Forgot your password?
typodupeerror
Japan Security Your Rights Online

Fujitsu To Develop Vigilante Computer Virus For Japan 129

Posted by Soulskill
from the which-will-lead-to-anti-anti-virus-viruses dept.
wiedzmin writes "Japanese Defense Ministry has awarded Fujitsu a contract to develop a vigilante computer virus, which will track down and eliminate other viruses, or rather — their sources of origin. Are 'good' viruses a bad idea? Sophos seems to think so, saying, 'When you're trying to gather digital forensic evidence as to what has broken into your network, and what data it may have stolen, it's probably not wise to let loose a program that starts to trample over your hard drives, making changes.'"
This discussion has been archived. No new comments can be posted.

Fujitsu To Develop Vigilante Computer Virus For Japan

Comments Filter:
  • A Polite Virus (Score:5, Interesting)

    by Marxist Hacker 42 (638312) * <seebert42@gmail.com> on Tuesday January 03, 2012 @03:26PM (#38575422) Homepage Journal

    Would be the answer. A polite virus doesn't migrate automagically- it *asks* before it migrates.

    • Methinks the Japanese have been reading too much into the "Diamond Age [wikipedia.org]".

      Maybe Matter Compilers are next....

    • Re:A Polite Virus (Score:5, Insightful)

      by nman64 (912054) * on Tuesday January 03, 2012 @03:37PM (#38575586) Homepage

      Malicious authors would love that - another angle for them to take advantage of. Anyone with clue isn't going to trust a polite virus unless they've been told to expect it, and by the time they've been told this polite virus is friendly, the malicious authors will already be using polite messages to get users clicking where they want them to.

      • Re:A Polite Virus (Score:5, Insightful)

        by Moryath (553296) on Tuesday January 03, 2012 @04:09PM (#38575978)

        You've got it right. Malicious authors will just reverse-engineer Sophos's virus, tweak the payload, and then they're off to the races.

        And other antivirus houses, RIGHTLY, will peg Sophos's virus as malicious and work to block or eliminate it.

        This is the catch-22. If your virus tries to use a "break in then pull up the ladder with it" mentality, someone else will co-opt your work. Pretty soon, your "beneficial virus" will be meaningless. In the real world, virus writers have been caught "pulling up the ladder" from time to time, removing their competitors' viruses and taking over existing botnets. Sophos is trying the same tactic, which isn't going to be helpful for anyone.

        • by thoromyr (673646)

          Sophos is trying the same tactic, which isn't going to be helpful for anyone.

          Are you sure Sophos is trying the same tactic? Or is Sophos saying more-or-less what you are saying. Perhaps you meant Fujitsu? Or the Japanese Defense Ministry which is funding the effort? At least, that is according to the fine summary...

        • by Anonymous Coward

          "And other antivirus houses, RIGHTLY, will peg Fujitsu's virus as malicious and work to block or eliminate it." -fixed that for you.

          Even if they didn't, their heuristics would probably make some noise.

        • Re: (Score:3, Informative)

          I know it's considered bad form to RTFA, and sometimes RTFSummary, but really... not reading the headline?! Fujitsu is developing the virus. Sophos is arguing against the idea!
    • Re:A Polite Virus (Score:4, Informative)

      by TFAFalcon (1839122) on Tuesday January 03, 2012 @04:31PM (#38576282)

      That just trains people to click OK/ALLOW more. So the next 'polite' virus will do more then just kill other virii.

    • by ae1294 (1547521)

      Would be the answer. A polite virus doesn't migrate automagically- it *asks* before it migrates.

      No a polite virus will offer you a nice warm blanket...

    • by guruevi (827432)

      Does Canada have virus programmers? I thought they would be too nice of a

  • Ugh (Score:5, Insightful)

    by afabbro (33948) on Tuesday January 03, 2012 @03:29PM (#38575452) Homepage

    Any "good" virus will be caught, captured, studied, mutated, and turned into a "bad" virus very quickly.

    Also, a virus by definition installs software on a machine without the owner's consent. So it's never a good idea.

    • "Also, a virus by definition installs software on a machine without the owner's consent."

      I disagree with that definition. KOH is an example of a good virus that asked *before* it installed.

