The Case for Beneficial Computer Viruses and Worms

This paper reviews published material on the subject of beneficial computer viruses and worms, that is, self-replicating programs for useful purposes. The topics include Shoch and Hupp's worms at the Xerox Palo Alto Research Center (PARC), Cohen's proposals for uses for viruses, and Vesselin Bontchev's anti-virus sentiments. Finally a simulation of using viruses to destroy other viruses is included. Author: Mr. Greg Moorer, Undergraduate Computer Science Student Organizational Affiliation: Department of Computer Science Mississippi State University PO Box 9637 Mississippi State, MS 39762 (662) 325-2756 (Voice) (662) 325-8997 (Fax) Email Address: [email protected] Academic Endorsement: Dr. Rayford B. Vaughn, Jr. Department of Computer Science PO Box 9637 Mississippi State, MS 39762 (662) 325-7450 (voice) (662) 325-8997 (fax) The Case for Beneficial Computer Viruses and Worms A Student's Perspective Abstract This paper reviews published material on the subject of beneficial computer viruses and worms, that is, self-replicating programs for useful purposes. The topics include Shoch and Hupp's worms at the Xerox Palo Alto Research Center (PARC), Cohen's proposals for uses for viruses, and Vesselin Bontchev's anti-virus sentiments. Finally a simulation of using viruses to destroy other viruses is included.This paper reviews published material on the subject of beneficial computer viruses and worms, that is, self-replicating programs for useful purposes. The topics include Shoch and Hupp's worms at the Xerox Palo Alto Research Center (PARC), Cohen's proposals for uses for viruses, and Vesselin Bontchev's anti-virus sentiments. Finally a simulation of using viruses to destroy other viruses is included. Introduction With the current media blitz of warnings concerning malicious viruses, little attention has been paid to the use of computer viruses for beneficial purposes. The fear of malicious code is well founded. The Robert Morris Internet Worm that was released in the fall of 1988 caused a great deal of damage to the Internet. Though the author did not intend to cause damage, a bug in the program resulted in uncontrolled replication that caused the worm to run rampant [7]. Because infected systems were heavily burdened with multiple copies of the worm, non-infected systems were removed from the network to prevent infection, resulting in an excessive loss of processing time and system availability [7]. More recently, widespread publicity concerning viruses such as the Chernobyl virus has led to a negative perception of self-replicating code. This negative connotation leads laypersons and professionals alike to ignore the possibility of using self-replicating code for positive purposes. The only mention of non-damaging viruses in mainstream media encountered is a single-page article appearing in Newsweek. This article refers to using virus programs as network searching tools and briefly introduces some research being performed [8]. Even the supposedly unbiased academic literature largely ignores beneficial computer viruses. Though the concept of using virus behavior for useful purposes was proposed in the earliest documentation of computer viruses, very little published research exists. One complication is defining what a beneficial virus means. Some viruses written to be malicious can become beneficial in certain applications. For example, a malicious virus was implanted on Iraqi computers in order to damage their air defense system before the start of the Gulf War [6]. Though written to be malicious, this virus was surely seen as beneficial by allied pilots flying over Iraq. Rob Rosenberger reports conflicting opinions regarding the validity of this story and his own stance is that the story originated as an April Fool's Day joke [9]. However, the point that a harmful virus can be used for beneficial purposes remains. For the purposes of this paper, a beneficial virus will be defined as a self-replicating program that performs some task without being harmful. Despite the distrust of self-replicating computer programs, some developments have been made. The Xerox PARC Worm An early attempt to use a self-replicating program in order to perform a useful task was the Xerox PARC worm. John F. Shoch and Jon A. Hupp conducted experiments with self-replicating programs that they likened to segmented worms [10]. These programs would be divided into several segments that would execute on separate hosts which the worm found to be idle [10]. Some stipulations that Shoch and Hupp had to consider were preventing the worms from writing to the disks of other users' machines and maintaining a trust with the users whose machines would be occupied by the worms [10]. In order for their worms to work, Shoch and Hupp developed methods for communication between segments [10]. They did, however, run into some problems controlling the worms. After leaving one worm running overnight, they arrived the next morning to find that the worm had effectively crashed several hosts [10]. Even worse was the fact that some of the affected systems were physically inaccessible, and when systems were rebooted, they were quickly located by the worm and crashed again [10]. Luckily, Shoch and Hupp had placed code within the worm to have it shut down upon receiving a signal through the network [10]. This incident illustrated the necessity for careful control of such replicating programs. The worms with which Shoch and Hupp experimented performed such applications as displaying messages across the network, receiving messages to place wake-up calls for users through dial-out