Re: Spreading an anti-virus like a virus

[enine <enine () ninefamily com>]

 -------- Original Message --------
> From: Chris Largret <largret () gmail com>
> Sent: Tuesday, December 06, 2005 8:43 AM
> To: Pranav Lal <pranav.lal () gmail com>
> Subject: Re: Spreading an anti-virus like a virus
>
> On Mon, 2005-12-05 at 21:52 +0530, Pranav Lal wrote:
> > Hi all,
> >
> > At some point I have read that a possible approach in dealing with 
> > the spread of a computer virus over the Internet is to make the 
> > anti-virus spread like a virus. I remember reading a debate on this 
> > approach. Does any one have any links?
>
> Yes, I have seen several threads along that line. It is an interesting
> thought to ponder, but not something that should ever be implemented.
> There are too many unknowns when you are putting a "virus-like" program
> on another computer. Networks, programs that are monitoring or doing
> various things, special settings that the user may or may not have
> activated, whether they have all of the latest patches or not, etc.
> Virus writers don't really deal with special cases, but a program to
> deal with "fixing" the computer by entering the computer illegitimately
> would have to make sure it doesn't break anything.
>
> That is what all of the various threads basically boil down to. No
> matter the purpose of the program, if it breaks into the computer and
> loads itself on that machine, that program is a worm or virus.
>
> All of the testing is why anti-virus vendors charge for their time.
>
> --
> Chris Largret <http://daga.dyndns.org> 

Even if you do the testing to make sure it works how are you going to properly distribute it?  If you attempt to spread 
it like an e-mail based virus then your simply spamming those of us who don't want/need your program.  if you attempt 
to scan for a vulnerable port then your no better than some h@x0r scaning my ports.
This is one case where fighting fire with fire doesn't work.