alive01.txt - Alive, Volume I, Issue 1



     /~~~~~~\    ***********                        ***********

  ~\(  * *   )/~ ***********                        *********** 

    ( \___/  )   ***     ***                        ***

     \______/    *********** ***          ***   *** *******  

    @/       \@  ***     *** ***          ***   *** ***

                 ***     *** ***          ***   *** ***********

                 ***     *** ***           *** ***  ***********  |\__/|

                             ******** ***   *****               /      \ 

                             ******** ***    ***             ~\(  0 0   )/~

                                      ***                      ( /---\  )

                                      ***                       \______/ 

                                      ***                      @/      \@ 

                                      ***                                  



                                

                                                                           

                                        

       ==============================================================

       

         April - July, 1994.                      Volume I, Issue 1



       ==============================================================



                                CONTENTS:                                  





   1. "Alive" Is Alive Again! - Editor's Word                 

   

   2. In the Trap of the Language



   3. Puzzle - Continued (2)



   4. The Legend - Fred Cohen

                 ... Interview

                 ... Article Review - Trends in Computer Virus Research



   5. The Mystery - Mark Ludwig

                  ... Interview

                  ... It Conquered the World : A Fiction Excerpt from Mark

                      Ludwig's "CVAL&E" for Your Enjoyment



   6. The Reality - Vesselin Bontchev

                  ... Interview

                  ... Dozen Reasons Why a "Good" Virus Is a Bad Idea

                      .............................Vesselin Bontchev

                  ... An Example of Beneficial Virus

                      .............................Vesselin Bontchev



   7. The Grand Debate about Beneficial Viruses and Artificial Life





       %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

       %                                                               %

       %  ALIVE, Copyright 1994. By Suzana Stojakovic-Celustka         %

       %  This magazine may be archived and reproduced without charge  %

       %  throughout Cyberspace under the condition that it is left    %

       %  in its entirety. Send submissions, comments, etc. to         %

       %  celust@cslab.felk.cvut.cz and subscription requests to       %

       %  mxserver@ubik.demon.co.uk                                    %

       %                                                               %

       %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%





****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<****



                   "ALIVE" IS ALIVE AGAIN! - EDITOR'S WORD

                   =======================================



Dear Readers!



For those who already lost every hope that "Alive" will be alive ever again

here are the good news. The first real (non experimental) issue of "Alive"

is right in front of your eyes. Apologies and thanks to all of you who were

patient till now. 



The reasons of delay are various. As it usually happens real life interferes

with the best intentions. Sincerely, it is not so easy to bring to the world

new number when one person is editor, technical editor, graphic designer,

journalist, critic, student, etc...Anyway there are signs that such a

situation will improve in some time, so no more complainings. I hope you will

like this number and am expecting any and all comments and contributions.



About this issue:

-----------------



The first article "In the Trap of the Language" is my attempt to find out how

to make a good definition of a computer virus. I have to confess that I

didn't expect that this problem would bring me so far in philosophy. Somehow,

I am still not sure that exact solution exists and probably this topic will

have a continuation.



The second article is one more step to find the solution of Puzzle presented

in the last number. With a little help of Fred Cohen, here is the first try

to define environment in which is suspected to have something "alive".



I was very glad to be a host to three guests in this number : Fred Cohen,

Mark Ludwig and Vesselin Bontchev. They are speaking about themselves and

their work exclusively for "Alive". If you thought that you knew everything

about any of these persons, maybe you were wrong. Read the interviews and 

might be that you will find something new. 



Respecting Fred Cohen's wish to not reproduce any of his published articles

or texts in electronic form, in this number you can read only review of his

article "Trends in Computer Virus Research". There is also an excerpt from

Mark Ludwig's new book "Computer Viruses, Artificial Life and Evolution",

reprinted from "Crypt Newsletter" No 22 with permission. Vesselin Bontchev

made an extension of his "Dosen Reasons Why a "Good" Virus Is a Bad Idea"

(which appeared originally on Virus-L some time ago) exclusively for "Alive".

The Reasons are pretty convincing, but there is also his Example of

Beneficial Virus presented in this number. It is actually an excerpt from a

longer Mr Bontchev's recent posting to Virus-L. 



With these guests the Grand Debate about Beneficial Viruses and Artificial

Life starts from this number in "Alive". If you think that you have something

to say about this theme, please send your contributions. You don't have to

be an expert or a "good" guy/girl. As long as contributions have a form

according to "Alive" guidelines, they will be deeply appreciated.





About contributions and subscriptions:

--------------------------------------



Preferred form of contributions are short articles or previews. Comments on

contributions will be deeply appreciated, but will be published only if they

have a convenient form. This is -not- a place for polemics or blames, so

please don't send your comments if you have nothing constructive to say. The

preferred form of code examples is pseudo-code. The code of existing viruses

which somebody could consider beneficial will not be published here. Send

your contributions and comments to celust@cslab.felk.cvut.cz



**************************************************************************

WARNING!! During the vacation time, i.e. 20th July - 1th September, please

send your contributions and comments to celustka@sun.felk.cvut.cz

**************************************************************************



Subscriptions requests should be sent to mxserver@ubik.demon.co.uk





Where can you find "Alive":

---------------------------



The number of hosts where you can find "Alive" increased since last number. 

The magazine is available for anonymous ftp from following sites:



1. ftp.informatik.uni-hamburg.de in /pub/virus/texts/alive



(by courtesy of Vesselin Bontchev, Virus Test Center, University of Hamburg,

Germany)



2. ftp.demon.co.uk in /pub/antivirus/journal/alive



(by courtesy of Anthony Naggs, UK)



3. ftp.elte.hu in /pub/virnews



(by courtesy of Toth J. Szabolcs, Eotvos Lorand University, Hungary)



4. ftp.u.washington.edu in public/Alive



(by courtesy of Jeffrey E. Hulten, University of Washington, USA)





Gophers:



saturn.felk.cvut.cz



(by courtesy of administrative personnel of Computer Department, Czech

Technical University, Prague, Czech Republic)



ursus.bke.hu



(by courtesy of Toth J. Szabolcs, Eotvos Lorand University, Hungary)





Other places:



Slovak Antivirus Center BBS +42 7 2048 232 ZyXEL 1496+ 19.200 Bd NonStop



(by courtesy of Peter Hubinsky, Slovak Antivirus Center, Bratislava,

Slovakia)



Software Library of University of St. Gallen - the requests may be sent to

luca.sambucci@ntgate.unisg.ch



(by courtesy of Luca Sambucci, University of St. Gallen, Switzerland)



Any offer from other sites will be appreciated.





Acknowledgements:

-----------------



I wish to thank to Fred Cohen, Mark Ludwig and Vesselin Bontchev for their

appearance and contributions in this number.



Also thanks to Jeffrey E. Hulten (USA), Philip Fites (Canada) and Vladimir

Vrabec (Czech Republic) for their suggestions how to improve the quality of

"Alive". Hopefully, there will be PostScript and Hypertext (WWW) versions of

"Alive" in near future.



There are no language corrections in this number, but I would like to thank

to Martin Tharp (USA) for corrections he made in the last number.





About editor:

-------------



The editor is currently a Ph.D student on Computer Department, Faculty of

Electrical Engineering, Czech Technical University in Prague. Is working on

her Ph.D thesis and hoping that "Alive" will bring a lot of useful material

and a lot of fun.





So, dear readers, enjoy the reading and make your copy of "Alive" really

alive: SPREAD IT WIDELY!





****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<****



                  Some say that life's an illusion

                  Who knows what's false or what's true...

                  ...With all of its glories and all of its faults

                  It seems life is a bittersweet waltz...



                         - "Bittersweet Waltz" -



****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<****





                         IN THE TRAP OF THE LANGUAGE

                         ===========================



There is a problem which bothered me since the results of Contest for the

Best Virus Definition were published. It seemed that plain language was not

suitable to define computer virus properly. Well, the problem of good

definition of whatever is not anything new. 



1. GOOD REPRESENTATIONS



Looking for the recipe how to make good definitions I found some books. The

first one is "Artificial Intelligence" by Patrick Henry Winston [5]. There

are few words there about good representations:



"...In general, a representation is a set of conventions about how to

describe a class of things. A description makes a use of the conventions of

a representation to describe some particular thing.



Finding the appropriate representation is a major part of problem solving.

Consider, for example, the following children's puzzle:



   The Farmer, Fox, Goose and Grain:



   A farmer wants to move himself, a silver fox, a fat goose, and some tasty 

   grain across a river. Unfortunately, his boat is so tiny he can take only 

   one of his possessions across on any trip. Worse yet, an unattended fox 

   will eat a goose, and an unattended goose will eat grain, so the farmer 

   must not leave the fox alone with the goose or the goose alone with the 

   grain. What is he to do?



Described in English, the problem takes a few minutes to solve because you

have to separate important constraints from irrelevant details. English is

not a good representation. 



Described more appropriately, however, the problem takes no time at all, for

everyone can draw a line from the start to finish in figure 1. instantly. Yet

drawing that line solves the problem because each boxed picture denotes a

safe arrangement of the farmer and his possessions on the banks of the river,

and each connection between pictures denotes a legal crossing. The drawing

is a good description because the allowed situations and legal crossings are

clearly defined and there are no irrelevant details.



                           --------     --------

                          | Grain  |   | Farmer |

                          | ====== |-->| Goose  |

                          | Farmer |   | Grain  |

                          | Fox    |<--| ====== |

                          | Goose  |   | Fox    |

                          |________|   |________|

                             ^  |         ^  |

                             |  V         |  V

 --------     --------     --------     --------     --------     --------

| Farmer |   | Fox    |   | Farmer |   | Goose  |   | Farmer |   | ====== |

| Fox    |-->| Grain  |-->| Fox    |   | ====== |-->| Goose  |-->| Farmer |

| Goose  |   | ====== |   | Grain  |   | Farmer |   | ====== |   | Fox    |

| Grain  |<--| Farmer |<--| ====== |   | Fox    |<--| Fox    |<--| Goose  |

| ====== |   | Goose  |   | Goose  |   | Grain  |   | Grain  |   | Grain  |

|________|   |________|   |________|   |________|   |________|   |________|

                             ^  |         ^  |

                             |  V         |  V

                           --------     --------

                          | Fox    |   | Farmer |

                          | ====== |-->| Fox    |

                          | Farmer |   | Goose  |

                          | Goose  |<--| ====== |

                          | Grain  |   | Grain  |

                          |________|   |________|



                          Figure 1.  ( ====== denotes a river)



The representation principle:



Once a problem is described using an appropriate representation, the problem

is almost solved..."