modems, disseminating animation computations through a network, and performing diagnostics on Ethernet systems [10]. These worms were programs that actually transmitted themselves through networks. Another replication technique was proposed in which a program would replicate by attaching itself to other programs. These programs were called computer viruses. Cohen's Original Concept Fred Cohen, who originally developed the concept of computer viruses, is the greatest proponent of beneficial virus research. In his first paper on viruses, Cohen proposed the use of viruses for compression of infected files [3]. To facilitate this, he suggests having the virus compress each executable and attach the decompression algorithm to each [3]. This would cause each program to be decompressed prior to execution of the original program [3]. Cohen mentions conducting successful tests with such a virus [3]. This example of a possible application of computer virus behavior is the most widely mentioned by other authors. However, it often proves to be the only example that other texts mention. Pfleeger repeats this concept [7] as does Bontchev [1]. However, Bontchev elaborates by attacking such use of viruses. Bontchev's Thoughts on Beneficial Viruses One of the few authors who addresses beneficial viruses, though in a negative light, is Vesselin Bontchev. Bontchev in his paper "Are 'Good' Computer Viruses Still a Bad Idea?" details twelve arguments against beneficial viruses altogether and uses these to attack several examples of beneficial viruses. Bontchev cites the following arguments against the use of viruses for beneficial purposes: 1. viruses are difficult to fully control, 2. viruses waste resources, 3. viruses are difficult to identify and remove if unwanted, 4. viruses often contain bugs, 5. viruses are not compatible with different platforms, 6. viruses cannot perform a task in a better manner than a normal program, 7. viruses alter data without user consent, 8. viruses infecting other programs can nullify technical support for those products, 9. good viruses may be used as a guise for an attacker to gain entry to a system, 10. malicious virus work may be presented as beneficial virus research to the public, 11. viruses utilize resources on users' systems without the users' knowledge or consent, 12. viruses carry with them a common negative connotation [1]. He strikes down the idea of a virus targeted at destroying malicious viruses stating that the anti-virus virus causes the same problems as the virus it's meant to attack [1]. This author disagrees with this assertion and will expound upon it later. Bontchev also makes a statement against the file-compression virus primarily based on the idea that the operating systems file system can perform the same function without having to append the decompression algorithm to each file [1]. He uses the same basis to discredit the idea of a virus that encrypts the files on a system [1]. Bontchev also takes a stand against one of Cohen's more recent propositions of a virus that performs various system administration tasks. Included in Bontchev's arguments against a maintenance virus are that its tasks could be performed by concurrent processes in memory, that its mechanisms to avoid unwanted replication (detection of a file indicating an invitation to infect) are insufficient, and that it lacks efficiency, wasting system resources [1]. In an interview, Cohen responded to Bontchev's arguments, stating that in his experiments maintenance viruses consumed few system resources [5]. He also states that the system resources required to implement the maintenance virus reflected a great decrease in the amount of human effort required [5]. Vesselin Bontchev generally attacks concepts of beneficial viruses, but he does provide his own model of a beneficial computer virus. Bontchev's model of "good viruses" is a complicated set of invitations and verifications that actually behave more like worms than viruses. This model controls the spread of viruses by requiring the system to actively invite the virus to infect and suggests establishing virus repositories to await such invitations [1]. Bontchev also recommends requiring the exchange of digital signatures between the two hosts in order to insure both that the invitation was not forged and that the virus (or worm) received is that which was requested [1]. With so many constraints, it is much easier to simply download the desired program from the host and run it. Amazingly, after completing this model of beneficial viruses, Bontchev never mentions them in a very thorough paper on future virus trends [2]. In an interview with an online magazine, Bontchev reiterates his twelve conditions that beneficial viruses must meet and states a general distrust of virus writers [11]. Despite the continuing stand by virus experts like Bontchev against development of beneficial viruses, research continues in this field. Cohen's More Recent Work Cohen published a book entitled It's Alive: The New Breed of Living Computer Programs in 1994 which provides more ideas for beneficial viruses. In order to disassociate the programs with the negative connotation of the term "virus," he refers to these programs, which behave like both viruses and worms, as "living programs." Among the new ideas he provides are living programs that perform such tasks as software distribution across networks, implementing distributed databases, and performing routine maintenance operations such as cleaning up garbage files [4]. He also provides examples of these as UNIX scripts [4]. Cohen's research is driving beneficial virus research in its current