/~~~~~~\ *********** ***********
~\( * * )/~ *********** ***********
( \___/ ) *** *** ***
\______/ *********** *** *** *** *******
@/ \@ *** *** *** *** *** ***
*** *** *** *** *** ***********
*** *** *** *** *** *********** |\__/|
******** *** ***** / \
******** *** *** ~\( 0 0 )/~
*** ( /---\ )
*** \______/
*** @/ \@
***
==============================================================
April - July, 1994. Volume I, Issue 1
==============================================================
CONTENTS:
1. "Alive" Is Alive Again! - Editor's Word
2. In the Trap of the Language
3. Puzzle - Continued (2)
4. The Legend - Fred Cohen
... Interview
... Article Review - Trends in Computer Virus Research
5. The Mystery - Mark Ludwig
... Interview
... It Conquered the World : A Fiction Excerpt from Mark
Ludwig's "CVAL&E" for Your Enjoyment
6. The Reality - Vesselin Bontchev
... Interview
... Dozen Reasons Why a "Good" Virus Is a Bad Idea
.............................Vesselin Bontchev
... An Example of Beneficial Virus
.............................Vesselin Bontchev
7. The Grand Debate about Beneficial Viruses and Artificial Life
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% %
% ALIVE, Copyright 1994. By Suzana Stojakovic-Celustka %
% This magazine may be archived and reproduced without charge %
% throughout Cyberspace under the condition that it is left %
% in its entirety. Send submissions, comments, etc. to %
% celust@cslab.felk.cvut.cz and subscription requests to %
% mxserver@ubik.demon.co.uk %
% %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<****
"ALIVE" IS ALIVE AGAIN! - EDITOR'S WORD
=======================================
Dear Readers!
For those who already lost every hope that "Alive" will be alive ever again
here are the good news. The first real (non experimental) issue of "Alive"
is right in front of your eyes. Apologies and thanks to all of you who were
patient till now.
The reasons of delay are various. As it usually happens real life interferes
with the best intentions. Sincerely, it is not so easy to bring to the world
new number when one person is editor, technical editor, graphic designer,
journalist, critic, student, etc...Anyway there are signs that such a
situation will improve in some time, so no more complainings. I hope you will
like this number and am expecting any and all comments and contributions.
About this issue:
-----------------
The first article "In the Trap of the Language" is my attempt to find out how
to make a good definition of a computer virus. I have to confess that I
didn't expect that this problem would bring me so far in philosophy. Somehow,
I am still not sure that exact solution exists and probably this topic will
have a continuation.
The second article is one more step to find the solution of Puzzle presented
in the last number. With a little help of Fred Cohen, here is the first try
to define environment in which is suspected to have something "alive".
I was very glad to be a host to three guests in this number : Fred Cohen,
Mark Ludwig and Vesselin Bontchev. They are speaking about themselves and
their work exclusively for "Alive". If you thought that you knew everything
about any of these persons, maybe you were wrong. Read the interviews and
might be that you will find something new.
Respecting Fred Cohen's wish to not reproduce any of his published articles
or texts in electronic form, in this number you can read only review of his
article "Trends in Computer Virus Research". There is also an excerpt from
Mark Ludwig's new book "Computer Viruses, Artificial Life and Evolution",
reprinted from "Crypt Newsletter" No 22 with permission. Vesselin Bontchev
made an extension of his "Dosen Reasons Why a "Good" Virus Is a Bad Idea"
(which appeared originally on Virus-L some time ago) exclusively for "Alive".
The Reasons are pretty convincing, but there is also his Example of
Beneficial Virus presented in this number. It is actually an excerpt from a
longer Mr Bontchev's recent posting to Virus-L.
With these guests the Grand Debate about Beneficial Viruses and Artificial
Life starts from this number in "Alive". If you think that you have something
to say about this theme, please send your contributions. You don't have to
be an expert or a "good" guy/girl. As long as contributions have a form
according to "Alive" guidelines, they will be deeply appreciated.
About contributions and subscriptions:
--------------------------------------
Preferred form of contributions are short articles or previews. Comments on
contributions will be deeply appreciated, but will be published only if they
have a convenient form. This is -not- a place for polemics or blames, so
please don't send your comments if you have nothing constructive to say. The
preferred form of code examples is pseudo-code. The code of existing viruses
which somebody could consider beneficial will not be published here. Send
your contributions and comments to celust@cslab.felk.cvut.cz
**************************************************************************
WARNING!! During the vacation time, i.e. 20th July - 1th September, please
send your contributions and comments to celustka@sun.felk.cvut.cz
**************************************************************************
Subscriptions requests should be sent to mxserver@ubik.demon.co.uk
Where can you find "Alive":
---------------------------
The number of hosts where you can find "Alive" increased since last number.
The magazine is available for anonymous ftp from following sites:
1. ftp.informatik.uni-hamburg.de in /pub/virus/texts/alive
(by courtesy of Vesselin Bontchev, Virus Test Center, University of Hamburg,
Germany)
2. ftp.demon.co.uk in /pub/antivirus/journal/alive
(by courtesy of Anthony Naggs, UK)
3. ftp.elte.hu in /pub/virnews
(by courtesy of Toth J. Szabolcs, Eotvos Lorand University, Hungary)
4. ftp.u.washington.edu in public/Alive
(by courtesy of Jeffrey E. Hulten, University of Washington, USA)
Gophers:
saturn.felk.cvut.cz
(by courtesy of administrative personnel of Computer Department, Czech
Technical University, Prague, Czech Republic)
ursus.bke.hu
(by courtesy of Toth J. Szabolcs, Eotvos Lorand University, Hungary)
Other places:
Slovak Antivirus Center BBS +42 7 2048 232 ZyXEL 1496+ 19.200 Bd NonStop
(by courtesy of Peter Hubinsky, Slovak Antivirus Center, Bratislava,
Slovakia)
Software Library of University of St. Gallen - the requests may be sent to
luca.sambucci@ntgate.unisg.ch
(by courtesy of Luca Sambucci, University of St. Gallen, Switzerland)
Any offer from other sites will be appreciated.
Acknowledgements:
-----------------
I wish to thank to Fred Cohen, Mark Ludwig and Vesselin Bontchev for their
appearance and contributions in this number.
Also thanks to Jeffrey E. Hulten (USA), Philip Fites (Canada) and Vladimir
Vrabec (Czech Republic) for their suggestions how to improve the quality of
"Alive". Hopefully, there will be PostScript and Hypertext (WWW) versions of
"Alive" in near future.
There are no language corrections in this number, but I would like to thank
to Martin Tharp (USA) for corrections he made in the last number.
About editor:
-------------
The editor is currently a Ph.D student on Computer Department, Faculty of
Electrical Engineering, Czech Technical University in Prague. Is working on
her Ph.D thesis and hoping that "Alive" will bring a lot of useful material
and a lot of fun.
So, dear readers, enjoy the reading and make your copy of "Alive" really
alive: SPREAD IT WIDELY!
****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<****
Some say that life's an illusion
Who knows what's false or what's true...
...With all of its glories and all of its faults
It seems life is a bittersweet waltz...
- "Bittersweet Waltz" -
****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<****
IN THE TRAP OF THE LANGUAGE
===========================
There is a problem which bothered me since the results of Contest for the
Best Virus Definition were published. It seemed that plain language was not
suitable to define computer virus properly. Well, the problem of good
definition of whatever is not anything new.
1. GOOD REPRESENTATIONS
Looking for the recipe how to make good definitions I found some books. The
first one is "Artificial Intelligence" by Patrick Henry Winston [5]. There
are few words there about good representations:
"...In general, a representation is a set of conventions about how to
describe a class of things. A description makes a use of the conventions of
a representation to describe some particular thing.
Finding the appropriate representation is a major part of problem solving.
Consider, for example, the following children's puzzle:
The Farmer, Fox, Goose and Grain:
A farmer wants to move himself, a silver fox, a fat goose, and some tasty
grain across a river. Unfortunately, his boat is so tiny he can take only
one of his possessions across on any trip. Worse yet, an unattended fox
will eat a goose, and an unattended goose will eat grain, so the farmer
must not leave the fox alone with the goose or the goose alone with the
grain. What is he to do?
Described in English, the problem takes a few minutes to solve because you
have to separate important constraints from irrelevant details. English is
not a good representation.
Described more appropriately, however, the problem takes no time at all, for
everyone can draw a line from the start to finish in figure 1. instantly. Yet
drawing that line solves the problem because each boxed picture denotes a
safe arrangement of the farmer and his possessions on the banks of the river,
and each connection between pictures denotes a legal crossing. The drawing
is a good description because the allowed situations and legal crossings are
clearly defined and there are no irrelevant details.
-------- --------
| Grain | | Farmer |
| ====== |-->| Goose |
| Farmer | | Grain |
| Fox |<--| ====== |
| Goose | | Fox |
|________| |________|
^ | ^ |
| V | V
-------- -------- -------- -------- -------- --------
| Farmer | | Fox | | Farmer | | Goose | | Farmer | | ====== |
| Fox |-->| Grain |-->| Fox | | ====== |-->| Goose |-->| Farmer |
| Goose | | ====== | | Grain | | Farmer | | ====== | | Fox |
| Grain |<--| Farmer |<--| ====== | | Fox |<--| Fox |<--| Goose |
| ====== | | Goose | | Goose | | Grain | | Grain | | Grain |
|________| |________| |________| |________| |________| |________|
^ | ^ |
| V | V
-------- --------
| Fox | | Farmer |
| ====== |-->| Fox |
| Farmer | | Goose |
| Goose |<--| ====== |
| Grain | | Grain |
|________| |________|
Figure 1. ( ====== denotes a river)
The representation principle:
Once a problem is described using an appropriate representation, the problem
is almost solved..."
Reading this, one could say: "Oh, I knew that. What is so special? If I can
describe problem properly then solution is not so far. But, I should know
something about the problem first.."
