The general consensus is that there are no good viruses.
Most researchers, however, take the other side and argue that the use of self-replicating programs are never necessary; the task that needs to be performed can just as easily be done without the replication function.
Vesselin Bontchev has written a paper originally delivered at the 1994 EICAR conference, titled Are “Good” Computer Viruses Still a Bad Idea?. The paper covers all aspects of the topic. As of this writing, the paper is available at:
ftp://ftp.informatik.uni-hamburg.de/pub/virus/texts/viruses/goodvir.zip
Lest you think others have not been thinking about this, here are some of the proposals (from the above-referenced paper) for a good virus that have not worked out:
- The “Anti-Virus” Virus. Several people have had the idea to develop an “anti-virus” virus; a virus which would be able to locate other (presumably malicious) computer viruses and remove them.
- The “File Compressor” Virus. This is one of the oldest ideas for “beneficial” viruses. The idea consists of creating a self-replicating program, which will compress the files it infects, before attaching itself to them.
- The “Disk Encryptor” Virus. This virus has been published. The idea is to write a boot sector virus, which encrypts the disks it infects with a strong encryption algorithm (IDEA in this particular case) and a user-supplied password to ensure the privacy of the user’s data.
- The “Maintenance” Virus. The idea consists of a self-contained program, which spawns copies of itself across the different machines in a network (thus acting more like a worm) and performing some maintenance tasks on those machines (like deleting temporary files).
All of the above viruses fail one or more of the standard measures typically used to judge if a virus is “good” or not. These are (again, from the above-referenced paper):
- Technical Reasons
- Lack of Control. Once released, the person who has released a computer virus has no control on how this virus will spread.
- Recognition Difficulty. In general it is not always possible to distinguish between a virus and a non-virus program. There is no reason to think that distinguishing between “good” and “bad” viruses will be much easier. Many people are relying on generic anti-virus defenses (e.g., activity monitoring and/or integrity checking) which will trigger a response to changes.
- Resource Wasting. A computer virus eats up disk space, CPU time, and memory resources during its replication.
- Bug Containment. A computer virus can easily escape a controlled environment.
- Compatibility Problems. A computer virus that attaches itself to user programs would disable several programs on the market that perform a checksum on themselves at runtime.
- Ethical and Legal Reasons
- Unauthorized Data Modification. It is usually considered unethical to modify other people’s data without their authorization. In many countries this is also illegal.
- Copyright and Ownership Problems. In many cases, modifying a particular program could mean that copyright, ownership, or at least technical support rights for this program are voided.
- Possible Misuse. An attacker could use a “good” virus as a means of transportation to penetrate a system.
- Responsibility. Declaring some viruses as “good” and “beneficial” would just provide an excuse to the crowd of irresponsible virus writers to condone their activities and to claim that they are actually doing some kind of “research.”
- Psychological Reasons
- Trust Problems. Users like to think that they have full control on what is happening in their machine.
- Negative Common Meaning. For most people, the word “computer virus” is already loaded with negative meaning.
Summary
- While frequently discussed, the general consensus is that there is no task that requires a virus.
Introduction to Viruses | |
How Serious are Viruses? | Why Do People Write Viruses? |
Comments from Original Post:
Just David
Said this on 2011-09-24 At 04:12 pm
Microsoft, Google, and many other popular computing corporations now employ automatic updaters. How does this functionally differ from a virus?
[Biggest difference is that you know they are doing it and have approved it as all such updaters I’ve seen give you the opportunity to decline or have a setting where you can decline and even if they don’t, it’s know that the function is there. With malware not having you know is one of the prime goals. –DaBoss]
#3
Winst0n
Said this on 2011-12-12 At 05:31 pm
In reply to #2
“Biggest difference is that you know they are doing it…” – This is not always completely true. Take Windows Update – unless the user specifically configures it otherwise, it will download updates without the user’s permission or even knowledge, and only inform the user of its activities AFTER things have been downloaded! So the analogy is partially correct, IMHO at least.
[Since Windows Update is built into Windows and does not propagate it really can’t be classified as a virus, good or bad. –DaBoss]