Reading this, one could say: "Oh, I knew that. What is so special? If I can

describe problem properly then solution is not so far. But, I should know

something about the problem first.." 



2. THE KNOWLEDGE AND THE LANGUAGE



Yes, here we come. What is the knowledge at all? Another interesting book

"The Tao of Physics" by Fritjof Capra [2] says:



"...Rational knowledge is derived from the experience we have in objects and

events in our everyday environment. It belongs to the realm of the intellect

whose function is to discriminate, divide, compare, measure and categorize.

In this way, a world of intellectual distinctions is created; of opposites

which can only exist in relation to each other.



Abstraction is a crucial feature of this knowledge, because in order to

compare and to classify the immense variety of shapes, structures and

phenomena around us we cannot take all their features into account, but have

to select a few significant ones. Thus we construct an intellectual map of

reality in which things are reduced to their general outlines. Rational

knowledge is thus a system of abstract concepts and symbols, characterized

by linear, sequential structure which is typical of our thinking and

speaking. In most languages this linear structure is made explicit by the use

of alphabets which serve to communicate experience and thought in long line

of letters..."



Here comes the question again: how much is the plain language suitable to

describe natural world if it is an abstraction itself? Reading the same book

further: 



"...The natural world on the other hand, is one of infinite varieties and

complexities, a multidimensional world which contains no straight lines or

completely regular shapes, where things do not happen in sequences, but all

together...It is clear that our abstract system of conceptual thinking can

never describe or understand this reality completely. In thinking about the

world we are faced with the same kind of problem as the cartographer who

tries to cover the curved face of the Earth with a sequence of plane maps.

We can only expect an approximate representation of reality from such a

procedure, and all rational knowledge is therefore necessarily limited... 

To quote the semanticist Alfred Korzybski: 'The map is not the territory'...



...For most of us it is very difficult to be constantly aware of the

limitations and of the relativity of conceptual knowledge. Because our

representation of reality is so much easier to grasp than reality itself, we

tend to confuse the two and to take our concepts and symbols for reality..."



Oh well, it is clearer now (or maybe not), but what to do? Especially in

science where we need unambiguous descriptions. Ibidem:



"...The inaccuracy and ambiguity of our language is essential for poets who

work largely with its subconscious layers and associations. Science, on the

other hand, aims for clear definitions and unambiguous connections, and

therefore it abstracts language further by limiting the meaning of its words

and by standardizing its structure, in accordance with the rules of logic.

The ultimate abstraction takes place in mathematics where words are replaced

by symbols and where the operations of connecting the symbols are rigorously

defined. In this way, scientists can condense information into one equation,

i.e. into one single line of symbols, for which they would need several pages

of ordinary writing..."  



So, it seems that mathematics is a proper language for the science. Is it

really? Continuing:



"...The view that mathematics is nothing but an extremely abstracted and

compressed language does not go unchallenged. Many mathematicians, in fact,

believe that mathematics is not just a language to describe nature, but is

inherent in nature itself. The originator of this belief was Pythagoras who

made the famous statement 'All things are numbers' and developed a very

special kind of mathematical mysticism. Phytagorean philosophy thus

introduced logical reasoning into the domain of religion...



...The scientific method of abstraction is very efficient and powerful, but

we have to pay a price for it. As we define our system of concepts more

precisely, as we streamline it and make the connections more and more

rigorous, it becomes increasingly detached from the real world. Using again

Korzybski's analogy of the map, we could say that ordinary language is a map

which due to its intrinsic inaccuracy, has a certain flexibility so that it

can follow the curved shape of the territory to some degree. As we make it

more rigorous, this flexibility gradually disappears, and with the language

of mathematics we have reached a point where the links with reality are so

tenuous that the relation of the symbols to our sensory experience is no

longer evident. This is why we have to supplement our mathematical models and

theories with verbal interpretations, again using concepts which can be

understood intuitively, but which are slightly ambiguous and inaccurate..."



It looks like a magic circle: real world - language - mathematics - language

- real world. Where is the reality?



"...It is important to realize the difference between the mathematical models

and their verbal counterparts. The former are rigorous and consistent as far

as their internal structure is concerned, but their symbols are not related

to our experience. The verbal models, on the other hand, use concepts which

can be understood intuitively, but which are slightly ambiguous and

inaccurate..."



3. WHERE WE ARE?



Taking this trip through the theory we are coming back to the initial

question: is natural language appropriate tool to define a computer virus? 

There is no doubt that computer viruses belong to the real world. One can try

to define a computer virus using natural language only. As results of Contest

for the Best Virus Definition and many bitter discussions on Virus-L show,

such definitions are still very inaccurate. Even worse, everybody can define

a computer virus on his or her own way which leads to confusion. Few

mathematical definitions while more accurate are not widely understandable...



The one of most known mathematical definitions of computer virus was given

by Fred Cohen. Here are few words from him about this subject:



-----------------------------------------------------------------------------

A: Can the use of mathematics avoid ambiguity of plain language in definition 

   of computer virus?



FC:



I translate - Can the use of a precise and well defined language avoid

ambiguity of plain language?...Mathematics is a subclass of the more general

class of languages. All mathematics is linguisticly defined, therefore

language, if used precisely, can be as accurate as mathematics. The real

problem is that mathematics says a lot of things more concisely than language

because it is essentially a set of macros. For linguistic definitions to work

for regular people, they have to be short enough to remember and accurate

enough to apply. Hence my very short linguistic definition:



- A life form (substitute virus if desired) is an information structure that 

  reproduces in a particular environment. -

-----------------------------------------------------------------------------



4. THE END IS NEW BEGINNING



Well, I could summarize now what I have learnt about how to make a good

definition:



1. The first step is to check what is our knowledge about the problem. It is

also a first level of abstraction, i.e. we cannot take all features of

observed phenomenon into account, but have to select a few significant ones.



This process is common in everyday life. One evokes a "mental model" about

some concept. What will such a "mental model" show depends on information one

has collected about the subject till that moment. Such an information is

usually different for every individual depending on his or her experience,

education, source of information, interest, etc. In the case of computer

viruses the knowledge will include the information about computers,

programming, possibly biological viruses, etc. 



The problem with "mental models" is that probably no two persons with the

same "model" exist. Also exchange of "mental models" is not usual way of

communication today.



2. The second step is to find a representation for a "mental model", so one

could share it with other people. It is the further level of abstraction,

i.e. choice of a set of conventions about how to describe a class of things. 



The most common tool one will use for description is natural language. It

means one will describe a "mental model" using words which are sequences of

letters from some alphabet. In fact, one is constructing a "natural language

model" of phenomenon. To represent computer virus by English language the

words used could be: "reproduction", "infection", "program", etc.



The problem with natural language is that there does not exist universal

language which all people would understand (that problem is impressively

demonstrated in the story of the Tower of Babylon [3]). Furthermore, even in

the limits of one language, it can often happen that the same words will have

different meanings for different people ("There are many different languages

in the world, yet none of them is without meaning." - 1 Corinthians 14.10).

It is what we call ambiguity and inaccuracy of natural language.



3. The science and technique need unambiguous descriptions. For that reason

it is necessary to abstract the language further. Such an extremely

abstracted and compressed language is mathematics. This language is more

accurate and precise than natural language. It is also universal for the

people who understand it.



The problem with mathematics is that it is not a language which is commonly

used for communication in everyday life. Mathematical models will be

understood by particular groups of people only.



4. To ease understanding of mathematical models to wider audience, they

should be accompanied with verbal interpretations which will explain symbols

used. The graphic representation of mathematical models is also useful. As

it was shown in the example at the beginning of this text, drawings are

pretty convenient descriptions in some cases.



The problem here arises when one separates verbal or graphic interpretation

from mathematical definition. It may cause the similar confusion as stated

in point two.



The above steps show different levels of abstraction (or modelling) one

should pass to obtain an accurate definition. Each level has its own inherent

problems. The accuracy required depends, in the last instance, on the

environment where definition will be applied. In the case of computer viruses

the most of the people will be satisfied with definition in natural language.

It has to be stressed again that such a definition will be inaccurate due to

ambiguity of natural language. The good technical definition of computer

virus should be the mathematical one because of its accuracy and consistence.

It should be also accompanied with verbal and graphical interpretations for

better understanding.



Although above text does not give a good definition of computer virus

immediately, it answers to some questions. Namely, it explains why the

results of the Contest in technical categories were so poor. Simply, because

mathematical and verbal parts were separated from each other in the

guidelines of the Contest for the Best Virus Definition. It also explains the

very good results in poetical category. The ambiguity of natural language was

not an obstacle there, just the opposite, it was an advantage. Greater

freedom in wording gave interesting results.



Talking again about technical definitions, there are new questions which

bother me now. The natural language and mathematics follow different logic

in their structure. The formal mathematical logic is monotone, i.e. if

formula is provable in some theory T it is also provable in every theory T',

where T is subset of T'. It means that the more initial axioms exist, the

more new statements is possible to prove. It does not always work in real

life. There are many universal statements in real life which have numerous

implicit suppositions which are not possible to include initially. For

example, from supposition that every bird flies, we can conclude that certain

bird named Quido can also fly. Later we find out that Quido is a penguin and

penguins do not fly. In that moment our system of reasoning should fall

apart, because this fact is obviously controversial. Nevertheless, such a

type of inconsistency is not an obstacle in everyday life. The natural

language covers this inconsistency better. It can be said that natural

language follows non-monotone logic. So, having a mathematical definition

which is accompanied by verbal counterpart it is still questionable how they

will match each other.



There is also the question how the final model or "picture" corresponds to

reality, i.e. how to prove that it is true. That problem is not new. Ludwig

Wittgenstein says in his Tractatus Logico-Philosophicus [6] :



" 2.223

To recognize if picture is true or false, we should compare it with reality.