2. THE KNOWLEDGE AND THE LANGUAGE
Yes, here we come. What is the knowledge at all? Another interesting book
"The Tao of Physics" by Fritjof Capra [2] says:
"...Rational knowledge is derived from the experience we have in objects and
events in our everyday environment. It belongs to the realm of the intellect
whose function is to discriminate, divide, compare, measure and categorize.
In this way, a world of intellectual distinctions is created; of opposites
which can only exist in relation to each other.
Abstraction is a crucial feature of this knowledge, because in order to
compare and to classify the immense variety of shapes, structures and
phenomena around us we cannot take all their features into account, but have
to select a few significant ones. Thus we construct an intellectual map of
reality in which things are reduced to their general outlines. Rational
knowledge is thus a system of abstract concepts and symbols, characterized
by linear, sequential structure which is typical of our thinking and
speaking. In most languages this linear structure is made explicit by the use
of alphabets which serve to communicate experience and thought in long line
of letters..."
Here comes the question again: how much is the plain language suitable to
describe natural world if it is an abstraction itself? Reading the same book
further:
"...The natural world on the other hand, is one of infinite varieties and
complexities, a multidimensional world which contains no straight lines or
completely regular shapes, where things do not happen in sequences, but all
together...It is clear that our abstract system of conceptual thinking can
never describe or understand this reality completely. In thinking about the
world we are faced with the same kind of problem as the cartographer who
tries to cover the curved face of the Earth with a sequence of plane maps.
We can only expect an approximate representation of reality from such a
procedure, and all rational knowledge is therefore necessarily limited...
To quote the semanticist Alfred Korzybski: 'The map is not the territory'...
...For most of us it is very difficult to be constantly aware of the
limitations and of the relativity of conceptual knowledge. Because our
representation of reality is so much easier to grasp than reality itself, we
tend to confuse the two and to take our concepts and symbols for reality..."
Oh well, it is clearer now (or maybe not), but what to do? Especially in
science where we need unambiguous descriptions. Ibidem:
"...The inaccuracy and ambiguity of our language is essential for poets who
work largely with its subconscious layers and associations. Science, on the
other hand, aims for clear definitions and unambiguous connections, and
therefore it abstracts language further by limiting the meaning of its words
and by standardizing its structure, in accordance with the rules of logic.
The ultimate abstraction takes place in mathematics where words are replaced
by symbols and where the operations of connecting the symbols are rigorously
defined. In this way, scientists can condense information into one equation,
i.e. into one single line of symbols, for which they would need several pages
of ordinary writing..."
So, it seems that mathematics is a proper language for the science. Is it
really? Continuing:
"...The view that mathematics is nothing but an extremely abstracted and
compressed language does not go unchallenged. Many mathematicians, in fact,
believe that mathematics is not just a language to describe nature, but is
inherent in nature itself. The originator of this belief was Pythagoras who
made the famous statement 'All things are numbers' and developed a very
special kind of mathematical mysticism. Phytagorean philosophy thus
introduced logical reasoning into the domain of religion...
...The scientific method of abstraction is very efficient and powerful, but
we have to pay a price for it. As we define our system of concepts more
precisely, as we streamline it and make the connections more and more
rigorous, it becomes increasingly detached from the real world. Using again
Korzybski's analogy of the map, we could say that ordinary language is a map
which due to its intrinsic inaccuracy, has a certain flexibility so that it
can follow the curved shape of the territory to some degree. As we make it
more rigorous, this flexibility gradually disappears, and with the language
of mathematics we have reached a point where the links with reality are so
tenuous that the relation of the symbols to our sensory experience is no
longer evident. This is why we have to supplement our mathematical models and
theories with verbal interpretations, again using concepts which can be
understood intuitively, but which are slightly ambiguous and inaccurate..."
It looks like a magic circle: real world - language - mathematics - language
- real world. Where is the reality?
"...It is important to realize the difference between the mathematical models
and their verbal counterparts. The former are rigorous and consistent as far
as their internal structure is concerned, but their symbols are not related
to our experience. The verbal models, on the other hand, use concepts which
can be understood intuitively, but which are slightly ambiguous and
inaccurate..."
3. WHERE WE ARE?
Taking this trip through the theory we are coming back to the initial
question: is natural language appropriate tool to define a computer virus?
There is no doubt that computer viruses belong to the real world. One can try
to define a computer virus using natural language only. As results of Contest
for the Best Virus Definition and many bitter discussions on Virus-L show,
such definitions are still very inaccurate. Even worse, everybody can define
a computer virus on his or her own way which leads to confusion. Few
mathematical definitions while more accurate are not widely understandable...
The one of most known mathematical definitions of computer virus was given
by Fred Cohen. Here are few words from him about this subject:
-----------------------------------------------------------------------------
A: Can the use of mathematics avoid ambiguity of plain language in definition
of computer virus?
FC:
I translate - Can the use of a precise and well defined language avoid
ambiguity of plain language?...Mathematics is a subclass of the more general
class of languages. All mathematics is linguisticly defined, therefore
language, if used precisely, can be as accurate as mathematics. The real
problem is that mathematics says a lot of things more concisely than language
because it is essentially a set of macros. For linguistic definitions to work
for regular people, they have to be short enough to remember and accurate
enough to apply. Hence my very short linguistic definition:
- A life form (substitute virus if desired) is an information structure that
reproduces in a particular environment. -
-----------------------------------------------------------------------------
4. THE END IS NEW BEGINNING
Well, I could summarize now what I have learnt about how to make a good
definition:
1. The first step is to check what is our knowledge about the problem. It is
also a first level of abstraction, i.e. we cannot take all features of
observed phenomenon into account, but have to select a few significant ones.
This process is common in everyday life. One evokes a "mental model" about
some concept. What will such a "mental model" show depends on information one
has collected about the subject till that moment. Such an information is
usually different for every individual depending on his or her experience,
education, source of information, interest, etc. In the case of computer
viruses the knowledge will include the information about computers,
programming, possibly biological viruses, etc.
The problem with "mental models" is that probably no two persons with the
same "model" exist. Also exchange of "mental models" is not usual way of
communication today.
2. The second step is to find a representation for a "mental model", so one
could share it with other people. It is the further level of abstraction,
i.e. choice of a set of conventions about how to describe a class of things.
The most common tool one will use for description is natural language. It
means one will describe a "mental model" using words which are sequences of
letters from some alphabet. In fact, one is constructing a "natural language
model" of phenomenon. To represent computer virus by English language the
words used could be: "reproduction", "infection", "program", etc.
The problem with natural language is that there does not exist universal
language which all people would understand (that problem is impressively
demonstrated in the story of the Tower of Babylon [3]). Furthermore, even in
the limits of one language, it can often happen that the same words will have
different meanings for different people ("There are many different languages
in the world, yet none of them is without meaning." - 1 Corinthians 14.10).
It is what we call ambiguity and inaccuracy of natural language.
3. The science and technique need unambiguous descriptions. For that reason
it is necessary to abstract the language further. Such an extremely
abstracted and compressed language is mathematics. This language is more
accurate and precise than natural language. It is also universal for the
people who understand it.
The problem with mathematics is that it is not a language which is commonly
used for communication in everyday life. Mathematical models will be
understood by particular groups of people only.
4. To ease understanding of mathematical models to wider audience, they
should be accompanied with verbal interpretations which will explain symbols
used. The graphic representation of mathematical models is also useful. As
it was shown in the example at the beginning of this text, drawings are
pretty convenient descriptions in some cases.
The problem here arises when one separates verbal or graphic interpretation
from mathematical definition. It may cause the similar confusion as stated
in point two.
The above steps show different levels of abstraction (or modelling) one
should pass to obtain an accurate definition. Each level has its own inherent
problems. The accuracy required depends, in the last instance, on the
environment where definition will be applied. In the case of computer viruses
the most of the people will be satisfied with definition in natural language.
It has to be stressed again that such a definition will be inaccurate due to
ambiguity of natural language. The good technical definition of computer
virus should be the mathematical one because of its accuracy and consistence.
It should be also accompanied with verbal and graphical interpretations for
better understanding.
Although above text does not give a good definition of computer virus
immediately, it answers to some questions. Namely, it explains why the
results of the Contest in technical categories were so poor. Simply, because
mathematical and verbal parts were separated from each other in the
guidelines of the Contest for the Best Virus Definition. It also explains the
very good results in poetical category. The ambiguity of natural language was
not an obstacle there, just the opposite, it was an advantage. Greater
freedom in wording gave interesting results.
Talking again about technical definitions, there are new questions which
bother me now. The natural language and mathematics follow different logic
in their structure. The formal mathematical logic is monotone, i.e. if
formula is provable in some theory T it is also provable in every theory T',
where T is subset of T'. It means that the more initial axioms exist, the
more new statements is possible to prove. It does not always work in real
life. There are many universal statements in real life which have numerous
implicit suppositions which are not possible to include initially. For
example, from supposition that every bird flies, we can conclude that certain
bird named Quido can also fly. Later we find out that Quido is a penguin and
penguins do not fly. In that moment our system of reasoning should fall
apart, because this fact is obviously controversial. Nevertheless, such a
type of inconsistency is not an obstacle in everyday life. The natural
language covers this inconsistency better. It can be said that natural
language follows non-monotone logic. So, having a mathematical definition
which is accompanied by verbal counterpart it is still questionable how they
will match each other.
There is also the question how the final model or "picture" corresponds to
reality, i.e. how to prove that it is true. That problem is not new. Ludwig
Wittgenstein says in his Tractatus Logico-Philosophicus [6] :
" 2.223
To recognize if picture is true or false, we should compare it with reality.
(Um zu erkennen, ob das Bild wahr oder falsch ist, muessen wir es mit der
Wirklichkeit vergleichen.)
2.224
From picture itself it is not possible to recognize if it is true or false.
(Aus dem Bild allein ist nicht zu erkennen, ob es wahr oder falsch ist.)
2.225
An a priori true picture does not exist.
(Ein a priori wahres Bild gibt es nicht.)
