During the past six years, computer viruses have caused unaccountable amount of damage – mostly due to loss of time and resources. For most users, the term “computer virus” is a synonym of the worst nightmares that can happen on their system. Yet some well-known researchers keep insisting that it is possible to use the replication mechanism of the viral programs for some useful and beneficial purposes. This paper is an attempt to summarize why exactly the general public appreciates computer viruses as something inherently bad.
It is also considering several of he proposed models of “beneficial” viruses and points out the problems in them. A set of conditions is listed, which every virus that claims to be beneficial must conform to. At last, a realistic model using replication techniques for beneficial purposes is proposed and directions are given in which this technique can be improved further. The paper also demonstrates that the main reason for the conflict between those supporting the idea of a “beneficial virus” and those opposing it, is that the two sides are assuming a different definition of what a computer virus is.
The general public usually associates the term “computer virus” with a small, nasty program, which aims to destroy the information on their machines. As usual, the general public’s understanding of the term is incorrect. There are many kinds of destructive or otherwise malicious computer programs and computer viruses are only one of them. Such programs include backdoors, logic bombs, trojan horses and so on [Bontchev94]. Furthermore, many computer viruses are not intentionally destructive – they simply display a message, play a tune, or even do nothing noticeable at all.
The important thing, however, is that even those ot intentionally destructive viruses are not harmless – they are causing a lot of damage in the sense of time, money and resources spent to remove them – because they are generally unwanted and the user wishes to get rid of them. A much more precise and scientific definition of the term “computer virus” has been proposed by Dr. Fred Cohen in his paper [Cohen84]. This definition is mathematical – it defines the computer virus as a sequence of symbols on the tape of a Turing Machine.
The definition is rather difficult to express exactly in a human language, but an approximate interpretation is that a computer virus s a “program that is able to infect other programs by modifying them to include a possibly evolved copy of itself”. Unfortunately, there are several problems with this definition. One of them is that it does not mention the possibility of a virus to infect a program without modifying it – by inserting itself in the execution path. Some typical examples are the boot sector viruses and the companion viruses [Bontchev94].
However, this is a flaw only of the human-language expression of the definition – the mathematical expression defines the terms “program” and “modify” in a way that clearly includes the kinds of viruses mentioned above. A second problem with the above definition is its lack of recursiveness. That is, it does not specify that after infecting a program, a virus should be able to replicate further, using the infected program as a host. Another, much more serious problem with Dr.
Cohen’s definition is that it is too broad to be useful for practical purposes. In fact, his definition classifies as “computer viruses” even such cases as a compiler which is compiling its own source, a file manager which is used to copy itself, and even the program DISKCOPY when it is on diskette containing the operating system – because it can e used to produce an exact copy of the programs on this diskette. In order to understand the reason of the above problem, we should pay attention to the goal for which Dr.
Cohen’s definition has been developed. His goal has been to prove several interesting theorems about the computational aspects of computer viruses [Cohen89]. In order to do this, he had to develop a mathematical (formal) model of the computer virus. For this purpose, one needs a mathematical model of the computer. One of the most commonly used models is the Turing Machine (TM). Indeed, there are a few others (e. g. the Markoff chains, the Post Machine, etc. ), but they are not as convenient as the TM and all of them are proven to be equivalent to it.
Unfortunately, in the environment of the TM model, we cannot speak about “programs” which modify “other programs” – simply because a TM has only one, single program – the contents of the tape of that TM. That’s why Cohen’s model of a computer virus considers the history of the states of the tape of the TM. If a sequence of symbols on this tape appears at a later moment somewhere else on the tape, then this sequence of symbols is said to be a computer virus for his particular TM.
It is important to note that a computer virus should be always considered as related to some given computing environment – a particular TM. It can be proven ([Cohen89]) that for any particular TM there exists a sequences of symbols which is a virus for that particular TM. Finally, the technical computer experts usually use definitions for the term “computer virus”, which are less precise than Dr. Cohen’s model, while in the same time being much more useful for practical reasons and still being much more correct than the general public’s vague understanding of the term.
One of the best such definitions is ([Seborg]): “We define a computer ‘virus’ as a self-replicating program that can ‘infect’ other programs by modifying them or their environment such that a call to an ‘infected’ program implies a call to a possibly evolved, and in most cases, functionally similar copy of the ‘virus’. ” The important thing to note is that a computer virus is a program that is able to replicate by itself. The definition does not specify explicitly that it is a malicious program. Also, a program that does not replicate is not a virus, regardless of whether it is malicious or not.
Therefore the maliciousness is neither a necessary, nor a sufficient property for a program to be a computer virus. Nevertheless, in the past ten years a huge number of intentionally or non intentionally destructive computer viruses have caused an unaccountable amount of damage – mostly due to loss of time, money, and resources to eradicate them – because in all cases they have been unwanted. Some damage has also been caused by a direct loss of valuable information due to an intentionally destructive payload of some viruses, but this loss is relatively minor when compared to the ain one.
Lastly, a third, indirect kind of damage is caused to the society – many users are forced to spend money on buying and time on installing and using several kinds of anti-virus protection. Does all this mean that computer viruses can be only harmful? Intuitively, computer viruses are just a kind of technology. As with any other kind of technology, they are ethically neutral – they are neither “bad” nor “good” – it is the purposes that people use them for that can be “bad” or “good”. So far they have been used mostly for bad purposes.
It is therefore natural to ask the uestion whether it is possible to use this kind of technology for good purposes. Indeed, several people have asked this question – with Dr. Cohen being one of the most active proponents of the idea [Cohen91]. Some less qualified people have attempted even to implement the idea, but have failed miserably (see section 3). It is natural to ask – why? Let’s consider the reasons why the idea of a “good” virus is usually rejected by the general public. In order to do this, we shall consider why people think that a computer virus is always harmful and cannot be used for beneficial purposes.