Why Japan's search-and-destroy cyber weapon could be a very bad idea

Filed Under: Featured, Malware

Good virus?According to media reports, the Japanese Defense Ministry has awarded Fujitsu a contract to develop a computer virus.

No, it's supposedly not for attacking the computers of other countries.

At least, not yet.

But it is apparently intended to help Japan counter internet attacks which have recently stolen data on fighter jets and nuclear plants, broke into submarine manufacturing plants, and even hit its parliament.

The details of precisely how Fujitsu's "virus" - which is being developed as part of a three year 178.5 million yen (US $2.3 million) project - would operate are very sketchy, but it appears that Japan is keen to have a tool that seeks out infected computers, hopping from PC to PC, and cleans them up.

A diagram reproduced by The Yomiuri Shimbun explains the concept of the anti-virus virus clearly enough.

Anti-virus virus

Is an anti-virus virus a good idea? Not in my opinion.

Here are some reasons off the top of my head:

  • Even a "good" virus uses system resources such as disk space, memory and CPU time. On a critical system a "good" virus could cause unexpected side effects.
  • What you do on your PC is your business, but I want a say on what programs run on mine. An out-of-control "good" virus could spread randomly or unexpectedly from machine to machine, meaning it may be hard to contain.
  • Should anti-virus software be updated to protect against the "good" viruses as well as the regular viruses, for those who want to decide what runs on their computers and what doesn't?
  • A "good" virus may trigger false positives from security software, costing time and money as IT departments respond to the alerts.
  • All programs, including viruses, contain bugs that can have unintended and damaging consequences. If your "good virus" needs an urgent bugfix, would you release *another* virus to try and catch it up?

There have been a few attempts in the past to create "good" viruses. The Cruncher virus, for instance, was designed to save disk space by compressing files, and Mark Ludwig's KOH virus tried to win the title of a "good virus" by encrypting hard drive data. And we've even seen malware that is designed to find child abuse images and report its discoveries to the authorities.

But the simple truth is that none of them have needed to be viral to deliver their positive benefit.

And, similarly, I suspect that the Japanese don't need to develop viral code to fight a malware infection. Anything which can be done by viral code can be done - with less headaches - by non-replicating software.

When you're trying to gather digital forensic evidence as to what has broken into your network, and what data it may have stolen, it's probably not wise to let loose a program that starts to trample over your hard drives, making changes.

Back in the 1990s, veteran anti-virus researcher Vesselin Bontchev wrote a lengthy paper about the subject of viruses being used to fight viruses, and whether it was an idea worth pursuing: "Are 'Good' Computer Viruses Still a Bad Idea?".

You might also like to read what fellow Naked Security writer Paul Ducklin had to say back in 2005, when he penned a humorous hypothetical dialogue between a gung-ho youngster and a security old-timer, in which the latter explains why good viruses are a bad idea.

, , ,

You might like

4 Responses to Why Japan's search-and-destroy cyber weapon could be a very bad idea

  1. Fred Sagen · 1373 days ago

    Another sound reason to doubt the wisdom of releasing a "good" virus is that it may be captured, isolated and analysed by the bad guys, who could incorporate their own payload thereby giving them more armaments for their armory.

  2. Dan · 1373 days ago

    Worried about false positives? Even Sopho's own antivirus software already has false positives from time to time. I've seen it first hand.

  3. JoopaJoo · 1372 days ago

    "What you do on your PC is your business, but I want a say on what programs run on mine." -> how many users knows what is installed and running at their computers??? 0.01% all pc users may be?

  4. Michael · 1372 days ago

    Yes, I agree it's quite a bad idea in principle, and that anti-malware systems should certainly protect against it. But if PCs are really that open to infection because the owners can't be bothered, they're basically fair game for whatever comes along.
    This 'good virus' is just another virus among countless others, and I doubt it's going to be any more effective.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley