Disinfecting Without Informed Consent

 
 
By Larry Seltzer  |  Posted 2003-05-19 Email Print this article Print
 
 
 
 
 
 
 

If people won't clear out their own viruses, can we do it for them? Is it just science fiction? Security Supersite Editor Larry Seltzer says the real issues are moral and legal.

I once was technical director at a computer magazine for which sci-fi writer Orson Scott Card wrote a regular column, prompting me to read the "Enders" series of novels. (Bad column; great novels.) I was reminded this week of an event from one of these books, in which (if I recall correctly) an advanced civilization turns a threatening virus into a beneficial source of gene therapy.

What does this scenario have to do with computer security? It all began with Fizzer, a hot Windows-based worm and the subject of my last column. Its still spreading, if at a decelerating rate.

One of the interesting "advances" in Fizzer is that it has a facility for updating itself, just like antivirus programs and other security software use. This primitive facility looked at a particular Web site for updates, and from the earliest analyses of Fizzer, it was noted that this site contained no updates. Then someone got clever.

The authors of Fizzer made the mistake of provoking IRC (Internet Relay Chat, the original chat facility of the Internet) administrators by using IRC as a backdoor mechanism. Some of these admins formed an ad-hoc "Fizzer Task Force/IRC Unity" group to tackle the Fizzer problem. This group announced last week that it had taken over control of the update site and that it intended to place a Fizzer remover there, the idea being that the worm would update itself off the infected systems.

Its a really cool idea, although the group has had to retreat in the last few days. First, nobody in the group appears to have the specialized programming skills to write a hot uninstaller for a program for which they have no source code. Its definitely a tough job. But the administrators also became concerned about legal problems, and that definitely put the kibosh on the effort for now.

So back to "Enders Game" and gene therapy in the wild: I love what these guys tried to do, and they could go a lot further. I think theres an opening to take it to the next level with white-hat virus writing. As I wrote last week, Ive often thought that the same people must be getting all the same mass-mailer worms because they havent applied any of the Microsoft patches from the past few years. So why not write some mass-mailer worms that check for and remove the most common infections, such as Klez.h? For extra credit, get the system to download and install patches to prevent them in the future. (That would be really hard to do, by the way.)

Of course, Im not the first to think of this. Its under discussion on SecurityFocuss Incidents mailing list. And at the July 2002 Blackhat Las Vegas conference, Timothy Mullen of AnchorIS.Com, Inc. gave a presentation (MS PowerPoint file) raising the prospect of "automated strike-back systems."

Mullen is bothered by the same stuff that gets under my skin: There are a lot of badly mismanaged systems out there, and they are responsible for a large number of attacks on the Net. He asks: Would it be right to engage systems to remove the infections from them without the owners or administrators permission? The point of Mullens piece is more to ask questions—the same ones Im asking—than to make concrete proposals.

Its such a tempting idea, but its probably illegal; so if it happens I had nothing to do with it. (Got that?) I do think you could make a moral self-defense argument for doing something like this, assuming sufficient testing were done to prove safety and efficacy. Alas, life is not a science-fiction novel, and the lawyers will win this one.

Security Supersite Editor Larry Seltzer has worked in and written about the computer industry since 1983.
 
 
 
 
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel