The Latest in IT Security

Why Japan’s search-and-destroy cyber weapon could be a very bad idea


Good virus?According to media reports, the Japanese Defense Ministry has awarded Fujitsu a contract to develop a computer virus.

No, it’s supposedly not for attacking the computers of other countries.

At least, not yet.

But it is apparently intended to help Japan counter internet attacks which have recently stolen data on fighter jets and nuclear plants, broke into submarine manufacturing plants, and even hit its parliament.

The details of precisely how Fujitsu’s “virus” – which is being developed as part of a three year 178.5 million yen (US $2.3 million) project – would operate are very sketchy, but it appears that Japan is keen to have a tool that seeks out infected computers, hopping from PC to PC, and cleans them up.

A diagram reproduced by The Yomiuri Shimbun explains the concept of the anti-virus virus clearly enough.

Anti-virus virus

Is an anti-virus virus a good idea? Not in my opinion.

Here are some reasons off the top of my head:

  • Even a “good” virus uses system resources such as disk space, memory and CPU time. On a critical system a “good” virus could cause unexpected side effects.
  • What you do on your PC is your business, but I want a say on what programs run on mine. An out-of-control “good” virus could spread randomly or unexpectedly from machine to machine, meaning it may be hard to contain.
  • Should anti-virus software be updated to protect against the “good” viruses as well as the regular viruses, for those who want to decide what runs on their computers and what doesn’t?
  • A “good” virus may trigger false positives from security software, costing time and money as IT departments respond to the alerts.
  • All programs, including viruses, contain bugs that can have unintended and damaging consequences. If your “good virus” needs an urgent bugfix, would you release *another* virus to try and catch it up?

There have been a few attempts in the past to create “good” viruses. The Cruncher virus, for instance, was designed to save disk space by compressing files, and Mark Ludwig’s KOH virus tried to win the title of a “good virus” by encrypting hard drive data. And we’ve even seen malware that is designed to find child abuse images and report its discoveries to the authorities.

But the simple truth is that none of them have needed to be viral to deliver their positive benefit.

And, similarly, I suspect that the Japanese don’t need to develop viral code to fight a malware infection. Anything which can be done by viral code can be done – with less headaches – by non-replicating software.

When you’re trying to gather digital forensic evidence as to what has broken into your network, and what data it may have stolen, it’s probably not wise to let loose a program that starts to trample over your hard drives, making changes.

Veteran anti-virus researcher Vesselin Bontchev put together the definitive paper detailing the problem of “good viruses” which is well worth a read in readiness for the next time someone comes up with this old flawed idea: “Are ‘Good’ Computer Viruses Still a Bad Idea?”.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments