home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker 2
/
HACKER2.mdf
/
cud
/
cud521d.txt
< prev
next >
Wrap
Text File
|
1995-01-03
|
10KB
|
235 lines
Date: Wed, 3 Mar 1993 23:04:03 +0100 (MET)
From: bontchev@INFORMATIK.UNI-HAMBURG.DE(Vesselin Bontchev)
Subject: File 4--comments on proposed virus writing contest
(Bontchev)
Mark Ludwig's virus writing contest is yet another attempt to
incite
the creation of computer viruses that hides behind seemingly
legitimate reasons. Just like his book and newsletter, which hide
behind the right of the US citizens of freedom of expression, the
"legitimate" reasons of the contest fall apart, if you look
carefully
at them.
Let's consider some questions which naturally arise when reading a
proposal like that.
What are the values/dangers of such contests?
In the beginning of the proposal, the author boasts that he needs
the
virus for the second volume of his book, which will discuss "the
scientific applications of computer viruses, and their use in
artificial life research". However, actually the contest it for
writing the shortest possible non-overwriting MS-DOS COM file
infector. What does this have in common with artificial life? What
are
the scientific applications of such a silly (but small) virus? And
what does all this have to do with "research" in general? Actually,
it
is nothing more than a contest to hack the smallest program that
performs given actions - nothing more. In fact, the author even
addresses the potential participants of the contest as "hackers",
not
as researchers or scientists. And indeed, the goal of the contest
has
nothing to do with scientific research.
The result of this contest is easily predictable. A few hundreds of
kids will write hundreds of smart, not so smart, and completely
buggy
viruses. One of them will win the $100 prize. The others will have
to
decide what to do with the viruses in their disposition that have
not
won the contest. In all probability, they will upload them to the
nearest virus exchange BBS, where other irresponsible people will
be
able to download and spread them further. "K00l dudez, I've got one
of
the participants in Mark Ludwig's contest for you"...
The winner of the contest will have his name, or more probably, his
handle, mentioned in the book, which will stimulate his ego and
incite
hundreds of others to imitate him and to create more viruses.
Of course, all those viruses will end up in the hands of the
anti-virus researchers, who will have to update their scanners to
be
able to recognize them, just in case some of them accidentally
"escapes". And, since most of those researchers don't work for
free,
the users of their anti-virus programs will have to pay for yet
another update.
Who wins of all that? Mr. Mark Ludwig sells a new volume of his
book,
a few irresponsible kids get their ego teased, a few anti-virus
researchers spend a few nights to disassemble silly viruses, and
all
of you have to pay - pay for updates of your scanners, pay for the
data and time lost in an outbreak of a silly and buggy virus, and
so
on. Indeed, what a service does Mr. Mark Ludwig to the society!
In fact, the outcome of the first volume of his book already proves
that the above reasoning is correct. There are already at least 7
different variants of the silly Timid virus, published in the
book...
How do we distinguish between "benign" and "malevolent" virus
writers?
Some people like to speak about the possibility to develop "benign"
and even "beneficial" viruses and about how much this kind of
research
will make our life easier. In fact, all that began with Dr. Fred
Cohen
and his papers on the subject. Dr. Cohen means something very
particular, something that most people will never call a virus.
Unfortunately, in his papers he tends to use formulae, instead of
easily understandable language, so it is no wonder that many people
are misunderstanding him.
I cannot decide whether Mr. Mark Ludwig has indeed misunderstood
Dr.
Cohen's ideas, or if he intentionally misuses the general
misunderstanding of the subject, in order to masquerade his virus
writing contest as something legitimate. However, fact is, that
what
he proposes has nothing to do with Dr. Cohen's ideas for beneficial
viruses, will have absolutely no positive value, and will rise yet
another wave of stupid viruses written across the world.
Actually, there is no such thing as "benign" or even
"non-destructive"
virus, as Mr. Mark Ludwig seems to understand it. The virus that is
proposed in his contest will infect real, executable programs. The
author of the virus has absolutely no way to know how will his
virus
behave in some situations. In fact, it may turn to be even highly
destructive in some of these situations.