3
Logical picture of fact is thought.
(Das logische Bild der Tatsache ist der Gedanke.) "
It is not so easy to answer the question of the truth. If we recall of
Korzybski's analogy of the map, the main question remains: How to find the
map which will cover the territory on the best way?
5. REFERENCES
1. Anzenbacher A., Introduction to Philosophy, SPNP, 1990. (in Czech)
2. Capra F., The Tao of Physics, Shambhala Publications Inc., 1975.
3. Good News Bible, The Bible Societies, 1990.
4. Marik V., Stepankova O., Lazansky J., et all, Artificial Intelligence I,
Academia Praha, 1993.
(in Czech)
5. Winston P.H., Artificial intelligence, Third edition, Addison - Wesley
Publishing Company, 1992.
6. Wittgenstein L., Tractatus Logico-Philosophicus, Oikoymenh, Prague, 1993.
(in Czech with original German text)
7. E-mail conversation with Fred Cohen
***&---&***&---&***&---&***&---&***&---&***&---&***&---&***&---&***&---&***&
The truth is like a tiger, but with many horns;
like a cow, but without a tail.
- Zenrinkushu saying -
***&---&***&---&***&---&***&---&***&---&***&---&***&---&***&---&***&---&***&
PUZZLE - CONTINUED (2)
======================
In the last issue of "Alive" I was wondering if Misra's algorithm for
regenerating token in logical ring could be considered as a sign of "life".
I got later some instructions from Fred Cohen how to solve this puzzle. One
should try to find a solution in two steps:
1. Define environment
2. Check if observed object reproduces in given environment.
Well, I will try to give now more information about environment and entities
considered.
Distributed systems:
--------------------
The environment in general is a distributed system. Distributed systems are
characterized by there being no global state visible to an observer at any
given instant. There is no common memory. There has to be a communication
system which enables sharing of information.
Computer networks have provided the first example of a distributed software
and hardware structure. The entities comprising the system are the sites at
which the computers are located and the communication system that enables
these sites to exchange messages.
Once the idea of a distributed system is introduced it becomes necessary to
specify its components, that is, the distributed algorithms. Whatever the
architecture of physical distributed system is, there is a need for
distributed algorithms which usually provide the basic functions that are
essential to all information systems, e.g. mutual exclusion, detecting
termination, etc.
Distributed algorithms:
-----------------------
1. Basics:
A distributed algorithm has been defined as a set of processes which, by
exchanging messages, co-operate to achieve a common end - performing some
desired function or providing some required service.
A distributed algorithm has two basic elements:
a) The processes that receive, manipulate, transform and output data.
b) The links along which these data flow and which form a network having both
structural and dynamic properties.
2. Concepts and techniques:
Whatever the design and construction methodology is employed, distributed
algorithms make use of the standard techniques associated with networks, such
as using the acknowledgement of receipt of a message to check that it has
been sent, broadcasting values to a group of processes and so on.
a) Diffusing computations
The processes can be linked by their communication paths in any manner
whatsoever, but one process is special in that initially it can only issue
messages. Further, and initially again, only this process can issue messages,
and subsequently any other process can issue a message only if it has
received one. It is the principle of spanning tree of the graph representing
the processes and their links.
b) Circulating token
The "token" here is a privilege or priority that is made to circulate around
the set of processes connected in a ring structure. This technique is used
particularly by algorithms for termination and mutual exclusion.
c) Time stamping
This mechanism makes it possible to label the events in a consistent manner
in relation to the interactions between the processes, that is, the issue and
receipt of messages: in terms of time as defined by the logical clocks, an
issue will always precede the corresponding receipt. This is particularly
used for algorithms that enter into distributed systems, such as those for
mutual exclusion and detection of mutual blocking.
3. Communication + ordering = control
By its very definition, a distributed algorithm is based on communication of
messages. In very many cases this communication can take place according to
particular topology - logical ring, tree structure - and with the use of
particular technique - circulating token, diffusing computation. Thus there
is relation of appropriateness between the structures of the topology and of
the communication control.
Summary:
--------
Environment considered in this puzzle is a distributed system. In such a
system distributed algorithms are used to provide the basic functions.
Distributed algorithms consist of separate processes that communicate with
one another by exchange of messages. The Misra's algorithm, presented in the
last number, showed the method for detecting the loss of a token (a special
message which the processes hand from one to the other in the logical ring)
and regeneration of token if it is lost. The question was if it was a sign
of life in given environment. The environment is more explained now. The next
step should be to show if basic entities, i.e. processes and tokens
(messages) can reproduce in such an environment.
References:
-----------
1. Janacek J., Distributed systems, 1993., Vydavatelstvi CVUT, (in Czech)
2. Raynal M., Distributed Algorithms and Protocols, 1988., John Wiley & Sons
3. E-mail conversation with Fred Cohen
^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!
It moves. It moves not.
It is far, and It is near.
It is within all this,
And It is outside of all this.
- Upanishads -
^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!
THE LEGEND - FRED COHEN
=======================
There are very few people dealing with computer viruses who have never heard
the name Fred Cohen. He is the person who first brought computer viruses to
scientific community. Here are some well known formal information:
In 1983, Fred Cohen performed and described the first experiments with
computer viruses. He gave the definition of computer virus in his paper
"Computer Viruses - Theory and Experiments", originally appearing in IFIPsec
84. To quote this paper:
"We define a computer "virus" as a program that can "infect" other programs
by modifying them to include a possibly evolved copy of itself."
Dr Cohen is best known for his pioneering work on computer viruses, the
invention of high integrity operating system mechanisms now in widespread
use, and automation of protection management functions. He regularly provides
consulting services for top management worldwide. During the past 10 years
of his research work, Fred Cohen wrote over 60 professional publications and
11 books. He is also a widely sought speaker, averaging over 12 invited talks
per year. Dr Cohen's current interests are in the areas of high integrity
distributed computing, office automation, information warfare, information
theory, artificial life and social aspects of computing.....
The Fred Cohen's formal biography is much, much longer, so let's leave it for
some other time. Some less formal information Fred Cohen gave himself,
speaking exclusively for "Alive" :
A: Why did you get interested in computer viruses?
FC:
When the idea came to me, it was incredibly interesting and I followed up.
The most interesting thing is the implication about life in general.
When I first started to do experiments and report on the results, I was
greeted with quite a bit of hateful commentary. At one point, I was even
called on the carpet of one of the Professors and accused of breaking into
computers at another university. I was innocent, but treated as if guilty.
That experience has helped me through the various other times I have been
falsely accused of breaking into computers.
Somewhere during that period, an old saying one printed on a wall at
Carnegie Tech by Alan Perlis came back to me:
Problems worthy of attack,
Prove their worth by fighting back.
A: What could you say about your work which is not so commonly known?
FC:
By now, I have published almost everything that has come up. The only real
disappointments relate to my inability to find any paying work related to
computer viruses. Lots of people have offered me work if I will say things
that aren't true, or endorse a product that I think is not very good. People
want the use of my name, but not the results of my effort and analysis. A
good example is the controversy surrounding benevolent viruses. I have been
black balled by many members of computer security community because I refuse
to renounce what I feel to be the truth. Among the leaders of the black
balling are academics who I think should be fighting for academic freedom and
the proliferation of new ideas, but it turns out they can get more research
grants by speaking out against new ideas than by giving them a fair airing.
It should be no big surprise - after all, as recently as 1988, I had an NSF
grant proposal rejected by poor reviews from academics who claimed that there
was no such thing as a computer virus and that viruses could not work in
systems with memory protection. Obviously, they never bothered to read any
of the 50 or so papers I have written on the subject.
A: What problems did you have in presentation of your work?
FC:
Only a few years ago, I was called a heathen by the computing community
including many professors at universities. The reason was that I supported
the notion of benevolent viruses. They had a public effort to black ball me
from research grants and other work, and it was almost unopposed. It got
quite lonely at times, but I persevered, and now I am only loathed and hated
by a small majority of the computing community.
In the fall of 1992, I was vocally and electronically vilified for publishing
the results on the effectiveness of built-in protection in Unix and Novell
networks against viruses and specifying the proper protection settings for
these environments. A few months later, Novell agreed with me, and they are
now changing some things about their protection scheme. Then, I was scheduled
to present an updated version of the paper at the DPMA conference in New
York, but they censored my benevolent virus paper, and had another speaker
present a paper about Novell Netware protection that was just plain wrong,
led Novel administrators to use inadequate protection, and got reprinted in
a national magazine.
I guess I was wrong - you never get used to it - but you have to decide if
you want to tell the truth as you see it or be popular - it is unlikely that
you will ever get both until well after you are dead. I have made a personal
choice that has doomed me to financial ruin over the last seven years or so,
but despite the financial impact on me and my family, I have tried to keep
on.
I have told you some of the problems I have encountered, and there are many
more of them, but let's keep to the positive aspects for now.
A: Why people still do not understand what do you mean when talking about
computer viruses?
FC:
There are at least two or three answers to that. The first one is that few
people recognize that viruses are really only part of a pair - the life form
and its environment. The life form is not alive except in an environment,
and yet for linguistic ease, we speak of viruses as if they were independent.
The second one is that simple explanations are commonly used to avoid having
to talk about the great breadth of issues involved in this field. It's a lot
easier to sell fear when you can claim all Indians are evil than when you
have to explain the difference between a Shawnee and a Mohawk. Another reason
is that most people aren't very interested in mathematics or being very
precise in what they do. Why bother to fully understand when you don't have
to. That's my view, but who knows what is really in other peoples' minds.
A: What is your concept of beneficial virus?
FC:
All technology (in my experience) is a two edged sword. We tend to see one
edge or the other, but both exist. When we explore both sides, we get a
deeper understanding. A benevolent virus is simply a virus that is used for
good purposes, but then this is a matter of context. For example, even an
extremely malicious virus used against an enemy could be perceived as
beneficial. Good and bad are relative. Most of the viruses I discuss as
benevolent are in fact reproducing symbol sequences without any known
malicious side effects. For example, the maintenance viruses that automate
systems administration functions are only doing what people would otherwise
have to do manually. They save extra labour by automatically distributing
themselves, etc. but otherwise, that are just the same as any other program.
