/~~~~~~\ *********** *********** ~\( * * )/~ *********** *********** ( \___/ ) *** *** *** \______/ *********** *** *** *** ******* @/ \@ *** *** *** *** *** *** *** *** *** *** *** *********** *** *** *** *** *** *********** |\__/| ******** *** ***** / \ ******** *** *** ~\( 0 0 )/~ *** ( /---\ ) *** \______/ *** @/ \@ *** ============================================================== April - July, 1994. Volume I, Issue 1 ============================================================== CONTENTS: 1. "Alive" Is Alive Again! - Editor's Word 2. In the Trap of the Language 3. Puzzle - Continued (2) 4. The Legend - Fred Cohen ... Interview ... Article Review - Trends in Computer Virus Research 5. The Mystery - Mark Ludwig ... Interview ... It Conquered the World : A Fiction Excerpt from Mark Ludwig's "CVAL&E" for Your Enjoyment 6. The Reality - Vesselin Bontchev ... Interview ... Dozen Reasons Why a "Good" Virus Is a Bad Idea .............................Vesselin Bontchev ... An Example of Beneficial Virus .............................Vesselin Bontchev 7. The Grand Debate about Beneficial Viruses and Artificial Life %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % % ALIVE, Copyright 1994. By Suzana Stojakovic-Celustka % % This magazine may be archived and reproduced without charge % % throughout Cyberspace under the condition that it is left % % in its entirety. Send submissions, comments, etc. to % % celust@cslab.felk.cvut.cz and subscription requests to % % mxserver@ubik.demon.co.uk % % % %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<**** "ALIVE" IS ALIVE AGAIN! - EDITOR'S WORD ======================================= Dear Readers! For those who already lost every hope that "Alive" will be alive ever again here are the good news. The first real (non experimental) issue of "Alive" is right in front of your eyes. Apologies and thanks to all of you who were patient till now. The reasons of delay are various. As it usually happens real life interferes with the best intentions. Sincerely, it is not so easy to bring to the world new number when one person is editor, technical editor, graphic designer, journalist, critic, student, etc...Anyway there are signs that such a situation will improve in some time, so no more complainings. I hope you will like this number and am expecting any and all comments and contributions. About this issue: ----------------- The first article "In the Trap of the Language" is my attempt to find out how to make a good definition of a computer virus. I have to confess that I didn't expect that this problem would bring me so far in philosophy. Somehow, I am still not sure that exact solution exists and probably this topic will have a continuation. The second article is one more step to find the solution of Puzzle presented in the last number. With a little help of Fred Cohen, here is the first try to define environment in which is suspected to have something "alive". I was very glad to be a host to three guests in this number : Fred Cohen, Mark Ludwig and Vesselin Bontchev. They are speaking about themselves and their work exclusively for "Alive". If you thought that you knew everything about any of these persons, maybe you were wrong. Read the interviews and might be that you will find something new. Respecting Fred Cohen's wish to not reproduce any of his published articles or texts in electronic form, in this number you can read only review of his article "Trends in Computer Virus Research". There is also an excerpt from Mark Ludwig's new book "Computer Viruses, Artificial Life and Evolution", reprinted from "Crypt Newsletter" No 22 with permission. Vesselin Bontchev made an extension of his "Dosen Reasons Why a "Good" Virus Is a Bad Idea" (which appeared originally on Virus-L some time ago) exclusively for "Alive". The Reasons are pretty convincing, but there is also his Example of Beneficial Virus presented in this number. It is actually an excerpt from a longer Mr Bontchev's recent posting to Virus-L. With these guests the Grand Debate about Beneficial Viruses and Artificial Life starts from this number in "Alive". If you think that you have something to say about this theme, please send your contributions. You don't have to be an expert or a "good" guy/girl. As long as contributions have a form according to "Alive" guidelines, they will be deeply appreciated. About contributions and subscriptions: -------------------------------------- Preferred form of contributions are short articles or previews. Comments on contributions will be deeply appreciated, but will be published only if they have a convenient form. This is -not- a place for polemics or blames, so please don't send your comments if you have nothing constructive to say. The preferred form of code examples is pseudo-code. The code of existing viruses which somebody could consider beneficial will not be published here. Send your contributions and comments to celust@cslab.felk.cvut.cz ************************************************************************** WARNING!! During the vacation time, i.e. 20th July - 1th September, please send your contributions and comments to celustka@sun.felk.cvut.cz ************************************************************************** Subscriptions requests should be sent to mxserver@ubik.demon.co.uk Where can you find "Alive": --------------------------- The number of hosts where you can find "Alive" increased since last number. The magazine is available for anonymous ftp from following sites: 1. ftp.informatik.uni-hamburg.de in /pub/virus/texts/alive (by courtesy of Vesselin Bontchev, Virus Test Center, University of Hamburg, Germany) 2. ftp.demon.co.uk in /pub/antivirus/journal/alive (by courtesy of Anthony Naggs, UK) 3. ftp.elte.hu in /pub/virnews (by courtesy of Toth J. Szabolcs, Eotvos Lorand