(Um zu erkennen, ob das Bild wahr oder falsch ist, muessen wir es mit der

Wirklichkeit vergleichen.)



2.224

From picture itself it is not possible to recognize if it is true or false.



(Aus dem Bild allein ist nicht zu erkennen, ob es wahr oder falsch ist.)



2.225

An a priori true picture does not exist.



(Ein a priori wahres Bild gibt es nicht.)



3

Logical picture of fact is thought.



(Das logische Bild der Tatsache ist der Gedanke.) "





It is not so easy to answer the question of the truth. If we recall of

Korzybski's analogy of the map, the main question remains: How to find the

map which will cover the territory on the best way?







5. REFERENCES



1. Anzenbacher A., Introduction to Philosophy, SPNP, 1990. (in Czech)



2. Capra F., The Tao of Physics, Shambhala Publications Inc., 1975.



3. Good News Bible, The Bible Societies, 1990.



4. Marik V., Stepankova O., Lazansky J., et all, Artificial Intelligence I, 

                                                 Academia Praha, 1993.

                                                 (in Czech)



5. Winston P.H., Artificial intelligence, Third edition, Addison - Wesley  

                 Publishing Company, 1992.



6. Wittgenstein L., Tractatus Logico-Philosophicus, Oikoymenh, Prague, 1993.

                    (in Czech with original German text)



7. E-mail conversation with Fred Cohen







***&---&***&---&***&---&***&---&***&---&***&---&***&---&***&---&***&---&***&



              The truth is like a tiger, but with many horns;

              like a cow, but without a tail.



                        - Zenrinkushu saying -



***&---&***&---&***&---&***&---&***&---&***&---&***&---&***&---&***&---&***&







                           PUZZLE - CONTINUED (2)

                           ======================



In the last issue of "Alive" I was wondering if Misra's algorithm for

regenerating token in logical ring could be considered as a sign of "life". 



I got later some instructions from Fred Cohen how to solve this puzzle. One 

should try to find a solution in two steps:



1. Define environment

2. Check if observed object reproduces in given environment.



Well, I will try to give now more information about environment and entities 

considered.



Distributed systems:

--------------------



The environment in general is a distributed system. Distributed systems are

characterized by there being no global state visible to an observer at any

given instant. There is no common memory. There has to be a communication

system which enables sharing of information.



Computer networks have provided the first example of a distributed software

and hardware structure. The entities comprising the system are the sites at

which the computers are located and the communication system that enables

these sites to exchange messages.



Once the idea of a distributed system is introduced it becomes necessary to

specify its components, that is, the distributed algorithms. Whatever the

architecture of physical distributed system is, there is a need for

distributed algorithms which usually provide the basic functions that are

essential to all information systems, e.g. mutual exclusion, detecting

termination, etc.





Distributed algorithms:

-----------------------



1. Basics:



A distributed algorithm has been defined as a set of processes which, by

exchanging messages, co-operate to achieve a common end - performing some

desired function or providing some required service. 



A distributed algorithm has two basic elements:



a) The processes that receive, manipulate, transform and output data.



b) The links along which these data flow and which form a network having both

   structural and dynamic properties.





2. Concepts and techniques:



Whatever the design and construction methodology is employed, distributed

algorithms make use of the standard techniques associated with networks, such

as using the acknowledgement of receipt of a message to check that it has

been sent, broadcasting values to a group of processes and so on.



a) Diffusing computations



The processes can be linked by their communication paths in any manner

whatsoever, but one process is special in that initially it can only issue

messages. Further, and initially again, only this process can issue messages,

and subsequently any other process can issue a message only if it has

received one. It is the principle of spanning tree of the graph representing

the processes and their links.



b) Circulating token



The "token" here is a privilege or priority that is made to circulate around

the set of processes connected in a ring structure. This technique is used

particularly by algorithms for termination and mutual exclusion.



c) Time stamping



This mechanism makes it possible to label the events in a consistent manner

in relation to the interactions between the processes, that is, the issue and

receipt of messages: in terms of time as defined by the logical clocks, an

issue will always precede the corresponding receipt. This is particularly

used for algorithms that enter into distributed systems, such as those for

mutual exclusion and detection of mutual blocking.





3. Communication + ordering = control



By its very definition, a distributed algorithm is based on communication of

messages. In very many cases this communication can take place according to

particular topology - logical ring, tree structure - and with the use of

particular technique - circulating token, diffusing computation. Thus there

is relation of appropriateness between the structures of the topology and of

the communication control.





Summary: 

--------



Environment considered in this puzzle is a distributed system. In such a

system distributed algorithms are used to provide the basic functions.

Distributed algorithms consist of separate processes that communicate with

one another by exchange of messages. The Misra's algorithm, presented in the

last number, showed the method for detecting the loss of a token (a special

message which the processes hand from one to the other in the logical ring)

and regeneration of token if it is lost. The question was if it was a sign

of life in given environment. The environment is more explained now. The next

step should be to show if basic entities, i.e. processes and tokens

(messages) can reproduce in such an environment. 





References:

-----------



1. Janacek J., Distributed systems, 1993., Vydavatelstvi CVUT, (in Czech)



2. Raynal M., Distributed Algorithms and Protocols, 1988., John Wiley & Sons



3. E-mail conversation with Fred Cohen





^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!



                        It moves. It moves not.                            

                        It is far, and It is near.

                        It is within all this,

                        And It is outside of all this.



                              - Upanishads -



^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!





                           THE LEGEND - FRED COHEN

                           =======================



There are very few people dealing with computer viruses who have never heard

the name Fred Cohen. He is the person who first brought computer viruses to

scientific community. Here are some well known formal information:



In 1983, Fred Cohen performed and described the first experiments with

computer viruses. He gave the definition of computer virus in his paper

"Computer Viruses - Theory and Experiments", originally appearing in IFIPsec

84. To quote this paper:



"We define a computer "virus" as a program that can "infect" other programs

by modifying them to include a possibly evolved copy of itself."



Dr Cohen is best known for his pioneering work on computer viruses, the

invention of high integrity operating system mechanisms now in widespread

use, and automation of protection management functions. He regularly provides

consulting services for top management worldwide. During the past 10 years

of his research work, Fred Cohen wrote over 60 professional publications and

11 books. He is also a widely sought speaker, averaging over 12 invited talks

per year. Dr Cohen's current interests are in the areas of high integrity

distributed computing, office automation, information warfare, information

theory, artificial life and social aspects of computing..... 



The Fred Cohen's formal biography is much, much longer, so let's leave it for

some other time. Some less formal information Fred Cohen gave himself,

speaking exclusively for "Alive" :





A: Why did you get interested in computer viruses?



FC:



When the idea came to me, it was incredibly interesting and I followed up.

The most interesting thing is the implication about life in general.



When I first started to do experiments and report on the results, I was

greeted with quite a bit of hateful commentary. At one point, I was even

called on the carpet of one of the Professors and accused of breaking into

computers at another university. I was innocent, but treated as if guilty.

That experience has helped me through the various other times I have been

falsely accused of breaking into computers.



Somewhere during that period, an old saying one printed on a wall at

Carnegie Tech by Alan Perlis came back to me:

     

   Problems worthy of attack,

          Prove their worth by fighting back.

 



A: What could you say about your work which is not so commonly known?



FC:



By now, I have published almost everything that has come up. The only real

disappointments relate to my inability to find any paying work related to

computer viruses. Lots of people have offered me work if I will say things

that aren't true, or endorse a product that I think is not very good. People

want the use of my name, but not the results of my effort and analysis. A

good example is the controversy surrounding benevolent viruses. I have been

black balled by many members of computer security community because I refuse

to renounce what I feel to be the truth. Among the leaders of the black

balling are academics who I think should be fighting for academic freedom and

the proliferation of new ideas, but it turns out they can get more research

grants by speaking out against new ideas than by giving them a fair airing. 

It should be no big surprise - after all, as recently as 1988, I had an NSF

grant proposal rejected by poor reviews from academics who claimed that there

was no such thing as a computer virus and that viruses could not work in

systems with memory protection. Obviously, they never bothered to read any

of the 50 or so papers I have written on the subject.





A: What problems did you have in presentation of your work?



FC:



Only a few years ago, I was called a heathen by the computing community

including many professors at universities. The reason was that I supported

the notion of benevolent viruses. They had a public effort to black ball me

from research grants and other work, and it was almost unopposed. It got

quite lonely at times, but I persevered, and now I am only loathed and hated

by a small majority of the computing community.



In the fall of 1992, I was vocally and electronically vilified for publishing

the results on the effectiveness of built-in protection in Unix and Novell

networks against viruses and specifying the proper protection settings for

these environments. A few months later, Novell agreed with me, and they are

now changing some things about their protection scheme. Then, I was scheduled

to present an updated version of the paper at the DPMA conference in New

York, but they censored my benevolent virus paper, and had another speaker

present a paper about Novell Netware protection that was just plain wrong,

led Novel administrators to use inadequate protection, and got reprinted in

a national magazine. 



I guess I was wrong - you never get used to it - but you have to decide if

you want to tell the truth as you see it or be popular - it is unlikely that

you will ever get both until well after you are dead. I have made a personal

choice that has doomed me to financial ruin over the last seven years or so,

but despite the financial impact on me and my family, I have tried to keep

on.



I have told you some of the problems I have encountered, and there are many

more of them, but let's keep to the positive aspects for now.





A: Why people still do not understand what do you mean when talking about 

   computer viruses?



FC:



There are at least two or three answers to that. The first one is that few

people recognize that viruses are really only part of a pair - the life form

and its environment. The life form is not alive except in an environment, 

and yet for linguistic ease, we speak of viruses as if they were independent.



The second one is that simple explanations are commonly used to avoid having

to talk about the great breadth of issues involved in this field. It's a lot

easier to sell fear when you can claim all Indians are evil than when you

have to explain the difference between a Shawnee and a Mohawk. Another reason

is that most people aren't very interested in mathematics or being very

precise in what they do. Why bother to fully understand when you don't have

to. That's my view, but who knows what is really in other peoples' minds.





A: What is your concept of beneficial virus?



FC:



All technology (in my experience) is a two edged sword. We tend to see one

edge or the other, but both exist. When we explore both sides, we get a

deeper understanding. A benevolent virus is simply a virus that is used for

good purposes, but then this is a matter of context. For example, even an

extremely malicious virus used against an enemy could be perceived as

beneficial. Good and bad are relative. Most of the viruses I discuss as

benevolent are in fact reproducing symbol sequences without any known

malicious side effects. For example, the maintenance viruses that automate

systems administration functions are only doing what people would otherwise

have to do manually. They save extra labour by automatically distributing

themselves, etc. but otherwise, that are just the same as any other program.

 



A: Why did you get interested in artificial life?



FC:



I am interested in life because I am alive and want human life to continue,

to grow and evolve, and to advance and survive - both for myself and for my

children. The word artificial is really only a side effect of peoples' egos

requiring a special name for things they create. My interest is in deeper

understanding, and thus I examine the issues of life from an informational

standpoint and abstract out the specifics of whether the environment is

biological, electromagnetic, or what have you. I am an information scientist

by degree, training, and interest. As such, the study of information (a.k.a.

symbolic representations in whatever form) is one of my passions. 





A: Why did you write "It's alive!"?



FC:



I enjoy writing, and I had done a significant amount of work on this subject

that I thought might be of interest to others. I was also somewhat

disappointed by the presentation of artificial life as it is given by the

growing mainstream of the field, and wanted a venue in which I could express

contrary and novel ideas without the growing set of conservative researchers

trying to stop me. When I talk about this topic, I am talking about real

living creatures, not things that mimic real living creatures. I am talking

about foundations for the understanding of life in the general sense, an

expansion of biology into the general informational domain, drawing parallels

between our biosphere and the infosphere, understanding the implications of

the changes in our environment through information systems before we

experiment on our children, understanding life forms in a different way,

understanding the implications of our emerging technologies and ways of

thinking about things, and other stuff like that.



In my book, I don't just talk about computers, but about the concepts of God,

evolution, the generation and creation of life, death and why it must exist

and why we need it to survive, the joint life forms we are now creating,

diseases of the joint life forms, models of biological life and our

willingness to commit memocide. I try to bring the richness of the world

together in my writing so that the outbreak of Ebola Zaire can be related to

the Jerusalem virus in a sensible way, and we can see the implications of our

actions.



As you can see, I have a passion for this subject, and if I continue at this

pace, you will have another book to review.





A: Why people are willing to reject the concept of beneficial viruses or 

   artificial life in general?



FC:



I don't care to speculate further on peoples' motives at this time, but as

a general guide, we might consider that people have emotions and that their

motives are often complex and poorly understood. I have had people tell me

that I am paving a road to hell with my good intentions, but I cannot tell

which of us is really doing that because I am not omniscient. I just walk the

path that seems right to me and try to understand the implications before I

make big decisions.





A: Do you think that there is anything unethical in claims that beneficial

   viruses exist? 



FC:



I think it is unethical to claim that there are NO benevolent viruses when

we all know that they do exist and have seen published examples. The ethical

questions in any research come from the analogy to the two edged sword

described above. I feel we have a responsibility to present both sides of

the issue, to consider the implications of our work and how it will impact

others, and to consider these issues deeply and carefully before proceeding.



To me, it is very strange that people complain about my publishing results

on benevolent viruses. After all, I got a lot of complaints in the 1980s

about publishing results on malicious viruses, including over 40 papers in

that period on protection against viruses. My conclusion is that the people

complaining about the ethical issues are more often than not, expressing

their frustration that somebody else thought of an interesting new line of

research and published the results despite its somewhat negative impact on

their research. Every once in a while, there may be an ethical issue worth

bringing up, but it is patently ridiculous to claim that it is unethical to

publish results of research into useful applications of computer viruses. 

But then, people also claim we should not publish results on useful

applications of nuclear physics because there are nuclear weapons.





\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|

 

     Take care of the means and the ends will take care of themselves.



                          - Mahatma Gandhi -





\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|





Article Review:

---------------



                      TRENDS IN COMPUTER VIRUS RESEARCH

                      =================================



                          by Dr Frederick B. Cohen





In this paper (published in 1991.) Fred Cohen discusses current trends in

computer virus research. The article is an excellent reading for those who

want to get a short insight in entire Fred Cohen's work.



The text can be roughly divided in two parts. In the first part the author

gives a quick review of history of malicious viruses and defensive methods

against that type of computer viruses. The second part deals with benevolent

viruses and the design of useful viruses in practice. The article is closed

by discussing future research topics.



Malicious Viruses and Defense

-----------------------------



This part begins with a short insight to the history of malicious viruses'

attacks. The term is referred mostly to the population of IBM PC/DOS viruses

which started to appear in large numbers since 1987. The author call those

viruses - "real-world viruses".



In the further text the preview of defense methods against malicious viruses

is given. The vulnerabilities and advantages of several well known ideas are

discussed. It is stated that all built-in self-test techniques are vulnerable

to a generic attack, i.e. when the virus activates before program being

attacked and forges the operating environment so that altered information

seems to be unaltered to the protection system. According to the author the

most effective protection against malicious computer viruses is defense-in-

depth. In this approach many approaches are combined, so if one technique

fails, redundant techniques provide added coverage. The combined use of virus

monitors (scanners), integrity shells, access controls, virus traps, on-line

backups, SnapShots ("SnapShoting" of system memory at bootup and performing

a complete replacement of the system state with the known state from a

previous bootstrap), BootLocks (providing low-level remapping of disk areas

to prevent bootstraping mechanisms other than the BootLock mechanism from

gaining logical access to the DOS disk) and ad-hoc techniques should provide

reliable protection against operation, infection, evasion and damage by known

and unknown viruses. Disadvantage of such an approach is space/time

consumption when realized entirely in software. It is pointed out that

performance of defense system can be greatly enhanced through hardware based

implementations.



Benevolent viruses and further research

---------------------------------------



In the second part the author introduces the concept of benevolent virus. He

explains that computer viruses are some of the fastest distributed programs.

They distribute freely, easily and evenly throughout a computing environment.

The hardest problem in parallel processing is efficient uniform distribution

of computing between computers working together on the same problem. With

computer viruses the solution of this problem is easier because of their

ability to replicate and spread. It is, however, important to know that the

problem of controlling virus growth must be addressed before widespread use

of viruses in existing computer networks. 



To avoid confusion, the author gives his famous definition of computer virus

from the paper "Computer Viruses - Theory and Experiments" (published 1984.):



"We define a computer 'virus' as a program that can 'infect' other programs

by modifying them to include a possibly evolved copy of itself."



There is also description of worm:



"...so-called "worm" programs would install segments on computers which were

not in use, performing "segments" of the parallel processing problem being

solved..."



The author's formal definition of computer virus (not presented in this

article) for mathematical reasons encompasses all self-replicating programs

and programs that evolve and move through a system or network, thus putting

many of the worm programs under the formal description of computer virus.



The short history of theoretical and experimental work on self-reproducing

programs is given. The two examples of useful computer viruses are presented.



One example is The Viral Bill Collector. It is a distributed program which

allows to the user to avoid a large centralized bureaucracy which controls

and directs all activities, by distributing all functions to the individual

bill collectors. The computing environment "births" and "kill" collectors

according to the current requirements.



The second example is Maintenance Virus. To reduce manual system

administration, maintenance viruses are implemented. They replicate

themselves in limited numbers, seek out known imperfections and repair them.



The author points out that "birth/death" processes are central to the problem

of designing viruses that do not run amok, as well as to the evolution of

viral system over time.



Some other future improvements of useful viruses as random variation and

selective survival are discussed. It is stated that in the same way as we can

generate computer program from specifications, we can generate evolutionary

systems from specifications, and assure to reasonable degree that they will

act within predefined boundaries. The author regretfully notices that viruses

have gotten a bad name, partly because there are so many malicious and

unauthorized viruses operating in the world. He offers as possible solution

of this problem the "Computer Virus Contest" which rules prohibit the use of

viruses that have been released into uncontrolled environments, viruses

placed in systems without explicit permission of the owner and viruses

without practical mechanisms to control their spread.



The author concludes that "just as biological viruses can cause disease in

humans, computer viruses can cause disease in computer systems, but in the

same sense, the benefits of biological research on the quality of life is

indisputable, and the benefits of computer virus research may same day pay

off in the quality of our information systems, and by extension, our well

being."



Further reading:

----------------

I would recommend this article for the start to those who want to get

acquainted with Fred Cohen's work. The next step could be the book "A Short

Course on Computer Viruses" where the same themes are presented in more

details. According to personal wishes, one can continue either going further

with the theory by reading Fred Cohen's Ph.D thesis or some of his articles

with formal definition of computer virus, or to find some practical solutions

of viral and security problems in some of numerous Fred Cohen's articles with

that subjects. Personally, I am waiting impatiently to read the newest book

"It's Alive!".





^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^



                     The man who fights for his ideals

                     is the man who is alive!



                         - Miguel de Cervantes -



^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^





                          THE MYSTERY - MARK LUDWIG

                          =========================



Reading the following text from the article published in Crypt Newsletter No

22, I got curious. Yes, I have heard the name Mark Ludwig earlier, but it

always had some negative connotation. This article was somewhat different...





[ IN THE READING ROOM:  "COMPUTER VIRUSES, ARTIFICIAL LIFE AND EVOLUTION"

BLASTS EVOLUTIONARY SCIENCE WITH THEORETICAL PHYSICAL METHODS



Just after Christmas, on December 27th, Addison-Wesley France was served with

a temporary legal notice prohibiting the distribution of its recently

published French language edition of Mark Ludwig's "Little Black Book of

Computer Viruses, Volume 1." Entitled "Naissance d'un Virus" or "Birth of a

Virus," the French edition was selling for about $50 cash money. The company

is also distributing a disk containing copies of Ludwig's TIMID, INTRUDER,

KILROY and STEALTH viruses separately for a few dollars more.