A: Why did you get interested in artificial life?
FC:
I am interested in life because I am alive and want human life to continue,
to grow and evolve, and to advance and survive - both for myself and for my
children. The word artificial is really only a side effect of peoples' egos
requiring a special name for things they create. My interest is in deeper
understanding, and thus I examine the issues of life from an informational
standpoint and abstract out the specifics of whether the environment is
biological, electromagnetic, or what have you. I am an information scientist
by degree, training, and interest. As such, the study of information (a.k.a.
symbolic representations in whatever form) is one of my passions.
A: Why did you write "It's alive!"?
FC:
I enjoy writing, and I had done a significant amount of work on this subject
that I thought might be of interest to others. I was also somewhat
disappointed by the presentation of artificial life as it is given by the
growing mainstream of the field, and wanted a venue in which I could express
contrary and novel ideas without the growing set of conservative researchers
trying to stop me. When I talk about this topic, I am talking about real
living creatures, not things that mimic real living creatures. I am talking
about foundations for the understanding of life in the general sense, an
expansion of biology into the general informational domain, drawing parallels
between our biosphere and the infosphere, understanding the implications of
the changes in our environment through information systems before we
experiment on our children, understanding life forms in a different way,
understanding the implications of our emerging technologies and ways of
thinking about things, and other stuff like that.
In my book, I don't just talk about computers, but about the concepts of God,
evolution, the generation and creation of life, death and why it must exist
and why we need it to survive, the joint life forms we are now creating,
diseases of the joint life forms, models of biological life and our
willingness to commit memocide. I try to bring the richness of the world
together in my writing so that the outbreak of Ebola Zaire can be related to
the Jerusalem virus in a sensible way, and we can see the implications of our
actions.
As you can see, I have a passion for this subject, and if I continue at this
pace, you will have another book to review.
A: Why people are willing to reject the concept of beneficial viruses or
artificial life in general?
FC:
I don't care to speculate further on peoples' motives at this time, but as
a general guide, we might consider that people have emotions and that their
motives are often complex and poorly understood. I have had people tell me
that I am paving a road to hell with my good intentions, but I cannot tell
which of us is really doing that because I am not omniscient. I just walk the
path that seems right to me and try to understand the implications before I
make big decisions.
A: Do you think that there is anything unethical in claims that beneficial
viruses exist?
FC:
I think it is unethical to claim that there are NO benevolent viruses when
we all know that they do exist and have seen published examples. The ethical
questions in any research come from the analogy to the two edged sword
described above. I feel we have a responsibility to present both sides of
the issue, to consider the implications of our work and how it will impact
others, and to consider these issues deeply and carefully before proceeding.
To me, it is very strange that people complain about my publishing results
on benevolent viruses. After all, I got a lot of complaints in the 1980s
about publishing results on malicious viruses, including over 40 papers in
that period on protection against viruses. My conclusion is that the people
complaining about the ethical issues are more often than not, expressing
their frustration that somebody else thought of an interesting new line of
research and published the results despite its somewhat negative impact on
their research. Every once in a while, there may be an ethical issue worth
bringing up, but it is patently ridiculous to claim that it is unethical to
publish results of research into useful applications of computer viruses.
But then, people also claim we should not publish results on useful
applications of nuclear physics because there are nuclear weapons.
\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|
Take care of the means and the ends will take care of themselves.
- Mahatma Gandhi -
\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|
Article Review:
---------------
TRENDS IN COMPUTER VIRUS RESEARCH
=================================
by Dr Frederick B. Cohen
In this paper (published in 1991.) Fred Cohen discusses current trends in
computer virus research. The article is an excellent reading for those who
want to get a short insight in entire Fred Cohen's work.
The text can be roughly divided in two parts. In the first part the author
gives a quick review of history of malicious viruses and defensive methods
against that type of computer viruses. The second part deals with benevolent
viruses and the design of useful viruses in practice. The article is closed
by discussing future research topics.
Malicious Viruses and Defense
-----------------------------
This part begins with a short insight to the history of malicious viruses'
attacks. The term is referred mostly to the population of IBM PC/DOS viruses
which started to appear in large numbers since 1987. The author call those
viruses - "real-world viruses".
In the further text the preview of defense methods against malicious viruses
is given. The vulnerabilities and advantages of several well known ideas are
discussed. It is stated that all built-in self-test techniques are vulnerable
to a generic attack, i.e. when the virus activates before program being
attacked and forges the operating environment so that altered information
seems to be unaltered to the protection system. According to the author the
most effective protection against malicious computer viruses is defense-in-
depth. In this approach many approaches are combined, so if one technique
fails, redundant techniques provide added coverage. The combined use of virus
monitors (scanners), integrity shells, access controls, virus traps, on-line
backups, SnapShots ("SnapShoting" of system memory at bootup and performing
a complete replacement of the system state with the known state from a
previous bootstrap), BootLocks (providing low-level remapping of disk areas
to prevent bootstraping mechanisms other than the BootLock mechanism from
gaining logical access to the DOS disk) and ad-hoc techniques should provide
reliable protection against operation, infection, evasion and damage by known
and unknown viruses. Disadvantage of such an approach is space/time
consumption when realized entirely in software. It is pointed out that
performance of defense system can be greatly enhanced through hardware based
implementations.
Benevolent viruses and further research
---------------------------------------
In the second part the author introduces the concept of benevolent virus. He
explains that computer viruses are some of the fastest distributed programs.
They distribute freely, easily and evenly throughout a computing environment.
The hardest problem in parallel processing is efficient uniform distribution
of computing between computers working together on the same problem. With
computer viruses the solution of this problem is easier because of their
ability to replicate and spread. It is, however, important to know that the
problem of controlling virus growth must be addressed before widespread use
of viruses in existing computer networks.
To avoid confusion, the author gives his famous definition of computer virus
from the paper "Computer Viruses - Theory and Experiments" (published 1984.):
"We define a computer 'virus' as a program that can 'infect' other programs
by modifying them to include a possibly evolved copy of itself."
There is also description of worm:
"...so-called "worm" programs would install segments on computers which were
not in use, performing "segments" of the parallel processing problem being
solved..."
The author's formal definition of computer virus (not presented in this
article) for mathematical reasons encompasses all self-replicating programs
and programs that evolve and move through a system or network, thus putting
many of the worm programs under the formal description of computer virus.
The short history of theoretical and experimental work on self-reproducing
programs is given. The two examples of useful computer viruses are presented.
One example is The Viral Bill Collector. It is a distributed program which
allows to the user to avoid a large centralized bureaucracy which controls
and directs all activities, by distributing all functions to the individual
bill collectors. The computing environment "births" and "kill" collectors
according to the current requirements.
The second example is Maintenance Virus. To reduce manual system
administration, maintenance viruses are implemented. They replicate
themselves in limited numbers, seek out known imperfections and repair them.
The author points out that "birth/death" processes are central to the problem
of designing viruses that do not run amok, as well as to the evolution of
viral system over time.
Some other future improvements of useful viruses as random variation and
selective survival are discussed. It is stated that in the same way as we can
generate computer program from specifications, we can generate evolutionary
systems from specifications, and assure to reasonable degree that they will
act within predefined boundaries. The author regretfully notices that viruses
have gotten a bad name, partly because there are so many malicious and
unauthorized viruses operating in the world. He offers as possible solution
of this problem the "Computer Virus Contest" which rules prohibit the use of
viruses that have been released into uncontrolled environments, viruses
placed in systems without explicit permission of the owner and viruses
without practical mechanisms to control their spread.
The author concludes that "just as biological viruses can cause disease in
humans, computer viruses can cause disease in computer systems, but in the
same sense, the benefits of biological research on the quality of life is
indisputable, and the benefits of computer virus research may same day pay
off in the quality of our information systems, and by extension, our well
being."
Further reading:
----------------
I would recommend this article for the start to those who want to get
acquainted with Fred Cohen's work. The next step could be the book "A Short
Course on Computer Viruses" where the same themes are presented in more
details. According to personal wishes, one can continue either going further
with the theory by reading Fred Cohen's Ph.D thesis or some of his articles
with formal definition of computer virus, or to find some practical solutions
of viral and security problems in some of numerous Fred Cohen's articles with
that subjects. Personally, I am waiting impatiently to read the newest book
"It's Alive!".
^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^
The man who fights for his ideals
is the man who is alive!
- Miguel de Cervantes -
^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^
THE MYSTERY - MARK LUDWIG
=========================
Reading the following text from the article published in Crypt Newsletter No
22, I got curious. Yes, I have heard the name Mark Ludwig earlier, but it
always had some negative connotation. This article was somewhat different...
[ IN THE READING ROOM: "COMPUTER VIRUSES, ARTIFICIAL LIFE AND EVOLUTION"
BLASTS EVOLUTIONARY SCIENCE WITH THEORETICAL PHYSICAL METHODS
Just after Christmas, on December 27th, Addison-Wesley France was served with
a temporary legal notice prohibiting the distribution of its recently
published French language edition of Mark Ludwig's "Little Black Book of
Computer Viruses, Volume 1." Entitled "Naissance d'un Virus" or "Birth of a
Virus," the French edition was selling for about $50 cash money. The company
is also distributing a disk containing copies of Ludwig's TIMID, INTRUDER,
KILROY and STEALTH viruses separately for a few dollars more.
However, before the ink was dry on the paper a French judge dismissed the
complaint, said Ludwig between laughs during a recent interview. Addison
-Wesley France, he said, subsequently worked the fuss into good publicity,
enhancing demand for "Naissance d'un Virus."
Almost simultaneously, Ludwig has published through his American Eagle
corporation, its follow-up: "Computer Viruses, Artificial Life and
Evolution," which will come as a great surprise to anyone expecting "The
Little Black Book of Computer Viruses, Part II."
For those absent for the history, "The Little Black Book of Computer
Viruses," upon publication, was almost uniformly denounced - by the orthodox
computer press - as the work of someone who must surely be a dangerous
sociopath.
Most magazines refused to review or mention it, under the working assumption
that to even speak about viruses for an extended length - without selling
anti-virus software - only hastens the digital disintegration of the world.
Ludwig found himself engaged in a continued battle for advertising for his
book, losing contracts without notice while the same publications continued
to stuff their pages with spreads for cosmological volumes of pornography.
This has always been a curious, but consistent, hypocrisy.... ]
...Later in the same text there were few words about the author...
[...Not surprisingly, the controversy has kept sales of "The Little Black
Book" brisk since its initial printing and financed the expansion of American
Eagle.
Which brings us, finally, to "Computer Viruses, Artificial Life and
Evolution," a book which takes a hard scientific look at life and the theory
of evolution, and only incidentally contains working viruses.
To grapple with the underlying philosophy behind "CVAL&E," its helpful to
know Ludwig was a physics major at Caltech in Pasadena, CA, at a time when
Nobel-laureate theoretical physicists Richard Feynman and Murray Gell-Mann
were in residence. The ruthlessness with which these scientists dealt with
softer disciplines not up to the task of thorough theoretical analysis
coupled with the academic meat-grinder that is Caltech's reputation, casts
its shadow on "CVAL&E."
Ludwig writes in the introduction:
". . . Once I was a scientist of scientists. Born in the age of Sputnik, and
raised in the home of a chemist, I was enthralled with science as a child.
If I wasn't dissolving pennies in acid, I was winding an electromagnet, or
playing with a power transistor, or . . . freezing ants with liquid propane.
When I went to MIT for college I finally got my chance to totally immerse
myself in my first love. I did rather well at it too, finishing my
undergraduate work in two years and going on to study elementary particle
physics under Nobel laureates at Caltech. Yet by the time I got my doctorate
the spell was forever broken . . . I saw less and less of the noble scientist
and more and more of the self-satisfied expert."...]
...Well, at this point I decided to contact Mark Ludwig and ask him some
questions. Here is he, answering exclusively for "Alive":
A: Why did you get interested in computer viruses?
ML:
I thought they were interesting as genetic, self-reproducing entities, and
I just wanted to learn something about them, as a scientist. What little I
could find out about artificial life seemed very much skewed toward the
evolutionary point of view, which is in my mind more philosophy than good
science. Since computers are universal simulating machines, I think one thing
AL [Artificial Life] researchers can get into is a sort of programmatic story
telling which has little to do with reality. I mean, of course you can design
something to evolve (Lamarkian or Darwinian) just because you have an
universal simulating machine. But does that have anything to do with real
life?
I saw viruses as a real-life phenomenon, rather than a laboratory construct.
Perhaps they are the only "life-form" apart from earth's carbon-based life
we will ever meet. Laboratory AL experiments tend to be contrived because
the researcher's intelligence inevitably enters in. Viruses, as a phenomenon,
are somewhat different. They're in the wild. What do they do there? Do they
evolve? Can they evolve? The whole question just seemed fascinating to me.
A: When did you start to deal with computer viruses and could you describe
shortly your work?
ML:
About 1988 or 1989. Given the above interest, the natural thing to do seemed
to be to get some viruses and learn about them. That proved to be a real
challenge though. Technical knowledge of this field was very hush-hush then.
I ended up solving the problem by setting up a BBS and announcing that I'd
send people $20 if they'd send me a virus. So I got a few that way. But I
realized it was going to be hard to discuss my scientific interests with
anyone if no one understood the technology behind viruses. Furthermore, I
did not believe that this silence was best for mankind in the long run. I
mean, here is this brand new technology -computers & information science-
and a brand new phenomenon -viruses- and all anybody wanted to do was to make
it go away. As a scientist, I was much more inclined to explore the
possibilities. Yet I knew I couldn't possibly do that alone if we're really
going to find out what uses these things might have, or what understanding
they might actually contribute to other scientific disciplines. Science
doesn't work like that now-a-days. The knowledge has to be more generally
available before anyone could even begin to think along these lines. So I set
out to make that knowledge accessible.
A: Why did you write "The Birth of a Virus" ?
ML:
"The Birth of a Virus" is the French edition of "The Little Black Book of
Computer Viruses." I plainly wrote it so that the average programmer could
learn the basics of how a virus operates. That was published in 1991. It is
not intended to be a compendium of all the tricks virus programmers use, or
anything like that. It is an introduction. The viruses discussed in the book
(4 of them) are pretty basic, but they get some of the basic techniques
across, and illuminate the issues which a virus must face to reproduce.
A: Why did you write "Computer Viruses, Artificial Life and Evolution"?
ML:
CVALE is a first stab at discussing my original interest in viruses. It
discusses questions like "Are viruses alive?" and digs into viral evolution,
comparing viruses to real-world organisms, etc. It's about more than just
viruses, though. It's about the whole Artificial Life movement, as well as
science and philosophy. Really, I think what I've seen in staring hard at
viruses might be very valuable in bringing about a revolution in evolutionary
biology. Using carbon-based organisms is a horrible way to study evolution.
They're too complex and we don't understand them well enough. The time frames
of evolution are too large. And deep philosophical questions rear their heads
all over the place. Inside the computer, most of these difficulties just
vanish. The one thing you have to be careful of is the universal nature of
the computer. What you don't want is to create some kind of science that will
always confirm itself. Looking at viruses can teach us how to impose some of
the checks and balances that science needs to be valid.
A: Do you think that your work is unethical or illegal?
ML:
Illegal? Some people tell me that it is in some parts of the world. Certainly
it is not illegal in the US.
Unethical? That is a more difficult question. I don't think so, but I'm open
to correction. I mean, I realize that by publishing viruses, somebody could
use that information to hurt somebody else. It's not my intention to empower
would-be criminals. At the same time, I think a lot of people can get hurt
because people who should have the technical expertise to deal with malicious
viruses don't have it and have a hard time getting it. The idea that you can
combat a human intelligence with a piece of software is ludicrous. Anybody
who just installs an anti-virus and sits back on his laurels is asking for
trouble. At least some virus writers are intelligent people. And the only way
to combat a human intelligence is with human intelligence. In other words,
you start with first hand knowledge of what viruses are and how they work.
Given that first hand knowledge, you can reasonably choose anti-virus
software to protect your systems, etc., but you don't just pick the program
based on some advertisement, or some review that purports to be unbiased,
albeit written by an a-v developer or by some peon at an advertiser-driven
magazine. Thus, I see my work as being potentially very beneficial in that
it brings education and light where darkness has been.
The only way I can see to answer the ethics question is to weigh the merits
and dismerits of what I'm doing. I've always taken the attitude that I'll
do this on a tentative basis, but if it proves out that people are taking
my stuff and wreaking havoc with it, I'd be the first one to condemn it.
Now, 3 years after the release of The Little Black Book, I think I can say
safely that people are not, for the most part, running out to destroy the
world with it. They are behaving responsibly.
We do not make it illegal to manufacture hammers or knives because people do,
occasionally, kill other people with those implements. We do not call the
knife manufacturer immoral or unethical. Killing someone or not with them
is the responsibility of the user, not the manufacturer.
I fail to see why viruses should be treated differently. The a-v community
argues that there is no such thing as a good virus, ergo there is no benefit
side to the equation, as in the case of a hammer. Even if they were right on
that point, though, it would not be logical to conclude, therefore, that
making information about viruses available is therefore also bad. Someone
who learns about viruses -who gets the first hand knowledge about them- is
going to be a whole lot better at facing a malicious virus running amok in
a network than somebody who simply sits back and lets somebody else, e.g. an
anti-virus company, do his job for him. The second person will in all
likelihood need expert help to get rid of the virus. The first will be the
expert to begin with. Thus it seems reasonable to suggest that even if all
viruses were only evil (which I do not believe), it could still be very good
to make the knowledge of them available, because in so doing you are teaching
people how they work and giving them the expertise to fight them better. As
far as I can see, the benefits do outweigh the dangers here.
I think when considering the ethics of all of this, we have to realize that
the a-v community is trying to partake of a new ethic which, if carried to
its logical conclusions, will have a chilling effect on all innovation and
all human initiative. You see this new ethic throughout society. It damns
anything which could potentially be harmful before you even know whether it
will be beneficial or not. I don't care whether you're talking about a-v or
environmentalism or about the latest drive to socialize medicine in the US,
this mindset is behind it. The bottom line is an attempt to create a
risk-free socialist world controlled by a technical elite. Now, you can't
stop hammers with this approach, but you can sure stifle anything new,
because you can magnify the risks, and diminish the benefits, and people
don't have an intuitive feel for it.
The truth is that people who reason this way are trying to make gods out of
themselves. They are not content to let their opinions be opinions. Rather
they try to elevate them into moral truism. A lot of people in the west
still have a love-affair with socialism, so they buy into this risk-free
attitude without questioning it much. We shouldn't be deceived by such
propaganda though.
A: What problems did you have in presentation of your work?
ML:
Well, nobody wanted to print it. But it was not that big of a deal since I
already owned a publishing company which published other books for university
classes. I just had to decide whether we should get into this line or not.
I've had enough experiences in other fields of science to know that if you
want to do anything new you're going to meet resistance. I haven't run into
any problems I didn't expect from the start.
A: Why people are willing to reject the concept of beneficial viruses or
artificial life in general?
Most people don't reject the idea of a beneficial virus if you discuss it
with them intelligently. Rather, they become open to it rather quickly.
There's a certain amount of inertia you have to overcome to get people to
actually install a beneficial virus, though, because they've been brainwashed
into believing that virus = bad. Once you get past that, it's not a problem.
