Why Japan’s search-and-destroy cyber weapon could be a very bad idea

Why Japan's search-and-destroy cyber weapon could be a very bad idea

Good virus?According to media reports, the Japanese Defense Ministry has awarded Fujitsu a contract to develop a computer virus.

No, it’s supposedly not for attacking the computers of other countries.

At least, not yet.

But it is apparently intended to help Japan counter internet attacks which have recently stolen data on fighter jets and nuclear plants, broke into submarine manufacturing plants, and even hit its parliament.

The details of precisely how Fujitsu’s “virus” – which is being developed as part of a three year 178.5 million yen (US $2.3 million) project – would operate are very sketchy, but it appears that Japan is keen to have a tool that seeks out infected computers, hopping from PC to PC, and cleans them up.

A diagram reproduced by The Yomiuri Shimbun explains the concept of the anti-virus virus clearly enough.

Anti-virus virus

Is an anti-virus virus a good idea? Not in my opinion.

Here are some reasons off the top of my head:

  • Even a “good” virus uses system resources such as disk space, memory and CPU time. On a critical system a “good” virus could cause unexpected side effects.
  • What you do on your PC is your business, but I want a say on what programs run on mine. An out-of-control “good” virus could spread randomly or unexpectedly from machine to machine, meaning it may be hard to contain.
  • Should anti-virus software be updated to protect against the “good” viruses as well as the regular viruses, for those who want to decide what runs on their computers and what doesn’t?
  • A “good” virus may trigger false positives from security software, costing time and money as IT departments respond to the alerts.
  • All programs, including viruses, contain bugs that can have unintended and damaging consequences. If your “good virus” needs an urgent bugfix, would you release *another* virus to try and catch it up?

There have been a few attempts in the past to create “good” viruses. The Cruncher virus, for instance, was designed to save disk space by compressing files, and Mark Ludwig’s KOH virus tried to win the title of a “good virus” by encrypting hard drive data. And we’ve even seen malware that is designed to find child abuse images and report its discoveries to the authorities.

But the simple truth is that none of them have needed to be viral to deliver their positive benefit.

And, similarly, I suspect that the Japanese don’t need to develop viral code to fight a malware infection. Anything which can be done by viral code can be done – with less headaches – by non-replicating software.

When you’re trying to gather digital forensic evidence as to what has broken into your network, and what data it may have stolen, it’s probably not wise to let loose a program that starts to trample over your hard drives, making changes.

Back in the 1990s, veteran anti-virus researcher Vesselin Bontchev wrote a lengthy paper about the subject of viruses being used to fight viruses, and whether it was an idea worth pursuing: “Are ‘Good’ Computer Viruses Still a Bad Idea?”.

You might also like to read what fellow Naked Security writer Paul Ducklin had to say back in 2005, when he penned a humorous hypothetical dialogue between a gung-ho youngster and a security old-timer, in which the latter explains why good viruses are a bad idea.