GCN LAB IMPRESSIONS
Why not a stealth virus that only does good?
- By John Breeden II
- Jun 15, 2011
I was watching the movie “I Am Legend” the other day with its interesting take on the zombie apocalypse. In the movie, the government comes up with a good virus that prevents all negative viruses from harming a person. No more sickness is a huge draw, and most of the population line up to get injected. Everything is fine until years later when people infected by the good virus turn into zombies.
This is all told via back story while Will Smith’s character, a government scientist who worked on the project, tries to find a cure in the middle of an overrun New York City. Luckily for him, the zombies can’t come out during the day, so he’s got some room to work.
Although it didn’t end that great for the humans in the movie, I was thinking that the same technique might do just fine for computers.
Consider that most people who get infected by a computer virus these days either don’t have any anti-virus software or don’t have the latest profiles for the protection they do install(as in they have not updated their profiles in months, or ever). Or the infected are servers without the latest security patches, which happens a lot.
So many people have come to me personally after an infection and needed help, that I’ve become adept at post-infection healing. But it’s hard to do. One person had more than 300 viruses and 150 pieces of spyware running on their laptop. Even my go-to tool, Malwarebytes, had trouble with that one. And most modern viruses resist AV-software and can stop it from working once they’ve gained a foothold. I often use Malwarebytes just to create a path for AV software to install.
I don’t know why people run their computers without even the most basic anti-virus protection. There are even completely free programs out there, like AVG Free that cost nothing and work well. But for some reason, people don’t use them, and that more than anything else helps to foster the global virus blooms we see from time to time. When those make the nightly news, it’s far too late to combat them.
So I’ve started working on a secret project, one I’ll probably never finish, but one that I think would really help the world: a good computer virus.
This as-yet unnamed program (I might call it White Knight) would be a self-replicating stealth virus that would only affect computers without virus protection. Once installed, it would protect the registry, the root directory and the memory from other viruses. It would also prevent common attacks like stack overflows from happening. The only difference between it and standard heuristics-based protection is that a user would not be aware that it’s been installed.
So here is what White Knight will do:
- Self replicate through e-mail, social network sites and instant messaging.
- Hide its presence from a user.
- Fight against and protect computers from any harmful malware that tries to install itself.
- Send up a flare to any system running any form of antivirus (known signatures could be programmed) so that it won’t install on any system with antivirus protection and will identify itself and volunteer to be deleted by any anti-virus scan.
The No. 4 goal would slow down its replication around the world, but White Knight would only be interested in installing on systems where no protection exists. Anti-virus companies could even be given the code so that they could protect against it.
Now, for legal reasons, I have to stress that I am not planning on finishing this project, or at least never plan to release it into the wild.
But what do you think? Is such a program viable? Would it make a difference in the world, or would it be destined to betray us and turn New York City into a zombie-filled wasteland?