Now, obviously, I won't say the same of the anti-virus community. Here you
have a case of group-think where everyone just echoes everyone else's
opinion. It's kind of like an extreme political party. Breaking ranks will
get you ostracized. They are the ones who've been trying to brainwash people,
and they want to keep it up because they are pushing an agenda that puts them
in the driver's seat. They know full well that to make any concession in
their position is to open the floodgates. How will you ever pass legislation
against the free dissemination of virus-related information once you admit
that some of it might be beneficial? You won't. So they'll fight the idea of
a beneficial virus to their dying breath.
Artificial Life is a different matter, though. I think a lot of people reject
the concept in its strong form for religious or philosophical reasons.
Furthermore I think those reasons are completely valid. I mean, IF you accept
the idea that life is nothing more than atoms and physics, it makes sense to
define life functionally and then design something functionally equivalent
and call it life. However that IF is a big if. There are plenty of reasons
not to do that, both philosophical and purely scientific. Most of the people
doing AL work just leap right in like good positivists and sweep the deeper
questions under the rug. If AL is ever to garner widespread support, those
who study it are going to have to be more sensitive to the philosophical
issues. I tried to do that in my book, though I haven't gotten a whole lot
of feedback as to how well I succeeded.
A: Are there persons in virus/anti-virus field that you respect and why?
ML:
Technically there are quite a few people I respect. Writing viruses and
anti-viruses is kind of like a programmer's version of a grand master's
chess game. You need both a good deal of skill and a sense of the art of it
to play on either side.
Intellectually, I don't have very much respect for many of the people who've
made a name for themselves in a-v work. Many of them aren't thinking for
themselves anymore. They've made up their minds and they won't hear new
ideas. They're like politicians who are so committed to a movement that they
don't dare change, and they stagnate intellectually as a result.
There are a whole lot of people a step below the big names, though, who
are just good people trying to keep the computers in their companies clean
and what not. They aren't pushing an agenda - they're just trying to get
their job done. They're open minded and they will listen to new ideas.
I respect these people a lot, and it's my sincere desire to help them get
their job done. By making technical information about viruses available,
I'd like to believe that I'm doing that.
!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!
And God saw that it was good. And God blessed them,
saying 'Be fruitful and multiply'
-Genesis 1:21,22
(The dedication to Mark Ludwig's "Little Black Book about Computer Viruses")
!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!
IT CONQUERED THE WORLD: A FICTION EXCERPT FROM MARK LUDWIG'S "CVAL&E,"
=======================================================================
FOR YOUR ENJOYMENT
==================
[Warning: Sections of the following may seem morbid and unpleasant.]
Cast 50 years in the future . . .
"Atomic storage technology was developed and put to work in computers 40
years ago. Five years later the first notebook computers with 100 terabytes
of pico-second access, non-volatile storage became available for under $5000.
Of course, software lagged far behind hardware. For nearly 20 years, the
software giants battled it out developing operating systems to make effective
use of the storage technology. In fact, operating systems proliferated to
such an extent that real progress in programming gave way to brute
competition between operating systems. By and by, IBM came up with the
solution. Their OS/4 operating system was an incredible engineering feat.
About 1.2 terabytes of code, fully interactive speech recognition, touch and
vision interface, artificial reality feedback. But the clincher was the
artificial intelligence which allowed the operating system and applications
to adapt to both the individual user and the software developer. It was a
cinch to write very complex programs in this environment because of the
artificial intelligence, despite the fact that there were nearly 2 million
possible system calls. Shareware proliferated for it, and then commercial
programs that would boggle the mind of anyone just ten years earlier.
"By 2045, OS/4 was the _de facto_ standard. There weren't even any close
competitors. Nobody even had any interest in new operating systems, because
this one seemed to fit everyone's needs so well. It seemed to be the golden
age of computing, except for one thing. OS/4 had some anti-virus measures
built into it. They worked pretty well. However, a fairly simple but benign
virus appeared in this environment that those anti-virus measures couldn't
cope with. This virus was only about 2 megabytes in size, and since it was
benign, nobody cared much about it. However, at the time the United States
had become a tyranny whose evils had eclipsed even those of Stalin and
Hitler. Most intelligent people had fled the country long ago. The
government went on a crusade to find the author of the virus. They got their
man, and subjected him to functional re-engineering at the hands of
nano-robots. A horrible fate. This focused quite a bit of attention on the
virus and its alleged author. To defend this poor scapegoat, a team of
scientists got together and proved that just such a virus should evolve into
a useful clean-up utility if left alone.
"A couple weeks later IBM released a supplementary anti-virus utility to take
care of the problem. Even though the scientists said not to worry, a lot of
people wanted the virus out, and IBM saw this as a good way to make a moral
statement about virus writing that would make a number of governments happy.
This . . . was the beginning of the end, though. A typical case of the quick
fix. No one took the time to disassemble the virus. Nobody listened to the
team of scientists.
"Until that anti-virus utility was released, there was little evolutionary
pressure on the virus, and most of it caused evolution in beneficial ways.
The utility was quite adept at putting pressure on the virus to make it
malevolent, though. And the virus mutated with incredible ease . . . If that
were not enough, the artificial intelligence of the anti-virus only succeeded
in driving the viruses - which also used system AI resources - to become
smarter and more prolific. The anti-virus was made available on a Monday,
free of charge to the general public. By Wednesday, the whole world was in
chaos. Everything was shut down. Financial markets. Communications.
Hospitals. The works. Nobody went to work. People were dying . . ."
(c)opyright 1993 American Eagle Publishing. Used with permission.
&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**
The disciples asked the master:
- What will happen with you after your death?
- I will go to the hell.
- But, they think that you are very holy master!
- If I don't go to the hell, how can I help you?
- Zen text -
&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**
[ The book review of "Computer Viruses, Artificial Life & Evolution" and "It
Conquered The World" originally appeared in the February 1994 issue of The
Crypt Newsletter. They are reprinted in "Alive" with permission of Crypt's
editor George Smith (Urnst Kouch). The Crypt Newsletter is a monthly
publication featuring science news, media reviews and comment of interest to
a computing audience. E-mail: ukouch@delphi.com ]
Editor's note:
--------------
The "underground" versions of The Crypt Newsletter contain source code of
some viruses. It is disputable if they are beneficial or not. The "clean"
versions (without virus code) are available on Compuserve.
~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~
THE REALITY - VESSELIN BONTCHEV
===============================
Many people know the name Vesselin Bontchev from discussions on Virus-L/
comp.virus. His formal biography says:
In 1988 Mr Bontchev became interested in computer viruses and soon afterwards
his freeware anti-virus programs were the most popular in Bulgaria. In 1990
he became the director of the Laboratory of Computer Virology at the
Bulgarian Academy of Sciences - a laboratory, created mainly due to his
efforts. Since 1991 he is working on his Ph.D. thesis in the Virus Test
Center at the University of Hamburg, Germany.
Since 1990 Mr Bontchev is the Bulgarian representative in IFIP's TC-11
(Computer Security). He is also a founding member of CARO (the Computer
Anti-virus Researchers' Organization), a founding member of VSI (the Virus
Security Institute), and a member of EICAR (the European Institute for
Computer Anti-virus research).
Mr Bontchev's main fields of interest include computer viruses, computer
security, integrity and data protection, encryption, number theory....etc.
Leaving formalities for a moment, Vesselin Bontchev speaks for "Alive"
exclusively:
A: Why did you get interested in computer viruses?
VB:
Initially - because they are interesting, of course. I mean, they are
challenging; doing something that is unusual and clever. Later I discovered
that my knowledge in this field can help many other people and this motivated
me additionally.
A: When did you start to deal with computer viruses and could you describe
shortly your work?
VB:
It all began in the Spring of 1988. At that time I was working on a voluntary
basis as a consultant for the only Bulgarian computer-related magazine -
"Komputar za vas" ("Computer for You"). I was asked to provide some help in
translating a German article (from the German magazine "CHIP", I believe)
about computer viruses. I didn't know German at all, but I knew a lot about
computers. The article was initially translated by a professional translator,
who knew German perfectly, but knew nothing about computers and the special
jargon used in this area. There was a lot of funny stuff in the draft
translation... But I digress.
In short, the article was about computer viruses. I read it, and the subject
captivated me at once. Knowing from personal experience that the quality of
the information obtained from such sources as popular magazines tends to be
rather low, I used the information system of the Bulgarian Central Institute
for Scientific and Technical Information to do a library search by keywords
and then to read all available serious journals that had some articles on
this subject. The most valuable source of information proved to be "Computers
& Security", and in particular the papers from Dr. Fred Cohen and Prof.
Harold Highland - two of the very few people that seemed to know what they
were talking about.
After reading all that was available to me at that time (not that much; there
weren't so many articles published on this subject at that time), I decided
that while an interesting mental exercise, computer viruses couldn't be that
dangerous, because every moderately competent computer techie should be able
to spot them at once. Also, it was obvious that all the hype in the popular
media was caused mostly by people who knew near to nothing on the subject.
Even the viruses that existed at that time didn't seem anything particularly
clever - I remember that when I read the description of Brain, I spent long
time wondering what the *other* part of the code could do, because it was
clear to me that anybody with some experience in assembly language
programming could fit the described functionality into less than one kilobyte
of code - so what were the other 2 Kb of the virus *doing*?
In short, I wrote an article for "Komputar za vas", explaining my view that
computer viruses can't be a real threat. What I have overlooked was that by
far not all computer users are technical experts who know by heart the
internals of their machines... Just a couple of days after my article was
published, two guys came at the editor's office of the magazine and proudly
announced that they have found a virus! It was what we are calling now
Vienna.648.Reboot.A, but nobody knew it at that time. The two guys had
already dealt with the infection in the company they were working for (they
were system programmers, after all) and demonstrated us how well their
custom-made disinfector works... disinfecting the only copy of the virus left
in their disposition. Of course, I wanted to examine "the beast" and to
understand how exactly it works and why. The problem was, it was already
gone! I visited the office in their company, and after a long and fruitless
search for an infected file, we finally found a piece of paper in the trash
bin, that contained the hex dump of an infected file... I got that piece of
paper and entered the code with DEBUG byte-by-byte. Then I disassembled it,
understood it, wrote my own disinfector (and even a vaccine) for it... This
is how it all began for me. My second case was Cascade, then Ping_Pong, then
the Bulgarian viruses began to appear (Old_Yankee, Yankee_Doodle), and then
came the Dark Avenger...