University, Hungary) 4. ftp.u.washington.edu in public/Alive (by courtesy of Jeffrey E. Hulten, University of Washington, USA) Gophers: saturn.felk.cvut.cz (by courtesy of administrative personnel of Computer Department, Czech Technical University, Prague, Czech Republic) ursus.bke.hu (by courtesy of Toth J. Szabolcs, Eotvos Lorand University, Hungary) Other places: Slovak Antivirus Center BBS +42 7 2048 232 ZyXEL 1496+ 19.200 Bd NonStop (by courtesy of Peter Hubinsky, Slovak Antivirus Center, Bratislava, Slovakia) Software Library of University of St. Gallen - the requests may be sent to luca.sambucci@ntgate.unisg.ch (by courtesy of Luca Sambucci, University of St. Gallen, Switzerland) Any offer from other sites will be appreciated. Acknowledgements: ----------------- I wish to thank to Fred Cohen, Mark Ludwig and Vesselin Bontchev for their appearance and contributions in this number. Also thanks to Jeffrey E. Hulten (USA), Philip Fites (Canada) and Vladimir Vrabec (Czech Republic) for their suggestions how to improve the quality of "Alive". Hopefully, there will be PostScript and Hypertext (WWW) versions of "Alive" in near future. There are no language corrections in this number, but I would like to thank to Martin Tharp (USA) for corrections he made in the last number. About editor: ------------- The editor is currently a Ph.D student on Computer Department, Faculty of Electrical Engineering, Czech Technical University in Prague. Is working on her Ph.D thesis and hoping that "Alive" will bring a lot of useful material and a lot of fun. So, dear readers, enjoy the reading and make your copy of "Alive" really alive: SPREAD IT WIDELY! ****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<**** Some say that life's an illusion Who knows what's false or what's true... ...With all of its glories and all of its faults It seems life is a bittersweet waltz... - "Bittersweet Waltz" - ****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<****>>>>****<<<<**** IN THE TRAP OF THE LANGUAGE =========================== There is a problem which bothered me since the results of Contest for the Best Virus Definition were published. It seemed that plain language was not suitable to define computer virus properly. Well, the problem of good definition of whatever is not anything new. 1. GOOD REPRESENTATIONS Looking for the recipe how to make good definitions I found some books. The first one is "Artificial Intelligence" by Patrick Henry Winston [5]. There are few words there about good representations: "...In general, a representation is a set of conventions about how to describe a class of things. A description makes a use of the conventions of a representation to describe some particular thing. Finding the appropriate representation is a major part of problem solving. Consider, for example, the following children's puzzle: The Farmer, Fox, Goose and Grain: A farmer wants to move himself, a silver fox, a fat goose, and some tasty grain across a river. Unfortunately, his boat is so tiny he can take only one of his possessions across on any trip. Worse yet, an unattended fox will eat a goose, and an unattended goose will eat grain, so the farmer must not leave the fox alone with the goose or the goose alone with the grain. What is he to do? Described in English, the problem takes a few minutes to solve because you have to separate important constraints from irrelevant details. English is not a good representation. Described more appropriately, however, the problem takes no time at all, for everyone can draw a line from the start to finish in figure 1. instantly. Yet drawing that line solves the problem because each boxed picture denotes a safe arrangement of the farmer and his possessions on the banks of the river, and each connection between pictures denotes a legal crossing. The drawing is a good description because the allowed situations and legal crossings are clearly defined and there are no irrelevant details. -------- -------- | Grain | | Farmer | | ====== |-->| Goose | | Farmer | | Grain | | Fox |<--| ====== | | Goose | | Fox | |________| |________| ^ | ^ | | V | V -------- -------- -------- -------- -------- -------- | Farmer | | Fox | | Farmer | | Goose | | Farmer | | ====== | | Fox |-->| Grain |-->| Fox | | ====== |-->| Goose |-->| Farmer | | Goose | | ====== | | Grain | | Farmer | | ====== | | Fox | | Grain |<--| Farmer |<--| ====== | | Fox |<--| Fox |<--| Goose | | ====== | | Goose | | Goose | | Grain | | Grain | | Grain | |________| |________| |________| |________| |________| |________| ^ | ^ | | V | V -------- -------- | Fox | | Farmer | | ====== |-->| Fox | | Farmer | | Goose | | Goose |<--| ====== | | Grain | | Grain | |________| |________| Figure 1. ( ====== denotes a river) The representation principle: Once a problem is described using an appropriate representation, the problem is almost solved..." Reading this, one could say: "Oh, I knew that. What is so special? If I can describe problem properly then solution is not so far. But, I should know something about the problem first.." 