Hello people, I`m new in the programing world and i`m still studying C++ on my own. One day i came up with idea and i want to ask the real pros if it`s possible or not.Here is it:
We all know how computer viruses do their job, how they spread and so on; I was thinking is it possible to create a virus that does not delete anything but other viruses - for example: it jumps to your PC , scans , finds the virus it is searching for and then it spreads; after spreading stage is complete it self-destructs , leaving no trace to the user.
Is it possible?
Well, without attempting to get an absolute correct definition of what a virus is, I'll just pose the possibility that a virus does harm the target PC in some way. Since you propose that your "virus" would clean other viruses, I don't think I would classify itself as a virus.
Now, having said that, I can also say that pretty much anything is possible. Your cleansing program would do the cleansing, then it would spread using email + your address book, or it would attach itself to USB keys, or whatever other method of spreading, and finally it would instruct the OS to delete its original executable on the next boot.
If this still spreads like a virus and without the user's knowledge then it is of course still illegal. Another point is that it will most likely harm some computers do to false positives, so if it is going to do everything in the background with asking for user consent for deletion operations, then you would have to be very sure of your detection algorithms.
Why not just be honest with the user so they can recover any false positives it deletes. That way it could still spread by email, just with their consent.
But I think nearly nobody will trust the program.
If I were asked by an application I not have installed wether I want to delete some files classified by it as maleware, I never would agree.
So it would be best to tell the user of the program before it is installed.
Mentioning this, the project would -in some way- just be another maleware-scanner with the additional feature of spreading.
I think the idea is a good one and it would be efficient, but it would not be accepted by many users.
It seems like a cool idea to me. However, I agree that if it goes behind the users' backs, then no one will trust it. If on the other hand it is honest, one could just put an "Email your friends this software" link in any free antiviral package, to exactly the same effect.
Well the idea is skipping the weakest point - the HUMAN; thus it will be probably better if the user don`t detect anything. Of course this could be a project like the GNU Linux. Free software with source code available to everyone to inspect and modify under the GNU license.
About deleting the virus- well, it won`t be imperative to delete it. It could just change the file extension to something that the user will detect later on and know that it could be infected.
All I'm saying is it should be possible for the user to either recover things, or at least contact the developer to have the file checked so that the software could restore it itself if the next version.
The main point is just that false positives must be reversible. Also, of course, the software should be legal if possible ;) This would require some sort of human consent, at least when the software is first installed. Other than that, I do agree that removing the human decision making from the process is good. It really annoys me when Kaspersky asks me whether to block, restrict, install etc... I mean, how should I know? It's the security software XD
Remeber it's the nature of the internet that you don't know what state\country you're in when you log into, or in your case infect, a remote system. So what ever you do is more then likely going to cross state lines and land in Federal juristiction. You know why there are more Chinese and Russian Hackers then there are in the US? It's because our cops are better at cathing them, and don't give a damn about intent when they prosecute.
Don't be completley discouraged by this. I had much the same idea early on when I was studying C++. This post was not to convince you that what you are suggesting will land you in jail. It was so that you have a better idea of the risks involved.
in 2008 by the Identity Theft Enforcement and Restitution Act. Subsection (b) of the act punishes anyone who not just commits or attempts to commit an offense under the Act, but also those who conspire to do so.
Oh dear, that's pretty much what this thread is :P
Hehe, I am now tempted to post hello world code, but I shan't in case the government disagree with me on how dangerous writing to the standard output is :P
Actually, I don't think anything in this thread breaks any parts of the Computer Fraud and Abuse act, because no damage would be caused by such a program, no?
@ Albatross: I disagree, if the OP set his little pet to detect and "fix" system driver hooks, host file redirects, proxy redirects, screen capture software, keyloggers, startup entries, symbolic links or any one of a whole list of other things that I know I'm forgetting. It would take my company around two months to get everything up and running again, that's assuming we wouldn't just reimage the whole damn thing.
Setting up an AV server is no joke. You're actually trusting a program that was written by a group of people you've never met or consulted with, to use its best judgment in determining what pieces of software you do and don't want on your computer. You then read shooty and obtuse documentation in order to best convey your preferences to the central management application that came bundled with it. Then you give it full control over your network and hope for the best. Ever wonder why it is your Freindly local SysAdmin gets stressed out over something you've done at home a hundred times? It's because the process doen't scale well.
@Albatross Also, Wikipedia said that attempting to gain unauthorised access violates the act anyway, regardless of your good intentions for the target computer. Further, damage would be caused by any false positives, and there would be bound to be some if it used any heuristic detection methods.
@Computergeek01
He wasn't talking about fixing malformed system driver hooks, fixing incorrect host file redirects, fixing incorrect proxy redirects, erasing any recording software, fixing malformed startup entries, resolving undefined symbolic links or fixing any one of a whole list of other things you know you're forgetting, he was talking about finding documented malware on a machine.
strashko wrote:
I was thinking is it possible to create a virus that does not delete anything but other viruses - for example: it jumps to your PC , scans , finds the virus it is searching for and then it spreads; after spreading stage is complete it self-destructs , leaving no trace to the user.
@Xander314
Hmm? Where does it say that? Everything under "Criminal offenses under the Act" mention intent or knowledge of one's actions...
@strashko
They are right, however. You do need to be very careful that your program doesn't cause any damage for fear of it being traced back to you and being landed with a lawsuit, regardless of your intentions. :(
@ Albatross: And this is where I almost regret not having gone to law school. I guess it's the ambiguity of how the law is written, and the knowledge that the judge won't know a firewall from a hole in the wall that would have me too cautious to try this. I guess, if a person was careful and knowledgable though this would be at the very least an interesting social experiment.
I've thought of a public education campaign myself. It would go something like this: A mass mailer sends out a million E mails to all kinds of combinations of addresses with a message subject saying "You've Just Won The New Jersey Lottery" or "Follow This Link For A Free..." and have the link go to a website with a message in giant bold font "ARE YOU F******* KIDDING ME?" and not let them close the window until they have endured a lecture on how stupid they've been and I don't know, maybe make them write an essay while I'm at it. I figure I've been lectured enough by crotchity old people in my life that most of them have this coming.
@ OP: Why would you say that? No one here is saying "No! Don't do that it's a stupid idea!" we DO want you to know what you are getting into, so that what ever you decide to do you did so with as much information as we can provide. Albatross has pointed out some interesting loop holes, I'm Not A Lawyer so I can't verify or discredit any thing that's been said so far.
Personally I can't bring myself to discourage a fellow aspiring Grey Hat, the search for information should never be held back because of fear of what it might lead to. I say good luck on your ventures and please STAY OUT OF ANY REAL TROUBLE!