to run it periodically are the ones least likely run untrusted software and get infected.
make imaginary.friends COUNT=100 VISIBLE=false
Depends on if you liked that movie and what the character did. Or..if you like the "Jack Bauer" consequentialism approach to justice. You know...."Chaotic Good" in D&D parlance where the ends justifies the means.
Except when the ends don't end up the way you wanted it to go after exercising your idea of what the "means" should be....
Im torn between liking this and hating it. On one hand it could mean less spam but on the other i will loose money from removing viruses from peoples computers.
Every time I see this, I remember the obvious counterargument.
- If OSX had better than 8% market share, wouldn't there be hordes of virus programmers (russian mafia, bored script kiddies and pranksters, whatever) looking for holes in it to take over?
- If Linux had better than 1% market share, wouldn't there be hordes of programmers trying to break it? Actually, if you look at the server market where Linux has a larger market share, they DO try to crack it - and lo and behold, they tend to succeed relatively on the same pace as breaking into Windows server boxes.
The question isn't, is Windows insecure? Of course it is - due in no small part to being not-securely-configured by hordes of user-level operators at their houses. But if everyone magically switched to your OS of choice, are we really likely to find that the situation improved at all? Probably not. Even at their smaller market share, it turns out OSX has had its fair share, and Linux as well.
And then, of course, there's the old "Problem between keyboard and chair" issue. Users willing to click on ANYTHING are going to be your worst source of problems, especially in the home market. Again, would that change if all of them switched to OSX or Linux? Of course not, they're still going to click on anything and enter their password to install the Free Puppy Screensaver or whatever else it is.
4 per 1,000 is about right for simple user stupidity, so I'm not sure what your point is. If those people were using Linux, Linux would have a similar infection rate (actually, probably higher, since they would run root constantly and Linux has little protection against a stupid root user). Only iOS style walled-garden tactics can fix that problem for good. And XP is still at a rate of 15.9/1,000 machines.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Don't let the door hit you on the bob side!
No brain, no pain.
The Land of the Raising Sun is full of wonder, but the day of the Ronan is long past. There appears to be an classical arthritic choke point in Japanese culture that does not allow for information to travel UP TO policy makers. It appears that after the cluster fuck that is the Fukushima Daiichi nuclear disaster, that those in charge of making policy do so in a "dark room," still. If the policy makers of Japan are so caviler about insulting the intelligence of their constituents, then the contempt for the people of planet earth is a fore gone conclusion.
See http://en.wikipedia.org/wiki/Morris_worm That didn't turn out so well, did it? One minor miscalculation, and it'll shut down the internet. And how will it adjust itself to handle different versions of Windows, let alone different versions of Mac, Linux, PalmOS, etc, etc?
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Did you by chance watch the Chaos Computer Club talk about Stuxnet? I was thinking the whole time: "Well there's part of the reason right there, MS: You hire folks like this moron."
The vulns exploited are a direct evidence of lack of security in design. I mean, Guest accounts telling printer drivers to "print to file" ANY WHERE on the drive?! AS ROOT?!?
Don't give me that "Mac & Linux are just as bad" bullshit. I deal with the Linux sources, MS isn't even in the same league. I've seen the (leaked) source code that Microsoft devs write... IT'S SHIT. Their OS is full of insecure kludgey shit. Remember the Zune Leap Year BS? Just try to get away with committing some of that shit to the Linux Kernel team. Google Tried committing crap kernel code from Android, guess what? IT WAS REFUSED; Told to get cleaned up. I mean... fuck man.. GET REAL!
Call good viruses "agents" and then it's perfectly okay.
They should first read some history about the very first computer virus, written by Robert Morris (Jr) in 1988. If for no other reason than to realize they are so very late to this ideas party...
He had the same idea and only wanted to make a program that can spread itself around, but not actually do anything (aka payload), however due to a single incorrect counter value in an otherwise harmless virus, the very act of spreading itself so aggressively is what ended up taking down the entire Internet (Or at least all 6000 sendmail servers, which was basically all of it at the time.)
They seemingly are calling it the Morris Worm now:
http://en.wikipedia.org/wiki/Morris_worm
Or just Google on "Robert Tappan Morris" (To not be confused with his father, whom was also at MIT and also had some involvement with the initial Internet)
In either case, this is an especially poor *name* for what they are doing.