Just an example. One of the first versions of Microsoft Word (1.0,
I
think) used to checksum itself, and, if the checksum didn't match,
displayed a message on the screen (something like "The tree of evil
has bitter fruits; crime does not pay") and trashes the current
disk.
Obviously, if it becomes infected with the virus described in the
contest, this destructive code will trigger - with sad
consequences.
Several other self-checking programs will not react that violently,
but will simply refuse to run when infected. Thus, the virus will
be
guilty for denial of services - maybe lost time, money, business...
Even worse, the virus author is not able to predict the future, so
he
has no way to know how his virus will behave in situations that
simply
don't exist yet. Maybe it will turn out to be highly destructive -
recall what the "benign" Stoned virus does with high-capacity
floppies
that have been simply not available at the time it has been
written...
Is there any educational value in those contests?
Mr. Mark Ludwig claims to write his book for educational reasons.
But
what does actually he teach his readers? How to write viruses? Even
if
we leave alone the doubtful value of this knowledge, there are
already
a few books and many more electronic articles, circulating in the
underground, that teach exactly that.
Maybe he wants to teach his readers to write good assembly language
programs? But, at least his first book, does not discuss the good
programming practices at all, and in fact contains many samples of
sloppy and clumsy code.
So, maybe he wants to teach his readers about the top technology
employed by viruses to bypass the different security systems? Even
this is not true - he does not address such modern concepts as
armouring, polymorphism, slow viruses, fast infectors,
multi-partite
viruses, or even fully stealth file infectors... For instance,
nowhere
in the book there is a discussion of the different kinds of attacks
that can be employed by viral programs to circumvent discretional
access controls, integrity-based systems, and so on. All we see is
a
bunch of silly MS-DOS viruses that barely work.
This rises yet another question - are the virus writers able to
teach
the security specialists to something that the latter don't know
already? Many virus writers sincerely believe that; for instance
Mark
Washburn has written his V2Px series of viruses, in order to
"prove"
that scanning is unreliable virus defense.
However, it turns out that in all cases the security specialists
are
aware of the problems since a long time. Even the concept of a
computer virus and the difficulties connected with its detection
and
prevention have been first invented by a security specialist - Dr.
Fred Cohen, not by John Random Virus Writer... In all cases when
the
virus writers have come up with something new and original, the
security specialists have thought about it since a long time, but
have
been ethical enough to only discuss it in closed circles, instead
of
implementing it and releasing it to damage other people's data...
At last, one could ask the question whether Mr. Ludwig's contest is
legal. In the text he boasts it as an "international" contest.
However, this demonstrates an amazing ignorance of the local law in
some countries. Participating the contest and writing viruses for
it
may be illegal in some countries, as the recent arrests of the ARCV
virus writing group in the UK have proven. Freedom of expression is
a
wonderful right, but Mr. Ludwig should be aware that the US
constitution does not apply to the whole Universe and thus, some
things allowed by it might be illegal in some other countries.
Therefore, anybody who decides to participate Mr. Ludwig's contest,
is
strongly advised to consult a local lawyer. Of course, it would be
much better to ponder a bit how unethical the whole thing is and to
refuse to participate the contest at all...
But maybe Mr. Ludwig is not that ignorant, after all. The text of
the
contest encourages the participants to use handles and other forms
of
anonymity. Maybe this is because Mr. Ludwig understands that those
people might be hold legally responsible in some countries for such
activities? In this case, his contest is nothing more than an
incitement to commit a crime (in those countries where virus
writing
is considered illegal). I wonder whether some of them have
extradition treaties with the USA...
Regards,
Vesselin
--
Vesselin Vladimirov Bontchev Virus Test Center, University
of Hamburg
Tel.:+49-40-54715-224, Fax: +49-40-54715-226 Fachbereich
Informatik - AGN
< PGP 2.1 public key available on request. > Vogt-Koelln-Strasse
30, rm. 107 C
e-mail: bontchev@fbihh.informatik.uni-hamburg.de D-2000 Hamburg
54, Germany
Downloaded From P-80 International Information Systems 304-744-2253