2. THE KNOWLEDGE AND THE LANGUAGE Yes, here we come. What is the knowledge at all? Another interesting book "The Tao of Physics" by Fritjof Capra [2] says: "...Rational knowledge is derived from the experience we have in objects and events in our everyday environment. It belongs to the realm of the intellect whose function is to discriminate, divide, compare, measure and categorize. In this way, a world of intellectual distinctions is created; of opposites which can only exist in relation to each other. Abstraction is a crucial feature of this knowledge, because in order to compare and to classify the immense variety of shapes, structures and phenomena around us we cannot take all their features into account, but have to select a few significant ones. Thus we construct an intellectual map of reality in which things are reduced to their general outlines. Rational knowledge is thus a system of abstract concepts and symbols, characterized by linear, sequential structure which is typical of our thinking and speaking. In most languages this linear structure is made explicit by the use of alphabets which serve to communicate experience and thought in long line of letters..." Here comes the question again: how much is the plain language suitable to describe natural world if it is an abstraction itself? Reading the same book further: "...The natural world on the other hand, is one of infinite varieties and complexities, a multidimensional world which contains no straight lines or completely regular shapes, where things do not happen in sequences, but all together...It is clear that our abstract system of conceptual thinking can never describe or understand this reality completely. In thinking about the world we are faced with the same kind of problem as the cartographer who tries to cover the curved face of the Earth with a sequence of plane maps. We can only expect an approximate representation of reality from such a procedure, and all rational knowledge is therefore necessarily limited... To quote the semanticist Alfred Korzybski: 'The map is not the territory'... ...For most of us it is very difficult to be constantly aware of the limitations and of the relativity of conceptual knowledge. Because our representation of reality is so much easier to grasp than reality itself, we tend to confuse the two and to take our concepts and symbols for reality..." Oh well, it is clearer now (or maybe not), but what to do? Especially in science where we need unambiguous descriptions. Ibidem: "...The inaccuracy and ambiguity of our language is essential for poets who work largely with its subconscious layers and associations. Science, on the other hand, aims for clear definitions and unambiguous connections, and therefore it abstracts language further by limiting the meaning of its words and by standardizing its structure, in accordance with the rules of logic. The ultimate abstraction takes place in mathematics where words are replaced by symbols and where the operations of connecting the symbols are rigorously defined. In this way, scientists can condense information into one equation, i.e. into one single line of symbols, for which they would need several pages of ordinary writing..." So, it seems that mathematics is a proper language for the science. Is it really? Continuing: "...The view that mathematics is nothing but an extremely abstracted and compressed language does not go unchallenged. Many mathematicians, in fact, believe that mathematics is not just a language to describe nature, but is inherent in nature itself. The originator of this belief was Pythagoras who made the famous statement 'All things are numbers' and developed a very special kind of mathematical mysticism. Phytagorean philosophy thus introduced logical reasoning into the domain of religion... ...The scientific method of abstraction is very efficient and powerful, but we have to pay a price for it. As we define our system of concepts more precisely, as we streamline it and make the connections more and more rigorous, it becomes increasingly detached from the real world. Using again Korzybski's analogy of the map, we could say that ordinary language is a map which due to its intrinsic inaccuracy, has a certain flexibility so that it can follow the curved shape of the territory to some degree. As we make it more rigorous, this flexibility gradually disappears, and with the language of mathematics we have reached a point where the links with reality are so tenuous that the relation of the symbols to our sensory experience is no longer evident. This is why we have to supplement our mathematical models and theories with verbal interpretations, again using concepts which can be understood intuitively, but which are slightly ambiguous and inaccurate..." It looks like a magic circle: real world - language - mathematics - language - real world. Where is the reality? "...It is important to realize the difference between the mathematical models and their verbal counterparts. The former are rigorous and consistent as far as their internal structure is concerned, but their symbols are not related to our experience. The verbal models, on the other hand, use concepts which can be understood intuitively, but which are slightly ambiguous and inaccurate..." 3. WHERE WE ARE? Taking this trip through the theory we are coming back to the initial question: is natural language appropriate tool to define a computer virus? There is no doubt that computer viruses belong to the real world. One can try to define a computer virus using natural language only. As results of Contest for the Best Virus Definition and many bitter discussions on Virus-L show, such definitions are still very inaccurate. Even worse, everybody can define a computer virus on his or her own way which leads to confusion. Few mathematical definitions while more accurate are not widely understandable... The one of most known mathematical definitions of computer virus was given by Fred Cohen. Here are few words from him about this subject: ----------------------------------------------------------------------------- A: Can the use of mathematics avoid ambiguity of plain language in definition of computer virus? FC: I translate - Can the use of a precise and well defined language avoid ambiguity of plain language?...Mathematics is a subclass of the more general class of languages. All mathematics is linguisticly defined, therefore language, if used precisely, can be as accurate as mathematics. The real problem is that mathematics says a lot of things more concisely