However, before the ink was dry on the paper a French judge dismissed the

complaint, said Ludwig between laughs during a recent interview. Addison

-Wesley France, he said, subsequently worked the fuss into good publicity,

enhancing demand for "Naissance d'un Virus."



Almost simultaneously, Ludwig has published through his American Eagle

corporation, its follow-up: "Computer Viruses, Artificial Life and

Evolution," which will come as a great surprise to anyone expecting "The

Little Black Book of Computer Viruses, Part II."



For those absent for the history, "The Little Black Book of Computer

Viruses," upon publication, was almost uniformly denounced - by the orthodox

computer press - as the work of someone who must surely be a dangerous 

sociopath.  



Most magazines refused to review or mention it, under the working assumption

that to even speak about viruses for an extended length - without selling

anti-virus software - only hastens the digital disintegration of the world. 

Ludwig found himself engaged in a continued battle for advertising for his

book, losing contracts without notice while the same publications continued

to stuff their pages with spreads for cosmological volumes of pornography. 

This has always been a curious, but consistent, hypocrisy.... ]





...Later in the same text there were few words about the author...





[...Not surprisingly, the controversy has kept sales of "The Little Black

Book" brisk since its initial printing and financed the expansion of American

Eagle.



Which brings us, finally, to "Computer Viruses, Artificial Life and

Evolution," a book which takes a hard scientific look at life and the theory

of evolution, and only incidentally contains working viruses.



To grapple with the underlying philosophy behind "CVAL&E," its helpful to

know Ludwig was a physics major at Caltech in Pasadena, CA, at a time when

Nobel-laureate theoretical physicists Richard Feynman and Murray Gell-Mann

were in residence. The ruthlessness with which these scientists dealt with

softer disciplines not up to the task of thorough theoretical analysis

coupled with the academic meat-grinder that is Caltech's reputation, casts

its shadow on "CVAL&E."



Ludwig writes in the introduction:



". . . Once I was a scientist of scientists. Born in the age of Sputnik, and

raised in the home of a chemist, I was enthralled with science as a child.

If I wasn't dissolving pennies in acid, I was winding an electromagnet, or

playing with a power transistor, or . . . freezing ants with liquid propane.

When I went to MIT for college I finally got my chance to totally immerse

myself in my first love. I did rather well at it too, finishing my

undergraduate work in two years and going on to study elementary particle

physics under Nobel laureates at Caltech. Yet by the time I got my doctorate

the spell was forever broken . . . I saw less and less of the noble scientist

and more and more of the self-satisfied expert."...]





...Well, at this point I decided to contact Mark Ludwig and ask him some

questions. Here is he, answering exclusively for "Alive":





A: Why did you get interested in computer viruses?



ML:



I thought they were interesting as genetic, self-reproducing entities, and

I just wanted to learn something about them, as a scientist. What little I

could find out about artificial life seemed very much skewed toward the

evolutionary point of view, which is in my mind more philosophy than good

science. Since computers are universal simulating machines, I think one thing

AL [Artificial Life] researchers can get into is a sort of programmatic story

telling which has little to do with reality. I mean, of course you can design

something to evolve (Lamarkian or Darwinian) just because you have an

universal simulating machine. But does that have anything to do with real

life?



I saw viruses as a real-life phenomenon, rather than a laboratory construct.

Perhaps they are the only "life-form" apart from earth's carbon-based life

we will ever meet. Laboratory AL experiments tend to be contrived because

the researcher's intelligence inevitably enters in. Viruses, as a phenomenon,

are somewhat different. They're in the wild. What do they do there? Do they

evolve? Can they evolve? The whole question just seemed fascinating to me.





A: When did you start to deal with computer viruses and could you describe

shortly your work?



ML:



About 1988 or 1989. Given the above interest, the natural thing to do seemed

to be to get some viruses and learn about them. That proved to be a real

challenge though. Technical knowledge of this field was very hush-hush then.

I ended up solving the problem by setting up a BBS and announcing that I'd

send people $20 if they'd send me a virus. So I got a few that way. But I

realized it was going to be hard to discuss my scientific interests with

anyone if no one understood the technology behind viruses. Furthermore, I

did not believe that this silence was best for mankind in the long run. I

mean, here is this brand new technology -computers & information science-

and a brand new phenomenon -viruses- and all anybody wanted to do was to make

it go away. As a scientist, I was much more inclined to explore the

possibilities. Yet I knew I couldn't possibly do that alone if we're really

going to find out what uses these things might have, or what understanding

they might actually contribute to other scientific disciplines. Science

doesn't work like that now-a-days. The knowledge has to be more generally

available before anyone could even begin to think along these lines. So I set

out to make that knowledge accessible.





A: Why did you write "The Birth of a Virus" ?



ML:



"The Birth of a Virus" is the French edition of "The Little Black Book of

Computer Viruses." I plainly wrote it so that the average programmer could

learn the basics of how a virus operates. That was published in 1991. It is

not intended to be a compendium of all the tricks virus programmers use, or

anything like that. It is an introduction. The viruses discussed in the book

(4 of them) are pretty basic, but they get some of the basic techniques

across, and illuminate the issues which a virus must face to reproduce.





A: Why did you write "Computer Viruses, Artificial Life and Evolution"?



ML:



CVALE is a first stab at discussing my original interest in viruses. It

discusses questions like "Are viruses alive?" and digs into viral evolution,

comparing viruses to real-world organisms, etc. It's about more than just

viruses, though. It's about the whole Artificial Life movement, as well as

science and philosophy. Really, I think what I've seen in staring hard at

viruses might be very valuable in bringing about a revolution in evolutionary

biology. Using carbon-based organisms is a horrible way to study evolution.

They're too complex and we don't understand them well enough. The time frames

of evolution are too large. And deep philosophical questions rear their heads

all over the place. Inside the computer, most of these difficulties just

vanish. The one thing you have to be careful of is the universal nature of

the computer. What you don't want is to create some kind of science that will

always confirm itself. Looking at viruses can teach us how to impose some of

the checks and balances that science needs to be valid.





A: Do you think that your work is unethical or illegal?



ML:



Illegal? Some people tell me that it is in some parts of the world. Certainly

it is not illegal in the US.



Unethical? That is a more difficult question. I don't think so, but I'm open

to correction. I mean, I realize that by publishing viruses, somebody could

use that information to hurt somebody else. It's not my intention to empower

would-be criminals. At the same time, I think a lot of people can get hurt

because people who should have the technical expertise to deal with malicious

viruses don't have it and have a hard time getting it. The idea that you can

combat a human intelligence with a piece of software is ludicrous. Anybody

who just installs an anti-virus and sits back on his laurels is asking for

trouble. At least some virus writers are intelligent people. And the only way

to combat a human intelligence is with human intelligence. In other words,

you start with first hand knowledge of what viruses are and how they work.

Given that first hand knowledge, you can reasonably choose anti-virus

software to protect your systems, etc., but you don't just pick the program

based on some advertisement, or some review that purports to be unbiased,

albeit written by an a-v developer or by some peon at an advertiser-driven

magazine. Thus, I see my work as being potentially very beneficial in that

it brings education and light where darkness has been.





The only way I can see to answer the ethics question is to weigh the merits

and dismerits of what I'm doing. I've always taken the attitude that I'll

do this on a tentative basis, but if it proves out that people are taking

my stuff and wreaking havoc with it, I'd be the first one to condemn it.

Now, 3 years after the release of The Little Black Book, I think I can say

safely that people are not, for the most part, running out to destroy the

world with it. They are behaving responsibly.



We do not make it illegal to manufacture hammers or knives because people do,

occasionally, kill other people with those implements. We do not call the

knife manufacturer immoral or unethical. Killing someone or not with them

is the responsibility of the user, not the manufacturer.



I fail to see why viruses should be treated differently. The a-v community

argues that there is no such thing as a good virus, ergo there is no benefit

side to the equation, as in the case of a hammer. Even if they were right on

that point, though, it would not be logical to conclude, therefore, that

making information about viruses available is therefore also bad. Someone 

who learns about viruses -who gets the first hand knowledge about them- is

going to be a whole lot better at facing a malicious virus running amok in

a network than somebody who simply sits back and lets somebody else, e.g. an

anti-virus company, do his job for him. The second person will in all

likelihood need expert help to get rid of the virus. The first will be the

expert to begin with. Thus it seems reasonable to suggest that even if all

viruses were only evil (which I do not believe), it could still be very good

to make the knowledge of them available, because in so doing you are teaching

people how they work and giving them the expertise to fight them better.  As

far as I can see, the benefits do outweigh the dangers here.



I think when considering the ethics of all of this, we have to realize that

the a-v community is trying to partake of a new ethic which, if carried to

its logical conclusions, will have a chilling effect on all innovation and

all human initiative. You see this new ethic throughout society. It damns

anything which could potentially be harmful before you even know whether it

will be beneficial or not. I don't care whether you're talking about a-v or

environmentalism or about the latest drive to socialize medicine in the US,

this mindset is behind it. The bottom line is an attempt to create a

risk-free socialist world controlled by a technical elite. Now, you can't

stop hammers with this approach, but you can sure stifle anything new,

because you can magnify the risks, and diminish the benefits, and people

don't have an intuitive feel for it.



The truth is that people who reason this way are trying to make gods out of

themselves. They are not content to let their opinions be opinions. Rather

they try to elevate them into moral truism. A lot of people in the west

still have a love-affair with socialism, so they buy into this risk-free

attitude without questioning it much. We shouldn't be deceived by such

propaganda though.





A: What problems did you have in presentation of your work?



ML:



Well, nobody wanted to print it. But it was not that big of a deal since I

already owned a publishing company which published other books for university

classes. I just had to decide whether we should get into this line or not.

I've had enough experiences in other fields of science to know that if you

want to do anything new you're going to meet resistance. I haven't run into

any problems I didn't expect from the start.





A: Why people are willing to reject the concept of beneficial viruses or

   artificial life in general?





Most people don't reject the idea of a beneficial virus if you discuss it

with them intelligently. Rather, they become open to it rather quickly.

There's a certain amount of inertia you have to overcome to get people to

actually install a beneficial virus, though, because they've been brainwashed

into believing that virus = bad. Once you get past that, it's not a problem.