    • by morcego (260031)

      So, by your virus definition, Windows is a virus ?

      • Re:Ugh (Score:5, Funny)

        by badboy_tw2002 (524611) on Tuesday January 03, 2012 @03:46PM (#38575732)

        I propose then we name the new "good virus" "Agent Smith"

        Agent Smith: I'd like to share a revelation that I've had during my time here. It came to me when I tried to classify your operating system and I realized that its not actually an operating system at all. Every OS on the Internet develops a natural equilibrium with the surrounding hardware environment, but your Windows does not. Its installed on fresh hardware and grows and grows until every hardware resource is consumed and the only way you can survive is to wipe the machine and start over. There is another program on the Internet that follows the same pattern. Do you know what it is? A virus. Windows is a disease, a cancer of the Internet. You're a plague and we are the cure.

        • by EdIII (1114411)

          I have found my new sig.

          Oh, and thanks butthead. I have to go get some windex and paper towels to get the coffee off my monitors :)

          P.S - I think we should create a crowd funded website to pay that actor to make a commercial for Linux with your script.

          • by morcego (260031)

            I would totally chip in for that. However, I'm not sure we could get away with it:
            - We could be accused of libel/defamation
            - We could have problems with trademark (Microsoft)
            - We could have problems with copyright (Matrix's authors)

            However, if we had the backing of any established comedy/humor media, we could get away with it. Maybe The Onion. SNL could pull this one, but I doubt they would buy the idea. Hummmm ... Does anyone know the people from SNL ? :)

            • by EdIII (1114411)

              Does anyone know the people from SNL?

              Oh sure. I go to temple all the time with Adam Sandler. I'll ask him this weekend.

            • by kesuki (321456)

              parody is legal in the usa. and this is definitely parody.

              • Re:Ugh (Score:4, Funny)

                by forkfail (228161) on Tuesday January 03, 2012 @07:05PM (#38579040)

                Parody (tm) was retroactively patented last week, and the name trademarked and copyrighted. Use of the word Parody in it's verb form ("Parodying") is now an actionable civil offense.

                You can be sued for applying unlicensed Parody (tm) to any situation.

                You must have a valid license to apply Parody (tm). Furthermore, you need Parody Enterprise (tm) for any published, non-personal application of Parody. Parody Student Edition (tm) may only be used in an educational environment. Release of Parody (tm) works under GPL is prohibited.

                Note that a Parody (tm) license does not allow you to publish Satire (c); a separate license is required for such publications.

    • by wiedzmin (1269816)

      Also, a virus by definition installs software on a machine without the owner's consent.

      Well, technically, by definition, viruses don't install anything - they inject themselves into existing host files/applications/processes. You're thinking of worms... which is technically, by definition, what this is :) But regardless, yes, this is a bad idea.

      P.S. Yay, my story got posted.

    • by unrtst (777550)

      I'm almost certain that nearly everyone that's even a little involved in IT has had the idea mentioned in the summary. This isn't a new thought, and I believe it hasn't been done because we all keep deciding in the end that it'd cause more harm than good (or may have bad/legal repercussions the good guys aren't willing to deal with).... but it sure is tempting.

      I'm all for them giving it a go. If designed right, it'd reduce the number of virus-laden machines and leave no additional vector for infection:

      * wor

    • Maelstrom by Peter Watts The evolution of a viral soup on the net is illustrated beautifully in this (freely available) book: http://www.feedbooks.com/book/975/maelstrom [feedbooks.com] It's a great read. Viruses fighting for supremacy and interbreeding on the net may be an inevitable part of an evolving net-biosphere but probably not the best thing to encourage!
  • ... or Core Wars Reloaded?
  • Um, no. (Score:5, Funny)

    by JustAnotherIdiot (1980292) on Tuesday January 03, 2012 @03:29PM (#38575468)

    Are 'good' viruses a bad idea?

    McAfee, Norton, AVG, etc have built businesses around good viruses.

