Security Basics mailing list archives
Re: Spreading an anti-virus like a virus
From: enine <enine () ninefamily com>
Date: Tue, 6 Dec 2005 08:57:44 -0800
-------- Original Message --------
From: Chris Largret <largret () gmail com> Sent: Tuesday, December 06, 2005 8:43 AM To: Pranav Lal <pranav.lal () gmail com> Subject: Re: Spreading an anti-virus like a virus On Mon, 2005-12-05 at 21:52 +0530, Pranav Lal wrote:Hi all, At some point I have read that a possible approach in dealing with the spread of a computer virus over the Internet is to make the anti-virus spread like a virus. I remember reading a debate on this approach. Does any one have any links?Yes, I have seen several threads along that line. It is an interesting thought to ponder, but not something that should ever be implemented. There are too many unknowns when you are putting a "virus-like" program on another computer. Networks, programs that are monitoring or doing various things, special settings that the user may or may not have activated, whether they have all of the latest patches or not, etc. Virus writers don't really deal with special cases, but a program to deal with "fixing" the computer by entering the computer illegitimately would have to make sure it doesn't break anything. That is what all of the various threads basically boil down to. No matter the purpose of the program, if it breaks into the computer and loads itself on that machine, that program is a worm or virus. All of the testing is why anti-virus vendors charge for their time. -- Chris Largret <http://daga.dyndns.org>
Even if you do the testing to make sure it works how are you going to properly distribute it? If you attempt to spread it like an e-mail based virus then your simply spamming those of us who don't want/need your program. if you attempt to scan for a vulnerable port then your no better than some h@x0r scaning my ports. This is one case where fighting fire with fire doesn't work.
Current thread:
- Spreading an anti-virus like a virus Pranav Lal (Dec 05)
- Re: Spreading an anti-virus like a virus Chris Largret (Dec 06)
- Re: Spreading an anti-virus like a virus John Bond (Dec 07)
- Re: Spreading an anti-virus like a virus Michael Cecil (Dec 07)
- <Possible follow-ups>
- RE: Spreading an anti-virus like a virus Arun Vishwanathan (Dec 05)
- Re: Spreading an anti-virus like a virus enine (Dec 07)
- Re: Spreading an anti-virus like a virus Chris Largret (Dec 06)