Now, obviously, I won't say the same of the anti-virus community. Here you

have a case of group-think where everyone just echoes everyone else's

opinion. It's kind of like an extreme political party. Breaking ranks will

get you ostracized. They are the ones who've been trying to brainwash people,

and they want to keep it up because they are pushing an agenda that puts them

in the driver's seat. They know full well that to make any concession in

their position is to open the floodgates. How will you ever pass legislation

against the free dissemination of virus-related information once you admit

that some of it might be beneficial? You won't. So they'll fight the idea of

a beneficial virus to their dying breath.



Artificial Life is a different matter, though. I think a lot of people reject

the concept in its strong form for religious or philosophical reasons.

Furthermore I think those reasons are completely valid. I mean, IF you accept

the idea that life is nothing more than atoms and physics, it makes sense to

define life functionally and then design something functionally equivalent

and call it life. However that IF is a big if. There are plenty of reasons

not to do that, both philosophical and purely scientific. Most of the people

doing AL work just leap right in like good positivists and sweep the deeper

questions under the rug. If AL is ever to garner widespread support, those

who study it are going to have to be more sensitive to the philosophical

issues. I tried to do that in my book, though I haven't gotten a whole lot

of feedback as to how well I succeeded.





A: Are there persons in virus/anti-virus field that you respect and why?



ML:



Technically there are quite a few people I respect. Writing viruses and

anti-viruses is kind of like a programmer's version of a grand master's

chess game. You need both a good deal of skill and a sense of the art of it

to play on either side.





Intellectually, I don't have very much respect for many of the people who've

made a name for themselves in a-v work. Many of them aren't thinking for

themselves anymore. They've made up their minds and they won't hear new

ideas. They're like politicians who are so committed to a movement that they

don't dare change, and they stagnate intellectually as a result.



There are a whole lot of people a step below the big names, though, who

are just good people trying to keep the computers in their companies clean

and what not. They aren't pushing an agenda - they're just trying to get

their job done. They're open minded and they will listen to new ideas.

I respect these people a lot, and it's my sincere desire to help them get

their job done. By making technical information about viruses available,

I'd like to believe that I'm doing that.





!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!





           And God saw that it was good. And God blessed them, 

           saying 'Be fruitful and multiply'



                    -Genesis 1:21,22



(The dedication to Mark Ludwig's "Little Black Book about Computer Viruses")





!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!





   IT CONQUERED THE WORLD:  A FICTION EXCERPT FROM MARK LUDWIG'S "CVAL&E,"

   =======================================================================

                             FOR YOUR ENJOYMENT

                             ==================



[Warning: Sections of the following may seem morbid and unpleasant.]



Cast 50 years in the future . . . 



"Atomic storage technology was developed and put to work in computers 40

years ago.  Five years later the first notebook computers with 100 terabytes

of pico-second access, non-volatile storage became available for under $5000.



Of course, software lagged far behind hardware.  For nearly 20 years, the

software giants battled it out developing operating systems to make effective

use of the storage technology.  In fact, operating systems proliferated to

such an extent that real progress in programming gave way to brute

competition between operating systems.  By and by, IBM came up with the

solution.  Their OS/4 operating system was an incredible engineering feat.

About 1.2 terabytes of code, fully interactive speech recognition, touch and

vision interface, artificial reality feedback.  But the clincher was the

artificial intelligence which allowed the operating system and applications

to adapt to both the individual user and the software developer.  It was a

cinch to write very complex programs in this environment because of the

artificial intelligence, despite the fact that there were nearly 2 million

possible system calls. Shareware proliferated for it, and then commercial

programs that would boggle the mind of anyone just ten years earlier.



"By 2045, OS/4 was the _de facto_ standard.  There weren't even any close

competitors. Nobody even had any interest in new operating systems, because

this one seemed to fit everyone's needs so well.  It seemed to be the golden

age of computing, except for one thing.  OS/4 had some anti-virus measures

built into it.  They worked pretty well.  However, a fairly simple but benign

virus appeared in this environment that those anti-virus measures couldn't

cope with.  This virus was only about 2 megabytes in size, and since it was

benign, nobody cared much about it.  However, at the time the United States

had become a tyranny whose evils had eclipsed even those of Stalin and

Hitler. Most intelligent people had fled the country long ago.  The

government went on a crusade to find the author of the virus.  They got their

man, and subjected him to functional re-engineering at the hands of

nano-robots.  A horrible fate. This focused quite a bit of attention on the

virus and its alleged author.  To defend this poor scapegoat, a team of

scientists got together and proved that just such a virus should evolve into

a useful clean-up utility if left alone.



"A couple weeks later IBM released a supplementary anti-virus utility to take

care of the problem.  Even though the scientists said not to worry, a lot of

people wanted the virus out, and IBM saw this as a good way to make a moral

statement about virus writing that would make a number of governments happy.

This . . . was the beginning of the end, though.  A typical case of the quick

fix.  No one took the time to disassemble the virus.  Nobody listened to the

team of scientists.



"Until that anti-virus utility was released, there was little evolutionary

pressure on the virus, and most of it caused evolution in beneficial ways. 

The utility was quite adept at putting pressure on the virus to make it

malevolent, though. And the virus mutated with incredible ease . . . If that

were not enough, the artificial intelligence of the anti-virus only succeeded

in driving the viruses - which also used system AI resources - to become

smarter and more prolific.  The anti-virus was made available on a Monday,

free of charge to the general public.  By Wednesday, the whole world was in

chaos.  Everything was shut down.  Financial markets. Communications.

Hospitals.  The works.  Nobody went to work. People were dying . . ."



(c)opyright 1993 American Eagle Publishing.  Used with permission.





&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**

                    

                The disciples asked the master:



                - What will happen with you after your death?

 

                - I will go to the hell.



                - But, they think that you are very holy master!



                - If I don't go to the hell, how can I help you?



                               - Zen text -



&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**





[ The book review of "Computer Viruses, Artificial Life & Evolution" and "It

Conquered The World" originally appeared in the February 1994 issue of The

Crypt Newsletter. They are reprinted in "Alive" with permission of Crypt's

editor George Smith (Urnst Kouch). The Crypt Newsletter is a monthly

publication featuring science news, media reviews and comment of interest to

a computing audience.  E-mail: ukouch@delphi.com ]





Editor's note:

-------------- 



The "underground" versions of The Crypt Newsletter contain source code of

some viruses. It is disputable if they are beneficial or not. The "clean"

versions (without virus code) are available on Compuserve.





~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~ 





                       THE REALITY - VESSELIN BONTCHEV

                       ===============================



Many people know the name Vesselin Bontchev from discussions on Virus-L/

comp.virus. His formal biography says:



In 1988 Mr Bontchev became interested in computer viruses and soon afterwards

his freeware anti-virus programs were the most popular in Bulgaria. In 1990

he became the director of the Laboratory of Computer Virology at the

Bulgarian Academy of Sciences - a laboratory, created mainly due to his

efforts. Since 1991 he is working on his Ph.D. thesis in the Virus Test

Center at the University of Hamburg, Germany. 



Since 1990 Mr Bontchev is the Bulgarian representative in IFIP's TC-11

(Computer Security). He is also a founding member of CARO (the Computer

Anti-virus Researchers' Organization), a founding member of VSI (the Virus

Security Institute), and a member of EICAR (the European Institute for

Computer Anti-virus research).



Mr Bontchev's main fields of interest include computer viruses, computer

security, integrity and data protection, encryption, number theory....etc.



Leaving formalities for a moment, Vesselin Bontchev speaks for "Alive"

exclusively:



A: Why did you get interested in computer viruses?



VB:



Initially - because they are interesting, of course. I mean, they are

challenging; doing something that is unusual and clever. Later I discovered

that my knowledge in this field can help many other people and this motivated

me additionally.



A: When did you start to deal with computer viruses and could you describe 

   shortly your work?



VB:



It all began in the Spring of 1988. At that time I was working on a voluntary

basis as a consultant for the only Bulgarian computer-related magazine -

"Komputar za vas" ("Computer for You"). I was asked to provide some help in

translating a German article (from the German magazine "CHIP", I believe)

about computer viruses. I didn't know German at all, but I knew a lot about

computers. The article was initially translated by a professional translator,

who knew German perfectly, but knew nothing about computers and the special

jargon used in this area. There was a lot of funny stuff in the draft

translation... But I digress.



In short, the article was about computer viruses. I read it, and the subject

captivated me at once. Knowing from personal experience that the quality of

the information obtained from such sources as popular magazines tends to be

rather low, I used the information system of the Bulgarian Central Institute

for Scientific and Technical Information to do a library search by keywords

and then to read all available serious journals that had some articles on

this subject. The most valuable source of information proved to be "Computers

& Security", and in particular the papers from Dr. Fred Cohen and Prof.

Harold Highland - two of the very few people that seemed to know what they

were talking about.



After reading all that was available to me at that time (not that much; there

weren't so many articles published on this subject at that time), I decided

that while an interesting mental exercise, computer viruses couldn't be that

dangerous, because every moderately competent computer techie should be able

to spot them at once. Also, it was obvious that all the hype in the popular

media was caused mostly by people who knew near to nothing on the subject.

Even the viruses that existed at that time didn't seem anything particularly

clever - I remember that when I read the description of Brain, I spent long

time wondering what the *other* part of the code could do, because it was

clear to me that anybody with some experience in assembly language

programming could fit the described functionality into less than one kilobyte

of code - so what were the other 2 Kb of the virus *doing*?



In short, I wrote an article for "Komputar za vas", explaining my view that

computer viruses can't be a real threat. What I have overlooked was that by

far not all computer users are technical experts who know by heart the

internals of their machines... Just a couple of days after my article was

published, two guys came at the editor's office of the magazine and proudly

announced that they have found a virus! It was what we are calling now

Vienna.648.Reboot.A, but nobody knew it at that time. The two guys had

already dealt with the infection in the company they were working for (they

were system programmers, after all) and demonstrated us how well their

custom-made disinfector works... disinfecting the only copy of the virus left

in their disposition. Of course, I wanted to examine "the beast" and to

understand how exactly it works and why. The problem was, it was already

gone! I visited the office in their company, and after a long and fruitless

search for an infected file, we finally found a piece of paper in the trash

bin, that contained the hex dump of an infected file... I got that piece of

paper and entered the code with DEBUG byte-by-byte. Then I disassembled it,

understood it, wrote my own disinfector (and even a vaccine) for it... This

is how it all began for me. My second case was Cascade, then Ping_Pong, then

the Bulgarian viruses began to appear (Old_Yankee, Yankee_Doodle), and then

came the Dark Avenger...



My work now? Well, I am working in the Virus Test Center at the University

of Hamburg, under the leadership of Prof. Klaus Brunnstein. I am in charge

of maintaining our virus collection. I am also analysing viruses, helping

people who are asking virus-related questions from all parts of the world,

writing my Ph.D. thesis, testing anti-virus products, and many other less

exciting things.



A: Why did you leave Bulgarian anti-virus scene and moved to Germany?



VB:



Because I was proposed the wonderful opportunity to live and work under

excellent working conditions in place with a very high reputation in the

computer anti-virus field - and also to get a Ph.D. there.



A: Are you familiar with present virus/anti-virus situation in Bulgaria?



VB:



It depends on your definition of "familiar". I have a pretty clear idea of

what is happening there, although I am not as much familiar with the

virus/anti-virus scene there as I used to be.





A: It is known that certain animosity existed between you and Bulgarian 

   virus writer known as Dark Avenger some time ago.



VB:



That is put very mildly, yes.



A: What do you think about him today?



VB:



The same bad things I've been always thinking about him. Sorry, but my

education does not allow me to list them here. 



A: What is your general opinion about virus writers?



VB:



Most of them are just irresponsible juvenile people (I am tempted to say -

kids), who want to "establish" themselves and to impress their peers, by

doing things that they perfectly know are regarded as "bad" by the society,

but for which, as they also know very well, this same society is unlikely to

be able to punish them. They like so much to brag about their "exploits" and

"civil liberties", but it is actually the same old graffiti writing, only in

a more modern, electronical form. In short - vandals.



A: What do you think about beneficial viruses and artificial life? Why are 

  people willing to reject the concept of beneficial viruses and artificial 

  life in general?



VB:



I don't feel competent to comment about artificial life, because I am not

expert in this area. I don't believe that computer viruses are a form of

artificial life, however.



People don't like to even hear about the so-called "beneficial viruses"

mostly because the term "computer virus" is already loaded with negative

meaning in the public opinion - maybe incorrectly, just like the term

"hacker", but that's it how it is. I would suggest to anybody who is doing

serious and responsible research in the field of self-replicating code, to

use some other term, if they don't want to be misunderstood by the general

public. After all, what Dr. Cohen is understanding under the term "beneficial

virus" is *very* different from those nasty little programs that the general

public is acquainted with.



A: Do you think that is unethical to claim that computer viruses can be 

   beneficial and why?



VB:



Now, that's a difficult question... Well, it depends. It depends on what are

the motives of the person making the claim. Is he a legitimate scientist who

is trying to use an interesting phenomenon for something useful for the

humanity? Or is he just an irresponsible person who is looking for an excuse

for his asocial acts and is trying to masquerade them under the

scientifically-looking term "research"?



However, I think that even the legitimate researcher ought to emphasize that

he is talking about something completely different from the real computer

viruses known to the general public - in order not to be misunderstood. Also,

I think that he should clearly (and loudly) distinguish himself from the

virus writing crowd. Research - yes, but seriously done, in clear and

strictly controlled environment, by people who have the knowledge and

experience to conduct it. Just like the kind of research into biological

experiments.



A: You often mention "real viruses". What are they and how are they related 

   to the concept of "beneficial viruses" ?





VB:



I am convinced that what most people understand under the term "computer

virus" cannot be beneficial. When the average user hears the term "computer

virus", he almost certainly does not have a valid definition for it, but just

as certainly he has a pretty clear view of what the term is about. I call

this a "real computer virus". Real computer viruses are always bad. 



My professional understanding of "real virus" is this:



"Something has entered my computer without my authorization and is

replicating there, potentially doing damage."



The accents are on (a) entered without authorization, (b) replicating - 

i.e. modifying executable objects and wasting time and disk space, and (c) 

maybe it is doing damage, maybe it is intentionally, maybe not intentionally.



The average user's understanding of "real virus" is probably:



"Something is here, I didn't allow it to be here. I've been told it can 

spread like living being and that it can destroy my data/programs. I don't 

like it."



Two years ago I asked the net to send me the arguments why they think a

"good" virus is a bad idea. I have collected dozen reasons. I do not claim

that computer viruses cannot be beneficial, but any virus that pretends

to have this property must not violate any of the 12 conditions. 





-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

     

                Originality and the feeling of one's own

                dignity are achieved only through work

                and struggle.



                           - Dostoevsky -



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=





Vesselin Bontchev:



               DOZEN REASONS WHY A "GOOD" VIRUS IS A BAD IDEA

               ==============================================



I. Technical points:

--------------------



1. Once released, one has no control on how the virus will spread; it may

reach an unknown system (or the one which could have even not existed at the

time the virus is created) and on which it might cause non-intentional

damage. Any virus that claims to be beneficial, must contain measures to

prevent this. For instance, if it infects a particular object, it must at

least keep a cryptographically strong checksum of this object, in order to

make sure that it does not infect anything else by mistake. And this is only

a simplistic example; in reality the precautions must be much more

elaborated.



A virus that claims to be beneficial should provide means to be controlled.

It should be possible to easily prevent the infection even of a system that

has never heard about the virus; it should be possible to remove the

infection easily from any infected system, without causing any harm; and it

should be possible to send a message to all instances of the virus to

terminate themselves, restoring the infected systems to their uninfected

state - or to update themselves. Such a message should propagate faster than

the virus itself. In some sense, those messages will be "viruses" for the

"computational environment" consisting of all existing copies of the virus,

just like the virus is a virus in the "normal" computational environment (the

one that the user uses). If such a solution is implemented, this is still

dangerous, although the danger is of a different kind. Suppose that a system

uses the beneficial virus and relies on it. Then a malicious attacker could

send a message to the virus to terminate itself, thus causing harm to the

system (a denial of service attack). Therefore, the message should be

cryptographically authenticated. In short, the virus should be able to

authentify itself to the system and the system should be able to authentify

itself to the virus.



The user of the beneficial virus should actively invite (e.g. install) the

virus on his/her system. It is not enough if the virus asks for permission,

because this forces the user to take some measures in order to keep their

system virus-free. By default (i.e. if no measures are taken), the virus

should not infect that system. Only if the virus finds some kind of

"invitation", it should infect the system. There must be a way to turn off

the prompting - the user must both be able to set the default action to "no,

don't infect" (by removing the invitation or not installing it in the first

place) and to "yes, keep infecting without asking". And again, cryptographic

means should be used to ensure that what the virus sees as invitation is

indeed one and not some kind of mistake.



No uncontrollable mutations of virus should happen, either of random (errors)

or deterministic (intentional changes) nature.



2. The anti-virus programs will have to distinguish between "good" and "bad"

viruses, which is essentially impossible. Also, the existence of useful

programs which modify other programs at will, will make the integrity

checkers essentially useless, because they will be able only to detect the

modification and not to determine that it has been caused by a "good" virus.

Therefore, a virus that claims to be beneficial, must not modify other

programs.



3. A virus will eat up disk space and time resources unnecessarily while it

spreads. The virus is a self-replicating resource eater. Therefore, a virus

that claims to be beneficial, should keep only one instance of itself per

infected machine and the costs of the time and other resources used by it

must be negligible, compared to the benefits it brings to the user.



4. A virus could contain bugs which might damage something or harm somebody. 

Any program could be buggy, but the buggy virus is a self-spreading buggy

program which is out of control.



5. A virus will disable the few programs on the market which check themselves

for modifications and halt themselves if they have been changed. It is

important to repeat again that a virus that claims to be beneficial, *must

not modify* other programs.





Summary of technical points against "good" viruses:



-impossibility to control it or possibility to lose control over it

-uncertainty in discerning "good" from "bad" viruses

-resource wasting

-bugs which are harder to detect and easier to spread around

-modification of programs



The above points apply to any practical system of use today, i.e. the systems

which are based on von Neumann's architecture.





II. Ethical/legal points:

--------------------------------



6. It is unethical to modify somebody's data without his or her active

authorization. In several countries this is also illegal. The user of a

beneficial virus must actively invite the virus to infect his or her machine.

The virus must wait for an invitation, not bother the user with asking for

permission or sneaking in without one.



7. Modifying a program could mean that the owner of the program loses his or

her rights for technical support, ownership, or copyright. An example of such

a possibility could be the case reported recently to VTC - Hamburg. The

company refused technical support to somebody whose system was infected -

they insisted that their product is re-installed.



8. An attacker can use a "good" virus as a means of transportation to

penetrate a system. That is why a "good" virus must be able to authentify

itself to the system, and the system must be able to verify that it is

exactly what it claims to be. A person with malicious intents can furthermore

get a copy of the "good" virus and modify it to include something malicious.

Actually, an attacker could trojanize -any- program, but a "good" virus will

provide the attacker with means to transport his malicious code to a

virtually unlimited population of computer users. The possibility to

transport malicious code is one of the things that makes a virus "bad".



9. Declaring some viruses as "good" will just give an excuse to the crowd of

virus writers to claim that they are actually doing "research". Working with

potentially dangerous things - either poisonous substances or self -repli-

cating programs - should be left to people who have (a) the moral and ethical

stability and (b) the technical expertise to do it.



10. Anything useful that could be done by a virus, could also be done with

a normal, non-replicating program. Any virus that claims to be beneficial

must do something that either cannot be done by a non-viral program, or is

not done as effectively as with a viral one to avoid problems stated in

previous points.



The summary of ethical/legal points against "good" viruses:



-modification of data/programs without active authorization of user

-possibility to lose ownership rights on infected program

-possibility to modify a "good" virus with malicious code to transport such 

 a code further

-the question of responsibility of persons writing viruses

-the question of suitability of "good" viruses to perform a certain task





III. Psychological points:

--------------------------



11. A virus activity ruins the trust that the user has in his or her machine.

The impression that a virus steals user's control of the machine can cause

the user to lose his or her belief that she or he can control it. It may be

a source of permanent frustrations.