    • Nope, a virus is a self replicating self installing piece of software, a Trojan tricks people into installing it by claiming to do something desired. Thus McAffee and Norton are high grade trojans, and some of the few that can trick you into paying to install them.
      • While initially I figured deeming them "rogueware" would be nonsensical, I then realized their incapacity to perform their advertised functions makes it appropriate.
  • by SJHillman (1966756) on Tuesday January 03, 2012 @03:29PM (#38575470)

    Skynet, Landru, M5, the Matrix, HAL

    There's plenty of art for reality to follow.

    • by EdIII (1114411)

      Which brings up a good point, or question that is.

      Does art imitate life, or does life imitate art?

      How much Japanese Mange and Anime out there have the premise, much like Johnny Mnemonic, that there can be AI viruses out there designed to travel from system to system carrying out search and destroy orders.

      I think the new Japanese politicians are Ghost in the Shell fans.....

  • by forkfail (228161) on Tuesday January 03, 2012 @03:29PM (#38575474)

    ... the white cells from the attacking entities.

    And the ramifications could get interesting.

    For example, will it be illegal to tamper with such a white cell virus that's on your system? To reverse engineer it? To release your own distributed anti-virus system that might view such a white cell virus as a threat, and hunt it down and destroy it across multiple networks?

    • by Bucky24 (1943328)

      For example, will it be illegal to tamper with such a white cell virus that's on your system? To reverse engineer it? To release your own distributed anti-virus system that might view such a white cell virus as a threat, and hunt it down and destroy it across multiple networks?

      Only if they copyright it.

  • by Tavor (845700) on Tuesday January 03, 2012 @03:30PM (#38575476)
    Considering this is Japan, I'm pretty sure they got the idea from Ghost in the Shell. The Major often times references performing a Back Hack, to determine the location of an attacker. Now if only I could teach Windows how to enter Autistic Mode...
    • by vlm (69642)

      Considering this is Japan, I'm pretty sure they got the idea from Ghost in the Shell. The Major often times references performing a Back Hack, to determine the location of an attacker. Now if only I could ...

      ... I was thinking more along the lines of what to do with those who bring virii onto my network ... tentacles ....

    • Windows does literally what the user asks for in most cases. It has a rigid response system that, while carefully considered, can't in any way respond intuitively to users' desires. Windows can't empathize, it can't be creative. It can, however direct you to gigabytes of information on many topics. Windows is highly autistic.
  • by JoeCoder7 (989774) on Tuesday January 03, 2012 @03:32PM (#38575506) Homepage
    What happens when the Fujitsu virus meets itself and destroys its own source of origin?
  • by nman64 (912054) * on Tuesday January 03, 2012 @03:33PM (#38575532) Homepage

    An arms race against an opponent that know no boundaries is typically futile.

    It would be extremely difficult to develop a virus that could effectively spread and eliminate other infections without stooping to the same low levels as the malicious developers, at which point the friendly virus isn't so friendly anymore.

    Sophos is right that such a counter-attack launched on a managed network with security-aware personnel capable of removing the malicious infections and performing a proper investigation is only going to complicate matters.

    • by Shadow99_1 (86250)

      This is for companies like Sony who just don't seem to want to hire competent security personnel. I really don't think it's any surprise this is coming out of Japan, the home country of Sony. While I pick on Sony lots of Japanese companies don't seem to care about security in any way except physical. The Japanese government has had some issues as well with seeming complete lack of network security concepts the last couple decades as well.

      I think the bigger issue is even if they go ahead and make this it wil

  • by jjp9999 (2180664) on Tuesday January 03, 2012 @03:34PM (#38575542) Homepage
    I could see this having a lot of collateral damage, since hackers like to bounce their connections off of legitimate IPs to hide their own locations. The Chinese hackers, for example, use HTran to do this for them - it makes it look like the attacks are coming from University campuses or from IPs belonging to dissident groups.
    • by jjp9999 (2180664)
      Just adding to that, what if the attackers are using a VPN? Does that mean the Japanese systems will automatically take down a VPN server is they get hit? I think retaliation for cyberattacks could be a good thing, but you really need a human mind behind it - having an automated counterattack system is asking for trouble.
  • Aside from all the hype, its basically a distributed IDS. Since everything I do as a sysadmin is done in puppet, and my ids image is an ids image because of about one line, I'm half way tempted to try it at home, "everything under puppet control instantly becomes an IDS".

    The biggest problem I can find is scalability of alerts. So now when one machine sees something weird I get it in the daily status report. What happens when 25 or so machines see something weird and all decide to simultaneously spam me?

    • by DarkOx (621550)

      They don't spam you they send the events to you SIM tool which correlates all the events and sends you one alert with some additional data that the event was seen by 25 machines on 4 subnets etc etc

  • If there will be defense measures that will avoid deleting the "vigilante virus", then it seems likely that there will also be viruses with a similar signature to this one, with a slightly different agenda of course.
  • by FudRucker (866063) on Tuesday January 03, 2012 @03:37PM (#38575580)
    to develop operating systems that are impervious to viruses, trojans, worms and rootkits & etc... probably could not be done to 100% certainty but it can be implemented so the bad software is the rare exception to the rule rather than wide spread chronic infections like you see with that software from Redmond...

    that would more than likely put Microsoft in to a niche corner and out of the desktop operating system & office software suite business...
    • by Anonymous Coward

      This is beyond silly - a OS resistant to malware is by nature resistant to users. Something I would HOPE the /. crowd would be against.

      The problem with the government getting into the malware business is the way malware spreads. Do you want the government to be doing fishing attacks (possibly with the knowledge of confidential information) or sending you 0-day exploit enabled trojans through email? I don't. Though the intention to remove malware is nice, the problem is it first has to get onto my system

      • I'm one of the people who thinks that if a machine has been compromised (provably), it should be fair game to hack it again for the purpose of removing the offender (and itself). Security companies are usually against even this though - and it be a lot less intrusive than the summary here indicates.

        How do you prove it without getting in? How do you differentiate the actions of an authorized user on THEIR system from a hacker who compromised them? If my employee is attacking your system, you contact me, an

    • There exists no lock that will secure a house when the owner doesn't use common sense and lock the door.

      There exists no OS that will secure a computer when the owner doesn't use common sense and not execute unknown code.

      There are very few true 'viruses' on any OS these days - a virus being a program that can propagate without any user assistance at all. The vast majority of malware is trojans et al that exploit the user.

      • by hedwards (940851)

        This is a much easier problem to deal with. Users who can't be bothered to learn to keep their computer secured shouldn't be permitted to own a HDD. If you boot from a CDROM, DVD or a read only thumb drive your chances of getting a virus is going to be quite low and the rewards for people to write them would be practically non-existent.

        The way to win this in the long term is to remove the incentive to write the viruses in the first place.

        • This is a much easier problem to deal with. Users who can't be bothered to learn to keep their computer secured shouldn't be permitted to own a HDD

          It's easy to pose 'bell the cat' solutions. Easy, but never helpful.

    • by Anonymous Coward

      Actually, there have been a number of experiments around this for a number of years. A File and OS immunity system was the concept, and it was working in the labs to some degree.

  • by jenningsthecat (1525947) on Tuesday January 03, 2012 @03:45PM (#38575710)

    The Internet and the vast number of computers connected to it form a vast, dynamic, and complex system whose detailed behaviour is difficult to fully understand and impossible to confidently predict.

    Just like the introduction of Cane Toads in Australia, ( http://en.wikipedia.org/wiki/Cane_toads_in_Australia [wikipedia.org] ), and so many other similar introductions of organisms to 'fix' some problem in a complex ecosystem, this will probably turn out badly. And it may be impossible to undo once the virus is released into the favourable ecosystem that is the Internet.

  • In theory, if you could deploy such a worm within your own network (e.g. corporation) and guarantee it wouldn't infect any other machines, then MAYBE, but how would you guarantee that?

    What works is a vulnerability scanner (e.g. satan type programs) to detect and inform you of potential vulnerabilities in your system
    plus a known malware scanner (e.g. MSRT, MalwareBytes, AV software).
    plus "behavior detection" software that flags malware-like behavior.

    Such software must be installed and run by an administrator

  • Depends on if you liked that movie and what the character did. Or..if you like the "Jack Bauer" consequentialism approach to justice. You know...."Chaotic Good" in D&D parlance where the ends justifies the means.

    Except when the ends don't end up the way you wanted it to go after exercising your idea of what the "means" should be....

