OSDev.org

First of all, I'd like to say that this thread is not intended for discussing malware, or ways to harm people/computers or data. I created this thread in order to discuss techniques of programming involved, such as metamorphic code, encryption algorithms etc. We should discuss viruses as software capable of self-multiplication (and sometimes 'evolution'). This is for educational purposes only!

For some reason, speaking of viruses and techniques of creating them is a taboo (probably because most of them carry a malicious payload ready to destroy everything and become a potential chronic pain-in-the-a**) which is a shame, really. I find viruses and the way people write them fascinating. Most of viruses are, of course, written in assembly, and writing self-reproducing (and/or poly/metamorphic for instance) code in assembly is no easy task. This is an excellent way (in my opinion) of getting to know assembly, however one can barely imagine creating a virus for anything else than being an above mentioned chronic disease, which is (again) a shame.
Thinking of the fact that most of human's inventions (including software) is based on or inspired by things nature already created, you can see how viruses came to be known as viruses. They do the exact same thing :
1. Enter a cell (the computer)
2. Find DNA (executable files, some other data)
3. Modify it
4. Reproduce
5. Mutate
However, there are useful viruses in nature, so there must be a way that computer viruses (again I speak of them as of programs capable of self-reproduction) can be put to a good use (I admit, nothing comes to mind, right now )
So, basically I opened this thread to see your opinions on the 'good viruses' (and what they might be good for) and for sharing knowledge (and useful links) about commonly used techniques.

Here are some links to what Wikipedia has to say. If nothing else, they are useful as a reference for terminology

http://en.wikipedia.org/wiki/Computer_virus
http://en.wikipedia.org/wiki/Self-modifying_code
http://en.wikipedia.org/wiki/Metamorphic_code
http://en.wikipedia.org/wiki/Polymorphic_code

(I'm sorry if my English is a bit rusty-it's not my native language)

I've always found viruses as fascinating as well, if no reason other than the fact that it is one of the higher levels of knowledge of computer operation and programming.

I agree that it's a little sad that virus creation discussion is black listed, since it is one more way to learn about computer operation and programming. Probably not the best way to learn assembly, but one way to definitely increase your knowledge. If nothing else, you can't hope to retaliate against viruses if you don't know how they work.

Virus programming is something that I've always wanted to know how to do (and have at least learned the theoretical function thereof), if for no other reason than to say I know how. I suspect that this is how many viruses are written, but certainly not the more potent and successful ones. Naturally, I'd never write one that caused real damage, nor would I ever let it do anything but mess with my own computer. Never let it roam the wild internet unattended, as if I could write such a piece of software.

The concept of a benevolent virus isn't new, really, but I suspect you knew that already.

Anyway, I believe that these sorts of viruses generally cause too much trouble themselves to be worth the hassle. There have been viruses written that eliminated other viruses and / or compromised a system's security in order to download a fix that allowed it to break in in the first place. Trouble is, with that latter virus, it ended up eating up a lot of network bandwidth and caused more trouble than it was worth.

Realistically, I guess things like anti-virus software should be completely separate from the things it targets. Probably not really practical to make something truly helpful in virus form.

I like the study of viruses, as I think that they are really interesting...Actually making a malicious bad angry virus I don't like. If it's funny (i.e. Displays a funny message, and sends itself to everyone you connect to, but either destroys itself or does nothing else) then I think that it's perfectly fine.

If virus should be illegal or bad only if what it does is bad.

A useful virus could, maybe, clean up old, broken, unnecessary files on it's host? I don't know.

-JL

If it's useful, why does it need to be a virus?

Dr. Norton has shown us that people are willing to shell out cash for even mediocre system maintenance software, so surely anything that actually works would catch on like wildfire.

I have also study virus, in the window environment they are so easy to code its untrue. and i think theres a case for good virus.
I also believe and i mean this that it is ever ASM coder duty to make the ultimate VIRUS that on there death, the virus is released and lets the none geeks, know of the great passing (so it will not effect linux, bsd or hobby OS) .

What about a virus that delivered the top 20 songs to your PC each mouth, or a bot army that fights bots, and makes them useless.

And what about *****n ant-virus software, that when you have a mouth to go, change your desktop background to blue and has bug crawling over the screen and posts a massage about renewing you ant-virus software.
I have seen this happan to friends PC, that where all the virus come from.
We have all seen the film "The Net"

My vision of a virus is something like: "an unknown, unstrusted software blob that exists somewhere on the internet, and it downloads itself onto your computer and runs."

To that extent, Java is a programming language expressly created for the purpose of creating virii, and every piece of java that downloads itself from the web to run on your machine is a virus. By your definition, it is even a "good" virus. You want to know what a good virus would look like? Look at all the javascripts that your browser runs.

All the polymorphic stuff is simply an attempt to evade OS security. That is, by definition, bad.

bewing wrote:My vision of a virus is something like: "an unknown, unstrusted software blob that exists somewhere on the internet, and it downloads itself onto your computer and runs."

To that extent, Java is a programming language expressly created for the purpose of creating virii, and every piece of java that downloads itself from the web to run on your machine is a virus. By your definition, it is even a "good" virus. You want to know what a good virus would look like? Look at all the javascripts that your browser runs.

All the polymorphic stuff is simply an attempt to evade OS security. That is, by definition, bad.

I find your opinion rather interesting (and true). I never thought of javascripts as viruses, but they do (loosely) fit the definition.

Furthermore, one of viruses' natural ability is to mutate in order to survive and spread. Take for example the most common virus - Orthomyxoviridae, the flu family. They are bad for humans (and other mammals) and have mutated into millions of different strains however most of these strains are killed by a common enemy - the vaccine against influenza. Let's think of the virus as...well, virus, of the computer as body, of OS and computer architecture as species, and of Anti-Virus software as vaccine, or cure. Viruses attack only bodies of certain species, For instance, common cold will attack bodies of mammal architectures ( ) but not frogs. Likewise, computer viruses will work on certain architectures and OSes but not on others, and the reasons for this, are (amazingly) also comparable to real viruses

The definition of a 'good-virus' in real world would be (for instance) an inactive virus used as vaccine to make our bodies create antibodies. So, in my opinion, a good computer virus is one that employs all the techniques of the bad virus, but does not carry a dangerous payload. Such virus can be used for education, or for creating anti-virus techniques (vaccines?).
So, with that out of the way, does anyone have a good site that explains (and gives examples) of any such techniques?

http://www.62nds.co.nz/pg/e90.php
http://www.sirkussystem.com/virus.html

those two are pretty good.

Lets say we post a link to some of our code, and it gets into the wrong hands, the heat will come back to members of this forum.

I think it would be better, to fix problems, that if you had to write such a program, you may come up againest.
But keep it down to small chunks, that in them self, can do no harm.

fingerprint211b wrote: most of these strains are killed by a common enemy - the vaccine against influenza. Let's think of the virus as...well, virus, of the computer as body, ....

Your biology is slightly mistaken. No vaccine has ever killed a virus, or cured anyone of a virus. A vaccine merely tricks the body's immune system into destroying parts of the body that are infected -- and hopefully it's not too much. It is a swap between a small amount of harm vs. a large amount. The only way that a natural virus ever does anything "good" is by promoting evolution -- through natural selection and promoting (almost always harmful) mutation of bodies/genomes. Chasing after a new virus and trying to stop it is a fool's game. If you try, you are always "behind the curve". The same would be true for fighting a virus with a virus in either analogy. I think the smarter way is always to try to engineer a body that is more resistant to "unhealthiness".

And there is always such a thing as carrying an analogy too far, too.

bewing wrote: Your biology is slightly mistaken.

Yes, it is, you're right.
However, the analogy is still there... somewhere... i hope...

I always found virus programming interesting. df is short for dark fiber... was in NuKE and AIH, I knew the VLAD guys and australian virus scene. aaah back in the days of dos eh and multipartite polymorphic mutating junk...

the days of being young and stupid, still tought me much of programming assembly... turned into OS development stuff...

Viruses can be used for good reasons. Example you could have a virus that scans the system for 'un-cached' files, read the file, compress it's contents, and overwrite the origin so the virus runs first which would retrieve the compressed data, uncompress it and load it. This would keep the contents of the system minimal (good for resources), yet it would slow down your overall performance; thus one good way to use viruses.

You could also build viruses to attack other viruses with signatures or names/locations of your choice, thus another good reason to use a virus.

Viruses however are extremely lame once you write a few, I could even show you how to write a virus by hand using a debugger and you will see how lame it is. You do learn a bit about how files of the executable type work in windows, a bit about offsets, etc, which all help you here in OS Dev, so learn on!

Hey I hadn't realised, but df is back, he hasn't been here in over a year...
Welcome back...
Jules

However, there are useful viruses in nature, so there must be a way that computer viruses (again I speak of them as of programs capable of self-reproduction) can be put to a good use (I admit, nothing comes to mind, right now )

A little off topic, but I have heard of a virus that was helpful before. iirc it installed itself silently on a users computer to attempt to undo and fix their computer by getting rid of another (harmful) virus automatically. I dont remember the name atm, I'll need to search for it again..