My work now? Well, I am working in the Virus Test Center at the University
of Hamburg, under the leadership of Prof. Klaus Brunnstein. I am in charge
of maintaining our virus collection. I am also analysing viruses, helping
people who are asking virus-related questions from all parts of the world,
writing my Ph.D. thesis, testing anti-virus products, and many other less
exciting things.
A: Why did you leave Bulgarian anti-virus scene and moved to Germany?
VB:
Because I was proposed the wonderful opportunity to live and work under
excellent working conditions in place with a very high reputation in the
computer anti-virus field - and also to get a Ph.D. there.
A: Are you familiar with present virus/anti-virus situation in Bulgaria?
VB:
It depends on your definition of "familiar". I have a pretty clear idea of
what is happening there, although I am not as much familiar with the
virus/anti-virus scene there as I used to be.
A: It is known that certain animosity existed between you and Bulgarian
virus writer known as Dark Avenger some time ago.
VB:
That is put very mildly, yes.
A: What do you think about him today?
VB:
The same bad things I've been always thinking about him. Sorry, but my
education does not allow me to list them here.
A: What is your general opinion about virus writers?
VB:
Most of them are just irresponsible juvenile people (I am tempted to say -
kids), who want to "establish" themselves and to impress their peers, by
doing things that they perfectly know are regarded as "bad" by the society,
but for which, as they also know very well, this same society is unlikely to
be able to punish them. They like so much to brag about their "exploits" and
"civil liberties", but it is actually the same old graffiti writing, only in
a more modern, electronical form. In short - vandals.
A: What do you think about beneficial viruses and artificial life? Why are
people willing to reject the concept of beneficial viruses and artificial
life in general?
VB:
I don't feel competent to comment about artificial life, because I am not
expert in this area. I don't believe that computer viruses are a form of
artificial life, however.
People don't like to even hear about the so-called "beneficial viruses"
mostly because the term "computer virus" is already loaded with negative
meaning in the public opinion - maybe incorrectly, just like the term
"hacker", but that's it how it is. I would suggest to anybody who is doing
serious and responsible research in the field of self-replicating code, to
use some other term, if they don't want to be misunderstood by the general
public. After all, what Dr. Cohen is understanding under the term "beneficial
virus" is *very* different from those nasty little programs that the general
public is acquainted with.
A: Do you think that is unethical to claim that computer viruses can be
beneficial and why?
VB:
Now, that's a difficult question... Well, it depends. It depends on what are
the motives of the person making the claim. Is he a legitimate scientist who
is trying to use an interesting phenomenon for something useful for the
humanity? Or is he just an irresponsible person who is looking for an excuse
for his asocial acts and is trying to masquerade them under the
scientifically-looking term "research"?
However, I think that even the legitimate researcher ought to emphasize that
he is talking about something completely different from the real computer
viruses known to the general public - in order not to be misunderstood. Also,
I think that he should clearly (and loudly) distinguish himself from the
virus writing crowd. Research - yes, but seriously done, in clear and
strictly controlled environment, by people who have the knowledge and
experience to conduct it. Just like the kind of research into biological
experiments.
A: You often mention "real viruses". What are they and how are they related
to the concept of "beneficial viruses" ?
VB:
I am convinced that what most people understand under the term "computer
virus" cannot be beneficial. When the average user hears the term "computer
virus", he almost certainly does not have a valid definition for it, but just
as certainly he has a pretty clear view of what the term is about. I call
this a "real computer virus". Real computer viruses are always bad.
My professional understanding of "real virus" is this:
"Something has entered my computer without my authorization and is
replicating there, potentially doing damage."
The accents are on (a) entered without authorization, (b) replicating -
i.e. modifying executable objects and wasting time and disk space, and (c)
maybe it is doing damage, maybe it is intentionally, maybe not intentionally.
The average user's understanding of "real virus" is probably:
"Something is here, I didn't allow it to be here. I've been told it can
spread like living being and that it can destroy my data/programs. I don't
like it."
Two years ago I asked the net to send me the arguments why they think a
"good" virus is a bad idea. I have collected dozen reasons. I do not claim
that computer viruses cannot be beneficial, but any virus that pretends
to have this property must not violate any of the 12 conditions.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Originality and the feeling of one's own
dignity are achieved only through work
and struggle.
- Dostoevsky -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vesselin Bontchev:
DOZEN REASONS WHY A "GOOD" VIRUS IS A BAD IDEA
==============================================
I. Technical points:
--------------------
1. Once released, one has no control on how the virus will spread; it may
reach an unknown system (or the one which could have even not existed at the
time the virus is created) and on which it might cause non-intentional
damage. Any virus that claims to be beneficial, must contain measures to
prevent this. For instance, if it infects a particular object, it must at
least keep a cryptographically strong checksum of this object, in order to
make sure that it does not infect anything else by mistake. And this is only
a simplistic example; in reality the precautions must be much more
elaborated.
A virus that claims to be beneficial should provide means to be controlled.
It should be possible to easily prevent the infection even of a system that
has never heard about the virus; it should be possible to remove the
infection easily from any infected system, without causing any harm; and it
should be possible to send a message to all instances of the virus to
terminate themselves, restoring the infected systems to their uninfected
state - or to update themselves. Such a message should propagate faster than
the virus itself. In some sense, those messages will be "viruses" for the
"computational environment" consisting of all existing copies of the virus,
just like the virus is a virus in the "normal" computational environment (the
one that the user uses). If such a solution is implemented, this is still
dangerous, although the danger is of a different kind. Suppose that a system
uses the beneficial virus and relies on it. Then a malicious attacker could
send a message to the virus to terminate itself, thus causing harm to the
system (a denial of service attack). Therefore, the message should be
cryptographically authenticated. In short, the virus should be able to
authentify itself to the system and the system should be able to authentify
itself to the virus.
The user of the beneficial virus should actively invite (e.g. install) the
virus on his/her system. It is not enough if the virus asks for permission,
because this forces the user to take some measures in order to keep their
system virus-free. By default (i.e. if no measures are taken), the virus
should not infect that system. Only if the virus finds some kind of
"invitation", it should infect the system. There must be a way to turn off
the prompting - the user must both be able to set the default action to "no,
don't infect" (by removing the invitation or not installing it in the first
place) and to "yes, keep infecting without asking". And again, cryptographic
means should be used to ensure that what the virus sees as invitation is
indeed one and not some kind of mistake.
No uncontrollable mutations of virus should happen, either of random (errors)
or deterministic (intentional changes) nature.
2. The anti-virus programs will have to distinguish between "good" and "bad"
viruses, which is essentially impossible. Also, the existence of useful
programs which modify other programs at will, will make the integrity
checkers essentially useless, because they will be able only to detect the
modification and not to determine that it has been caused by a "good" virus.
Therefore, a virus that claims to be beneficial, must not modify other
programs.
3. A virus will eat up disk space and time resources unnecessarily while it
spreads. The virus is a self-replicating resource eater. Therefore, a virus
that claims to be beneficial, should keep only one instance of itself per
infected machine and the costs of the time and other resources used by it
must be negligible, compared to the benefits it brings to the user.
4. A virus could contain bugs which might damage something or harm somebody.
Any program could be buggy, but the buggy virus is a self-spreading buggy
program which is out of control.
5. A virus will disable the few programs on the market which check themselves
for modifications and halt themselves if they have been changed. It is
important to repeat again that a virus that claims to be beneficial, *must
not modify* other programs.
Summary of technical points against "good" viruses:
-impossibility to control it or possibility to lose control over it
-uncertainty in discerning "good" from "bad" viruses
-resource wasting
-bugs which are harder to detect and easier to spread around
-modification of programs
The above points apply to any practical system of use today, i.e. the systems
which are based on von Neumann's architecture.
II. Ethical/legal points:
--------------------------------
6. It is unethical to modify somebody's data without his or her active
authorization. In several countries this is also illegal. The user of a
beneficial virus must actively invite the virus to infect his or her machine.
The virus must wait for an invitation, not bother the user with asking for
permission or sneaking in without one.
7. Modifying a program could mean that the owner of the program loses his or
her rights for technical support, ownership, or copyright. An example of such
a possibility could be the case reported recently to VTC - Hamburg. The
company refused technical support to somebody whose system was infected -
they insisted that their product is re-installed.
8. An attacker can use a "good" virus as a means of transportation to
penetrate a system. That is why a "good" virus must be able to authentify
itself to the system, and the system must be able to verify that it is
exactly what it claims to be. A person with malicious intents can furthermore
get a copy of the "good" virus and modify it to include something malicious.
Actually, an attacker could trojanize -any- program, but a "good" virus will
provide the attacker with means to transport his malicious code to a
virtually unlimited population of computer users. The possibility to
transport malicious code is one of the things that makes a virus "bad".
9. Declaring some viruses as "good" will just give an excuse to the crowd of
virus writers to claim that they are actually doing "research". Working with
potentially dangerous things - either poisonous substances or self -repli-
cating programs - should be left to people who have (a) the moral and ethical
stability and (b) the technical expertise to do it.
10. Anything useful that could be done by a virus, could also be done with
a normal, non-replicating program. Any virus that claims to be beneficial
must do something that either cannot be done by a non-viral program, or is
not done as effectively as with a viral one to avoid problems stated in
previous points.
The summary of ethical/legal points against "good" viruses:
-modification of data/programs without active authorization of user
-possibility to lose ownership rights on infected program
-possibility to modify a "good" virus with malicious code to transport such
a code further
-the question of responsibility of persons writing viruses
-the question of suitability of "good" viruses to perform a certain task
III. Psychological points:
--------------------------
11. A virus activity ruins the trust that the user has in his or her machine.
The impression that a virus steals user's control of the machine can cause
the user to lose his or her belief that she or he can control it. It may be
a source of permanent frustrations.
