Viruses (and other unspoken secrets of the Jedi)

[Omega]

A little off topic, but I have heard of a virus that was helpful before. iirc it installed itself silently on a users computer to attempt to undo and fix their computer by getting rid of another (harmful) virus automatically. I dont remember the name atm, I'll need to search for it again..

It depends on how it got there, but if it was host-free then it wasn't a virus. Probably an IE Exploit or packed with something else downloadable. Anyway, the reason it wouldn't be a virus is because it probably lived outside another process. Just because its payload was aggressive and it got there without consent does not mean it was a virus. It must become a part of another process in order to become a virus. Just like in nature a virus injects cells with parts of its own DNA to infect the cell (AIDS), the same is with computers and what we know as a computer virus. Keeping in mind that there were once boot sector viruses (a little different than what we are use to today) but that kind of died out after NTFS because of the way it boots and its added security on the hdd.

I think what you are talking about is actually a windowless process installed by means of exploit or it was packed with something else by a group of virus writers having a fight. I assume it just went around tagging clean files and removing or cleaning bad files infected by the other virus. Unless it also wrote itself to the files then it was not a virus, even after tagging the file IMHO. Normally viruses are very bad and are often quite harmful rather than helpful. Plus, like I said they are boring to write. Now something cool to write is packet sniffers (WinPcap), switch sniffers (ARP Poisoning); things involving reconnaissance. Both challenging and quite interesting. haha

[cr2]

hmmmmmmmm....................

I wouldn't consider ANY virus "good" at all. First of all, viruses enter a computer without the knowledge of the user, and preform actions (usually) without the users consent. In addition, ANY virus would also take up system resources such as disk space as any normal program would. That would be, again, without the users consent. And what if it asked for permission before preforming its task? That would STILL be a nightmare! Just think of all the messages you would get! Most people can stand manually downloading updates or installing antivirus software themselves, as most of them already do. I wouldn't suggest to try at all to write a virus, no matter what your intentions may be.

In effect, I'd call any virus "malware".

*** EDIT 01: fixed typo

[cr2]

A useful virus could, maybe, clean up old, broken, unnecessary files on it's host?

That is illegal in some countries. Not a good idea.

[piranha]

That is illegal in some countries.

Since when has something being illegal ever stopped someone?

-JL

[Combuster]

and does "some countries" include "this country"?

[Omega]

How is a process that cleans up broken files a virus anyway? And why would it be illegal if I the user put it there, maybe even wrote it? I am not calling the police on myself, that's for sure. Again, a virus is a piece of executable code inside an executable binary file. If it is outside a host it is something else, so just call it malware, but certainly not a virus.

[piranha]

Again, a virus is a piece of executable code inside an executable binary file.

So every executable is a virus?

-JL

[Omega]

[sarcastic approach]
Yeah every executable... watch out for notepad it is really a worm. Hit save and it just creates files.. very fishy indeed.

[serious approach]
No sire, not ever executable is a virus, just the ones that have been injected with arbitrary code. The arbitrary code itself is the virus, the executable is the host! For example, you and I use the same PC at work (in shifts). We use the same account because you and I are special. Well, after time it turns out that I don't like the stupid wallpaper that you constantly insist on putting on my desktop everyday (kittens), so I go home one night and bang out a small program that hooks the system and embeds itself in every application you touch. Its payload forces the application to jump out of bounds and you crash and burn, over and over and over again until it causes a BSOD (maybe after 20 minutes of abuse). Oh and it erases itself upon termination, so when you call the tech guy to fix you up you'll just look crazy.

That'll teach you to put kittens on my desktop.

[piranha]

I was only pointing out that your definition is flawed.

-JL

[Omega]

Its cool, I was only kidding. I assumed you were just being fancy.

[Solar]

Well... I don't care much for the distinction between virus, worm, or whatever.

If it got on my system without my knowledge and expressed permission, I consider it malware. Yes, that includes quite some of Microsoft's "trickier" stuff.

[fingerprint211b]

Well, while reading what you guys wrote I came to a conclusion :
A virus that does good can not be a virus by definition.
If it still is, it does more bad than good.
You've got to agree that a virus that 'fixes' files, even if it fits the definition, is still far less effective than say... an anti-virus, and is rather wasteful with system resources...

[Omega]

Well you don't typically ever see a 'good' virus in the wild. If it was made to seek other viruses and eliminate them, it is not for your own good as it may seem, instead the result would be nothing more than a product of two rivaling virus writers. So, even those kind of virus are not good by definition. As stated before, one legit way to use the virus technique for good reasons is to cache everything and have the virus act as a loader, but still the slow performance with large files would prove to be more damaging than good. My point being that there is no good reason to use a virus because of its potential to permanently damage the attributes of the system and impact on system performance. They are boring to write, but fun to analyze and defeat.

I think the real fun is not in hacking, but in anti-hacking because you need to know more, so you get to learn more. I rather sample a system that has been compromised or better yet a system used to compromise another system to collect evidence and to build a contiguous time line of events. During this time I have the chance to help people who have been violated, fulfill my sick desire to spy on people, and actually get paid for it all in one swoop, so win-win.

[Zenith]

I think that 'malware' should refer to any program that executes without the user's consent, or intentionally acts in a way that it shouldn't. Period.

It doesn't matter if the virus will kill all the other viruses on your system, or that trojan helps speed up your internet connection, etc. If you, as the user of a computer, has not allowed this application to run, then by all means, it shouldn't.

Good intentions are fine, but doing it behind someone's back isn't. And bad intentions are even worse.

Just my two cents.

[inflater]

Did you knew that One Half was originally a Slovak virus?
http://www.ciac.org/ciac/bulletins/e-34.shtml

As far as I heard stories about this virus, it reached even the US? Wow.. for the time being