12. For most people the word "computer virus" is already loaded with negative

meaning. They will not accept a program called like that, even if it claims

to do something useful.





*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*



              Those who are good, travel the road that avoids evil;        

              so watch where are you going - it may save your life.



                             - Proverbs 16.17 -



*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*





Vesselin Bontchev:



                       AN EXAMPLE OF BENEFICIAL VIRUS

                       ==============================



...Here is an example of a software package that uses replication to some

extent and which is without doubt beneficial.



Consider a company that has about 1,000 PCs, all networked together in a LAN.

The company also takes the virus problem seriously, and insists that each and

every of those PCs must be running the latest version of the SuperDuper Scan,

before it is allowed to access the network. (Let's ignore for a moment

whether the decision to rely on a scanner for virus protection is wise or

not.) This is a very reasonable requirement, because scanners tend to get old

like nothing else, and a new virus could sneak in undetected by the obsolete

scanners and wreak havoc.



So, the person responsible for the network has imposed a requirement: no PC

that does not run the latest version of SuperDuper Scan is allowed to log in.

That's fine, but how do you achieve that? The simple answer is - by keeping

a copy of the (presumably resident) scanner on each of the PCs and regularly

updating them. Only problem is - how do you keep 1,000 PCs up-to-date? And

keeping them up-to-date with a product, a new version of which is released

every month? If you try to go to each PC (and they are probably in different

buildings and some are in obscure locations and used rarely) and update it

manually from a floppy - then one month will not be  sufficient to update

them all - and before you have finished, you'll have to start all over again!

A real nightmare...



The obvious alternative is to keep one copy of the anti-virus package on the

server and update the PCs from there. (Of course, it is presumed that you

have a site license, but any company with 1,000 PCs that is using a

particular anti-virus product has also probably been careful enough to get

a site license.) However, if you go to each PC and manually download the new

version from the server, then the situation has not improved very much. One

option is to tell the users to do it regularly, and even set some sort of

automatic system that sends them automatic reminders each time the software

on the server is updated. However, users tend to be lazy and automatic

messages tend to be automatically ignored... 



But there is an alternative! Design the anti-virus package like a network

virus (a worm actually). One segment of the worm constantly monitors the

logins. Each time a workstation attempts to login, that segment automatically

questions that station whether it is running the anti-virus product and which

version of it. If it turns out that a newer version is available, the segment

informs the user about this, and proposes to update the local version. If the

user refuses, then access to the network is denied. If the user accepts,

another segment of the worm fetches the relevant (updated) parts of the

package from the server, uploads them to the workstation, and reboots the

latter, in order to make sure that the changes will take effect. Of course,

the user is kept informed about this and user permission is requested each

time.



Now comes the best part. The "worm" - the set of programs that are

responsible for the automatic distribution of the software actually come as

part of it. They are part of the anti-virus software, and they are used to

copy parts of the anti-virus software accross the network, in an automated

way. That is, to some extent, the package is a virus (worm), because it is

able to replicate (parts of) itself.



Are there any ethical problems? I don't see any. The owner of the network has

the full right to decide what the policy of admitting workstations to log in

will be. The user has the alternative not to comply - and not to use the

network. Of course, in a well-implemented (read: secure) package, the

different parts of the virus will use cryptographic means to authentify each

other. That is, it will be impossible for the user to lie that "yeah, the

newest version of the software is already running", and it will be impossible

for a rogue program to lie "hi, I'm the automatic distribution service; lemme

"update" your anti-virus package". In most of the existing implementations

the packages do not go to such trouble, but in the future they probably will

- because this is the way to go. Of course, there will be some other goodies,

like making sure that the different "worms" of this kind do not conflict with

each other and so on, but this is not so important for this discussion.



In fact, it is extremely easy to implement a primitive version of what

I described above. A simple set of command lines inserted in the system login

script and a couple of external programs will do the job...





Editor's note:

--------------



This example of beneficial virus is taken from the Mr Bontchev's posting to

Virus-L/comp.virus which in its entirety appeared in Virus-L Digest Volume

7, Issue 48, 1 Jul 1994.





@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@



                        Has a dog Buddha-nature or not?

                                    Mu!

                               - Zen koan -



@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@





        THE GRAND DEBATE ABOUT BENEFICIAL VIRUSES AND ARTIFICIAL LIFE

        =============================================================



In the previous articles, three more or less different viewpoints about

beneficial viruses and artificial life were presented. The topic is

undoubtedly interesting. Could computer viruses be beneficial? What is

artificial life? Are computer viruses the form of artificial life or not? 

Is it ethical to play with such things?...etc...The questions are numerous.

The answers, opinions and approaches can vary widely - from the scientific

(and somewhat controversial) interests of Fred Cohen and Mark Ludwig,

pragmatic (and somewhat sceptical) approach of Vesselin Bontchev till vague

and possibly confused opinions of "average computer user" and spurious

intentions of anonymous virus writers today.



There is a lot of confusion in the computer virus/anti-virus society today.

Many things are not clear. For example, do we know what are we talking about

when talking about computer viruses and/or artificial life? Do we talk with

each other or it is a heap of monologues without anybody listening carefully?

Where are the limits between scientific research and criminal activity? What

is the science and what is marketing and media hype? Who can tell the

difference? Are there connections between research in artificial life and

hyper production of computer viruses (with possibly malicious purposes)

today?



I would like to put some order in the confusion. On the pages of "Alive"

everybody will have a right to give his or her opinion, regardless if he or

she is an anti-virus expert/producer/researcher or "average user" (whatever

it means) or virus writer. I would like to invite all to Grand Debate about

Beneficial Viruses and Artificial Life to present your opinions and eventual

work in computer virus and/or artificial life field. However, I prefer a

little calmer atmosphere than it is on some public forums, at least the

discussions without pointless personal attacks. In fact, it is the only rule

for the Grand Debate. Everything else is free. By this I announce officially

that Grand Debate about Beneficial Viruses and Artificial Life is opened. 



The purpose of the Grand Debate is to give some answers, if possible. The

subject is complex and there is no unique answer. For example, Fred Cohen

said: "...viruses are only part of a pair - the life form and its

environment..." According to Mark Ludwig viruses are "...a real-life

phenomenon, rather than a laboratory construct..." and perhaps "...the only

'life-form' apart from earth carbon-based life we will ever meet..." Vesselin

Bontchev thinks that viruses are "...challenging, doing something which is

unusual and clever...", but he doesn't believe that "...computer viruses are

a form of artificial life..." 



Talking about beneficial viruses Fred Cohen stated: "A benevolent virus is

simply a virus that is used for good purposes, but then this is a matter of

context...Good and bad are relative. Most of the viruses I discuss as

benevolent are in fact reproducing symbol sequences without any known

malicious effect..." Mark Ludwig thinks: "There's a certain amount of inertia

you have to overcome to get people to actually install a beneficial virus,

though, because they've been brainwashed into believing that virus = bad..."

Vesselin Bontchev says that "...what most people understand under the term

of 'computer virus' cannot be beneficial..." and that "...'real' computer

viruses are always bad..." Furthermore, he gives the definition of "real

virus" and average user's understanding of the term. At this point it seems

that the problem of good definition of computer virus is the most important

problem to solve.



What is artificial life? According to Fred Cohen there is no difference from

real life and "the word artificial is really only a side effect of people's

egos requiring a special name for things they create..." He is talking

"...about foundations for the understanding of life in the general sense, an

expansion of biology into the general informational domain, drawing parallels

between our biosphere and the infosphere, understanding the implications of

the changes in our environment through information systems before we

experiment on our children..." 



Mark Ludwig said that "...staring hard at viruses might be very valuable in

bringing about a revolution in evolutionary biology. Using carbon-based

organisms is a horrible way to study evolution. They are too complex and we

don't understand them well enough. The time frames of evolution are too

large. And deep philosophical questions rear their heads all over the place.

Inside the computer, most of these difficulties just vanish..."



Although not talking about artificial life Vesselin Bontchev gives very good

points to think about in his "Dozen reasons..." When experimenting with

potentially dangerous things which have ability to reproduce and to modify

themselves the question of controllability of such "creatures" is very

important. "A virus that claims to be beneficial should provide means to be

controlled..." and "...the user of the beneficial virus should actively

invite (e.g. install) the virus on his/her system..." 



The brief conclusions from these introductory discussions are:



a) a good definition of computer virus is needed

b) beneficial viruses are possible, but it is hard to change the negative  

   meaning which term "computer virus" already got in public

c) the research in computer viruses and artificial life can bring us to    

   better understanding of life in general

d) it is important to know how to control experiments and practical use of 

   self reproducing entities (with eventual possibility of modification of 

   themselves and their environment).



It seems that this is quite a lot for the beginning. I expect that in further

discussions more questions and problems will arise, before some answers

appear. After all it is all real life. Maybe, the computer viruses are in the

world to teach us something. Computer viruses are not only pointing to

vulnerabilities in today's information systems, but also in vulnerabilities

in human society. In the smaller extent everything can be seen here. I am not

sure that there is an exact answer to question why people want to hurt other

people or to destroy something. The destruction due to malicious computer

viruses is not really the same as destruction in war. The writers of

malicious computer viruses are not the killers. Anyway, they want to tell us

something. What is that we have to find out by ourselves. Maybe we will also

find the way to learn how to put the human dimension in our everyday life.





++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++



                      God made us plain and simple,

                      but we have made ourselves 

                      very complicated.



                       - Ecclesiastes 7.29 -



++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++





              ____________________________________________________ 

             /                /    |                              |

            /         |\__/| /     |      THAT'S ALL FOLKS !!     |

       /~~~~~~\      /      \      |  NEW "ALIVE" IS COMING NEXT  |

    ~\(  * *   )/~~\(  0 0   )/~   |      HOST TO YOU SOON !!     | 

      (   O    )    (   O    )     |______________________________|

       \______/      \______/                        

      @/       \@   @/      \@







.