12. For most people the word "computer virus" is already loaded with negative
meaning. They will not accept a program called like that, even if it claims
to do something useful.
*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*
Those who are good, travel the road that avoids evil;
so watch where are you going - it may save your life.
- Proverbs 16.17 -
*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*
Vesselin Bontchev:
AN EXAMPLE OF BENEFICIAL VIRUS
==============================
...Here is an example of a software package that uses replication to some
extent and which is without doubt beneficial.
Consider a company that has about 1,000 PCs, all networked together in a LAN.
The company also takes the virus problem seriously, and insists that each and
every of those PCs must be running the latest version of the SuperDuper Scan,
before it is allowed to access the network. (Let's ignore for a moment
whether the decision to rely on a scanner for virus protection is wise or
not.) This is a very reasonable requirement, because scanners tend to get old
like nothing else, and a new virus could sneak in undetected by the obsolete
scanners and wreak havoc.
So, the person responsible for the network has imposed a requirement: no PC
that does not run the latest version of SuperDuper Scan is allowed to log in.
That's fine, but how do you achieve that? The simple answer is - by keeping
a copy of the (presumably resident) scanner on each of the PCs and regularly
updating them. Only problem is - how do you keep 1,000 PCs up-to-date? And
keeping them up-to-date with a product, a new version of which is released
every month? If you try to go to each PC (and they are probably in different
buildings and some are in obscure locations and used rarely) and update it
manually from a floppy - then one month will not be sufficient to update
them all - and before you have finished, you'll have to start all over again!
A real nightmare...
The obvious alternative is to keep one copy of the anti-virus package on the
server and update the PCs from there. (Of course, it is presumed that you
have a site license, but any company with 1,000 PCs that is using a
particular anti-virus product has also probably been careful enough to get
a site license.) However, if you go to each PC and manually download the new
version from the server, then the situation has not improved very much. One
option is to tell the users to do it regularly, and even set some sort of
automatic system that sends them automatic reminders each time the software
on the server is updated. However, users tend to be lazy and automatic
messages tend to be automatically ignored...
But there is an alternative! Design the anti-virus package like a network
virus (a worm actually). One segment of the worm constantly monitors the
logins. Each time a workstation attempts to login, that segment automatically
questions that station whether it is running the anti-virus product and which
version of it. If it turns out that a newer version is available, the segment
informs the user about this, and proposes to update the local version. If the
user refuses, then access to the network is denied. If the user accepts,
another segment of the worm fetches the relevant (updated) parts of the
package from the server, uploads them to the workstation, and reboots the
latter, in order to make sure that the changes will take effect. Of course,
the user is kept informed about this and user permission is requested each
time.
Now comes the best part. The "worm" - the set of programs that are
responsible for the automatic distribution of the software actually come as
part of it. They are part of the anti-virus software, and they are used to
copy parts of the anti-virus software accross the network, in an automated
way. That is, to some extent, the package is a virus (worm), because it is
able to replicate (parts of) itself.
Are there any ethical problems? I don't see any. The owner of the network has
the full right to decide what the policy of admitting workstations to log in
will be. The user has the alternative not to comply - and not to use the
network. Of course, in a well-implemented (read: secure) package, the
different parts of the virus will use cryptographic means to authentify each
other. That is, it will be impossible for the user to lie that "yeah, the
newest version of the software is already running", and it will be impossible
for a rogue program to lie "hi, I'm the automatic distribution service; lemme
"update" your anti-virus package". In most of the existing implementations
the packages do not go to such trouble, but in the future they probably will
- because this is the way to go. Of course, there will be some other goodies,
like making sure that the different "worms" of this kind do not conflict with
each other and so on, but this is not so important for this discussion.
In fact, it is extremely easy to implement a primitive version of what
I described above. A simple set of command lines inserted in the system login
script and a couple of external programs will do the job...
Editor's note:
--------------
This example of beneficial virus is taken from the Mr Bontchev's posting to
Virus-L/comp.virus which in its entirety appeared in Virus-L Digest Volume
7, Issue 48, 1 Jul 1994.
@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@
Has a dog Buddha-nature or not?
Mu!
- Zen koan -
@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@
THE GRAND DEBATE ABOUT BENEFICIAL VIRUSES AND ARTIFICIAL LIFE
=============================================================
In the previous articles, three more or less different viewpoints about
beneficial viruses and artificial life were presented. The topic is
undoubtedly interesting. Could computer viruses be beneficial? What is
artificial life? Are computer viruses the form of artificial life or not?
Is it ethical to play with such things?...etc...The questions are numerous.
The answers, opinions and approaches can vary widely - from the scientific
(and somewhat controversial) interests of Fred Cohen and Mark Ludwig,
pragmatic (and somewhat sceptical) approach of Vesselin Bontchev till vague
and possibly confused opinions of "average computer user" and spurious
intentions of anonymous virus writers today.
There is a lot of confusion in the computer virus/anti-virus society today.
Many things are not clear. For example, do we know what are we talking about
when talking about computer viruses and/or artificial life? Do we talk with
each other or it is a heap of monologues without anybody listening carefully?
Where are the limits between scientific research and criminal activity? What
is the science and what is marketing and media hype? Who can tell the
difference? Are there connections between research in artificial life and
hyper production of computer viruses (with possibly malicious purposes)
today?
I would like to put some order in the confusion. On the pages of "Alive"
everybody will have a right to give his or her opinion, regardless if he or
she is an anti-virus expert/producer/researcher or "average user" (whatever
it means) or virus writer. I would like to invite all to Grand Debate about
Beneficial Viruses and Artificial Life to present your opinions and eventual
work in computer virus and/or artificial life field. However, I prefer a
little calmer atmosphere than it is on some public forums, at least the
discussions without pointless personal attacks. In fact, it is the only rule
for the Grand Debate. Everything else is free. By this I announce officially
that Grand Debate about Beneficial Viruses and Artificial Life is opened.
The purpose of the Grand Debate is to give some answers, if possible. The
subject is complex and there is no unique answer. For example, Fred Cohen
said: "...viruses are only part of a pair - the life form and its
environment..." According to Mark Ludwig viruses are "...a real-life
phenomenon, rather than a laboratory construct..." and perhaps "...the only
'life-form' apart from earth carbon-based life we will ever meet..." Vesselin
Bontchev thinks that viruses are "...challenging, doing something which is
unusual and clever...", but he doesn't believe that "...computer viruses are
a form of artificial life..."
Talking about beneficial viruses Fred Cohen stated: "A benevolent virus is
simply a virus that is used for good purposes, but then this is a matter of
context...Good and bad are relative. Most of the viruses I discuss as
benevolent are in fact reproducing symbol sequences without any known
malicious effect..." Mark Ludwig thinks: "There's a certain amount of inertia
you have to overcome to get people to actually install a beneficial virus,
though, because they've been brainwashed into believing that virus = bad..."
Vesselin Bontchev says that "...what most people understand under the term
of 'computer virus' cannot be beneficial..." and that "...'real' computer
viruses are always bad..." Furthermore, he gives the definition of "real
virus" and average user's understanding of the term. At this point it seems
that the problem of good definition of computer virus is the most important
problem to solve.
What is artificial life? According to Fred Cohen there is no difference from
real life and "the word artificial is really only a side effect of people's
egos requiring a special name for things they create..." He is talking
"...about foundations for the understanding of life in the general sense, an
expansion of biology into the general informational domain, drawing parallels
between our biosphere and the infosphere, understanding the implications of
the changes in our environment through information systems before we
experiment on our children..."
Mark Ludwig said that "...staring hard at viruses might be very valuable in
bringing about a revolution in evolutionary biology. Using carbon-based
organisms is a horrible way to study evolution. They are too complex and we
don't understand them well enough. The time frames of evolution are too
large. And deep philosophical questions rear their heads all over the place.
Inside the computer, most of these difficulties just vanish..."
Although not talking about artificial life Vesselin Bontchev gives very good
points to think about in his "Dozen reasons..." When experimenting with
potentially dangerous things which have ability to reproduce and to modify
themselves the question of controllability of such "creatures" is very
important. "A virus that claims to be beneficial should provide means to be
controlled..." and "...the user of the beneficial virus should actively
invite (e.g. install) the virus on his/her system..."
The brief conclusions from these introductory discussions are:
a) a good definition of computer virus is needed
b) beneficial viruses are possible, but it is hard to change the negative
meaning which term "computer virus" already got in public
c) the research in computer viruses and artificial life can bring us to
better understanding of life in general
d) it is important to know how to control experiments and practical use of
self reproducing entities (with eventual possibility of modification of
themselves and their environment).
It seems that this is quite a lot for the beginning. I expect that in further
discussions more questions and problems will arise, before some answers
appear. After all it is all real life. Maybe, the computer viruses are in the
world to teach us something. Computer viruses are not only pointing to
vulnerabilities in today's information systems, but also in vulnerabilities
in human society. In the smaller extent everything can be seen here. I am not
sure that there is an exact answer to question why people want to hurt other
people or to destroy something. The destruction due to malicious computer
viruses is not really the same as destruction in war. The writers of
malicious computer viruses are not the killers. Anyway, they want to tell us
something. What is that we have to find out by ourselves. Maybe we will also
find the way to learn how to put the human dimension in our everyday life.
++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++
God made us plain and simple,
but we have made ourselves
very complicated.
- Ecclesiastes 7.29 -
++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++
____________________________________________________
/ / | |
/ |\__/| / | THAT'S ALL FOLKS !! |
/~~~~~~\ / \ | NEW "ALIVE" IS COMING NEXT |
~\( * * )/~~\( 0 0 )/~ | HOST TO YOU SOON !! |
( O ) ( O ) |______________________________|
\______/ \______/
@/ \@ @/ \@
.