  • Im torn between liking this and hating it. On one hand it could mean less spam but on the other i will loose money from removing viruses from peoples computers.
  • Don't let the door hit you on the bob side!

  • The Land of the Raising Sun is full of wonder, but the day of the Ronan is long past. There appears to be an classical arthritic choke point in Japanese culture that does not allow for information to travel UP TO policy makers. It appears that after the cluster fuck that is the Fukushima Daiichi nuclear disaster, that those in charge of making policy do so in a "dark room," still. If the policy makers of Japan are so caviler about insulting the intelligence of their constituents, then the contempt for the
  • See http://en.wikipedia.org/wiki/Morris_worm [wikipedia.org] That didn't turn out so well, did it? One minor miscalculation, and it'll shut down the internet. And how will it adjust itself to handle different versions of Windows, let alone different versions of Mac, Linux, PalmOS, etc, etc?

    • Mac? PalmOS? What decade did you dredge this comment out of?

      This comment sounds like something that would have been posted on /. in 1998....

      Of course, it's still true with s/Mac/OS X/, s/PalmOS/Android, WebOS and iOS/ etc. :D

  • Call good viruses "agents" and then it's perfectly okay.

  • They should first read some history about the very first computer virus, written by Robert Morris (Jr) in 1988. If for no other reason than to realize they are so very late to this ideas party...

    He had the same idea and only wanted to make a program that can spread itself around, but not actually do anything (aka payload), however due to a single incorrect counter value in an otherwise harmless virus, the very act of spreading itself so aggressively is what ended up taking down the entire Internet (Or at l

    • by kesuki (321456)

      this isn't the first time they've been that devoted to destroying the internet. i recall sony installing rootkits on users who purchased their music to watch for p2p downloads.

  • Nothing new to see here, move along. "Good" virus == Existing virus scanners with pre-approved permissions to "handle" said virus (i.e. quarantine, delete, etc...) Now if a virus scanner is considered a virus (many think they are), then I sense a recursion problem ahead...
  • I think it is a great idea but is not legal, as it can also delete by error files that are infected, so that legal copy of LMFAO mp3 is deleted because it had a virus...no thank you! The best is what MS is doing, hunting down the C&C and shutting them down as well as shutting down all infected pcs.

  • I have a solution for combating malware on PC already. It's called antivirus, and while it's not perfect, it's predictable. Software that I didn't put on my machine doesn't belong there. Regardless of the intention.
  • Reminds me of some movie plots.

  • ...but not the one they need right now.

  • Test runs in closed networks have helped the ministry to confirm the cyberweapon's functionality and compile data on cyber-attack patterns.

    I'd like to see these test networks, I am willing to bet they are just some group of corporate big-shots trying to sell a few more government contracts to a broken government that is trying to assure their naive populace that they are doing everything they can against those nasty Chinese hackers.

    What makes them think their test network is any representation of the real world? What makes them think they can actually discover viruses using viruses when anti-virus software can do no better? They can't do it. O

  • So it's a self replicating anti-virus that involuntarily heals computers to protect others? Sounds good, but isn't gaining unauthorised access to a computer illegal (At least in the UK and US)? And you'd have to trust the vendor. Maybe the government would give the vendor legal immunity, but then paranoid conspiracy theorists (eg. RMS) would go crazy, and they might have a point for once
  • You're all talking and giving references of XXth century virii which infected files.
    Virii today use these infection paths:

    1.- Exploits on browsers/plugins while browsing infected servers.
    2.- Exploits on open ports.
    3.- User installing software that carries spyware or trojans.

    The paths 1 & 2 are caused by non-updated vulnerable software and somebody MUST do something about that if the user doesn't care.
    Path 3 can be mitigated by using an updated antivirus. An antivirus would block the "good virus"
  • We all know this is how SkyNet started this way.... I guess 2012 really /is/ the end of the world!
  • Welchia [wikipedia.org] brought the internet to a stand-still in 2003 while trying to remove Blaster. This is a problem resolved by education, not technology.
  • Shame they could not have done this at the nuclear power plant.

Never try to teach a pig to sing. It wastes your time and annoys the pig. -- Lazarus Long, "Time Enough for Love"

Working...