Either A) It infects machines they do not own (aka a Virus), which is a crime, and a very very bad/stupid thing to do,
or B) They run it on their own machines only, where they have permission and authority to do so, in which case this is not a virus but is instead is called "Pushing an app to my network"
I have this vision of a Japanese Software Engineer sitting in the back of the room mumbling, "A Skynet solution approach? OK. This is what Skynet is, and this is were we are at. High! we could make this work!"
"Com with me if you want to live." - Terminator, 1984
And created by worshipers of SATAN
Maybe... ftp://ftp.uni-magdeburg.de/pub/mirror/hpux.ask.uni-karlsruhe.de/Networking/Admin/satan-1.1.1/satan-1.1.1.man.html
Nothing new to see here, move along. "Good" virus == Existing virus scanners with pre-approved permissions to "handle" said virus (i.e. quarantine, delete, etc...) Now if a virus scanner is considered a virus (many think they are), then I sense a recursion problem ahead...
Yawwwwwnnnn.
Bugs are committed to Linux all the time. You just don't hear about it as much. It's not "big news" because (a) less people are trying to make a botnet out of a couple million Linux boxes and (b) it doesn't feed the "let's bash on MS" crowd on Slashdot.
I'm not a Microsoft fanboy, but I'm willing to recognize the hurdles they have to face: trying to not break backwards compatibility, dealing with the fact that most home users will be the "fuck security, I don't want to have to enter a password it's MY computer" types, and being targeted because of sheer numbers of marketshare. And I guarantee you, if Linux had even 30% of the desktop market, you'd see an absolute ton of malware being written for it and "0-day" exploits every day. Even if the bugs were only present in the main branch of the discordant, splintered Linux distro world, it'd happen.
Linux 1% market share?
Well, maybe desktop. But internet backbone? Facebook/Amazon/Google/etc server farms? Hate to break it to you, but those are almost all Linux. And that's where the real data is.
Check your premises.
I believe that was my point:
Actually, if you look at the server market where Linux has a larger market share, they DO try to crack it - and lo and behold, they tend to succeed relatively on the same pace as breaking into Windows server boxes.
But thanks for responding without reading.
Except that Linux has a large percentage of the server market so that makes it a high value target.
I will admit that Windows gets blame for things that I just do not think are it's fault.
For instance I do not think it is right to blame any OS for trojans. If you run a program as admin that infects your system that isn't the OSs fault. Of course for the longest time Windows pretty much was useless if you where not running as admin and it has taken a while for software to learn to play nice when it is being run by a normal user.
AKA it isn't Windows falt if you click on "hot naked chicks.exe" in your email.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
Sorry, but the rate of success is nowhere near as good. If it were, ALL of your data would already be completely out in the open.
Also, you quote the 1% figure as though it were gospel - which it is not.
Both your logic and your presentation/writing are flawed.
Check your premises.
I think it is a great idea but is not legal, as it can also delete by error files that are infected, so that legal copy of LMFAO mp3 is deleted because it had a virus...no thank you! The best is what MS is doing, hunting down the C&C and shutting them down as well as shutting down all infected pcs.
Except that Linux has a large percentage of the server market so that makes it a high value target.
Did I NOT say the following: "Actually, if you look at the server market where Linux has a larger market share, they DO try to crack it - and lo and behold, they tend to succeed relatively on the same pace as breaking into Windows server boxes."
Yes. I'm looking at my post and it is RIGHT FREAKING THERE. Wow.
In the server market, Linux is a high value target. So it gets hacked into. Fairly regularly.
In the home desktop market, where botnets take hold (because a botnet of 100 servers is infinitesimally less useful than a botnet of a couple million home boxes on cable/dsl lines), Microsoft OS'es are the high value target because they control the vast majority of market share. It's really that simple. The fact that the home desktop market is where people who will click on "hot naked chicks.exe" with no problem tend to concentrate? Well, that wouldn't change no matter what the OS of choice was.
Well let's go to the numbers.
Also, you quote the 1% figure as though it were gospel - which it is not.
So I rounded to whole numbers. BFD.
I have a solution for combating malware on PC already. It's called antivirus, and while it's not perfect, it's predictable. Software that I didn't put on my machine doesn't belong there. Regardless of the intention.
You persist in using desktop numbers, not internet server farm numbers. Which don't get published so much; they're mostly considered proprietary information. But it is easily verifiable that Google, Facebook, eBay, Amazon (including AWS), and pretty much all the other big names use Linux for their server farms, not Windows.
Yes, I concede that for desktops, Linux has a tiny market share.
For the internet backbones, server farms, research farms, and so forth, Windows doesn't get used all that much. And that's where the real concentration of data is.
Also, you don't take into consideration the value of a compromise. The value of compromising J Random Luser's home PC is far, far less than that of compromising say a Facebook server with personal information or getting into some company's AWS virtual hosts.
Check your premises.
Except that they don't have the same rate of success, as evidenced by the fact that all the hosts on AWS and Google and so forth haven't been turned into bot farms and all the data exposed to the world.
Check your premises.
OS X has it's fair share? Really? They have, say, 10% of the computer market, and about 0.0001% of the actual, in-the-wild viruses. The main problem on OS X is trojans (to which ANY platform is vulnerable) and OS X has NEVER had a self-replicating virus the way Windows has. (Nimda, Code Red, Sasser, etc.)
So yeah, if everyone switched to OS X or Linux, we probably WOULD be better off. Maybe not perfect, but much, much better.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
It's obvious!!!
Reminds me of some movie plots.
---- Booth was a patriot ----
the freebsd port tree was the first attempt at a 'voluntary' walled garden, eg they would monitor and fix the ports tree, and you wouldn't get virused in the expected lifespan of the hardware. debian improved on the concept. with repositories, and ubuntu took away root with sudo commands... i realize from the software side there is no mechanism against installing 3rd party software, or making your user root, but the people who they intended to run the stuff wouldn't actually know they weren't in a walled guarden, if they followed the advice of their elders.
https://www.gnu.org/philosophy/free-sw.html
...but not the one they need right now.
The Zune leap year bug was written by Freescale devs (purely as example code, IIRC). Freescale devs also contribute highly to the linux codebase. So - are Freescale devs lousy or talented?
(Disclaimer, I worked for Freescale around the time of the zune bug.)
Also FatPhil on SoylentNews, id 863
Maelstrom by Peter Watts The evolution of a viral soup on the net is illustrated beautifully in this (freely available) book: http://www.feedbooks.com/book/975/maelstrom It's a great read. Viruses fighting for supremacy and interbreeding on the net may be an inevitable part of an evolving net-biosphere but probably not the best thing to encourage!
Yeah, but heck out Super Computers.
:P
How often do they get hacked?
Test runs in closed networks have helped the ministry to confirm the cyberweapon's functionality and compile data on cyber-attack patterns.
I'd like to see these test networks, I am willing to bet they are just some group of corporate big-shots trying to sell a few more government contracts to a broken government that is trying to assure their naive populace that they are doing everything they can against those nasty Chinese hackers.
What makes them think their test network is any representation of the real world? What makes them think they can actually discover viruses using viruses when anti-virus software can do no better? They can't do it. Once the virus is live, attackers will figure out a way to circumvent it, and this project will have accomplished nothing.
So it's a self replicating anti-virus that involuntarily heals computers to protect others? Sounds good, but isn't gaining unauthorised access to a computer illegal (At least in the UK and US)? And you'd have to trust the vendor. Maybe the government would give the vendor legal immunity, but then paranoid conspiracy theorists (eg. RMS) would go crazy, and they might have a point for once
You're all talking and giving references of XXth century virii which infected files.
Virii today use these infection paths:
1.- Exploits on browsers/plugins while browsing infected servers.
2.- Exploits on open ports.
3.- User installing software that carries spyware or trojans.
The paths 1 & 2 are caused by non-updated vulnerable software and somebody MUST do something about that if the user doesn't care.
Path 3 can be mitigated by using an updated antivirus. An antivirus would block the "good virus" too, as it would not be required on that computer.
We all know this is how SkyNet started this way.... I guess 2012 really /is/ the end of the world!
Welchia brought the internet to a stand-still in 2003 while trying to remove Blaster. This is a problem resolved by education, not technology.
Finally had enough. Come see us over at https://soylentnews.org/
Shame they could not have done this at the nuclear power plant.
All cows eat grass!