than language because it is essentially a set of macros. For linguistic definitions to work for regular people, they have to be short enough to remember and accurate enough to apply. Hence my very short linguistic definition: - A life form (substitute virus if desired) is an information structure that reproduces in a particular environment. - ----------------------------------------------------------------------------- 4. THE END IS NEW BEGINNING Well, I could summarize now what I have learnt about how to make a good definition: 1. The first step is to check what is our knowledge about the problem. It is also a first level of abstraction, i.e. we cannot take all features of observed phenomenon into account, but have to select a few significant ones. This process is common in everyday life. One evokes a "mental model" about some concept. What will such a "mental model" show depends on information one has collected about the subject till that moment. Such an information is usually different for every individual depending on his or her experience, education, source of information, interest, etc. In the case of computer viruses the knowledge will include the information about computers, programming, possibly biological viruses, etc. The problem with "mental models" is that probably no two persons with the same "model" exist. Also exchange of "mental models" is not usual way of communication today. 2. The second step is to find a representation for a "mental model", so one could share it with other people. It is the further level of abstraction, i.e. choice of a set of conventions about how to describe a class of things. The most common tool one will use for description is natural language. It means one will describe a "mental model" using words which are sequences of letters from some alphabet. In fact, one is constructing a "natural language model" of phenomenon. To represent computer virus by English language the words used could be: "reproduction", "infection", "program", etc. The problem with natural language is that there does not exist universal language which all people would understand (that problem is impressively demonstrated in the story of the Tower of Babylon [3]). Furthermore, even in the limits of one language, it can often happen that the same words will have different meanings for different people ("There are many different languages in the world, yet none of them is without meaning." - 1 Corinthians 14.10). It is what we call ambiguity and inaccuracy of natural language. 3. The science and technique need unambiguous descriptions. For that reason it is necessary to abstract the language further. Such an extremely abstracted and compressed language is mathematics. This language is more accurate and precise than natural language. It is also universal for the people who understand it. The problem with mathematics is that it is not a language which is commonly used for communication in everyday life. Mathematical models will be understood by particular groups of people only. 4. To ease understanding of mathematical models to wider audience, they should be accompanied with verbal interpretations which will explain symbols used. The graphic representation of mathematical models is also useful. As it was shown in the example at the beginning of this text, drawings are pretty convenient descriptions in some cases. The problem here arises when one separates verbal or graphic interpretation from mathematical definition. It may cause the similar confusion as stated in point two. The above steps show different levels of abstraction (or modelling) one should pass to obtain an accurate definition. Each level has its own inherent problems. The accuracy required depends, in the last instance, on the environment where definition will be applied. In the case of computer viruses the most of the people will be satisfied with definition in natural language. It has to be stressed again that such a definition will be inaccurate due to ambiguity of natural language. The good technical definition of computer virus should be the mathematical one because of its accuracy and consistence. It should be also accompanied with verbal and graphical interpretations for better understanding. Although above text does not give a good definition of computer virus immediately, it answers to some questions. Namely, it explains why the results of the Contest in technical categories were so poor. Simply, because mathematical and verbal parts were separated from each other in the guidelines of the Contest for the Best Virus Definition. It also explains the very good results in poetical category. The ambiguity of natural language was not an obstacle there, just the opposite, it was an advantage. Greater freedom in wording gave interesting results. Talking again about technical definitions, there are new questions which bother me now. The natural language and mathematics follow different logic in their structure. The formal mathematical logic is monotone, i.e. if formula is provable in some theory T it is also provable in every theory T', where T is subset of T'. It means that the more initial axioms exist, the more new statements is possible to prove. It does not always work in real life. There are many universal statements in real life which have numerous implicit suppositions which are not possible to include initially. For example, from supposition that every bird flies, we can conclude that certain bird named Quido can also fly. Later we find out that Quido is a penguin and penguins do not fly. In that moment our system of reasoning should fall apart, because this fact is obviously controversial. Nevertheless, such a type of inconsistency is not an obstacle in everyday life. The natural language covers this inconsistency better. It can be said that natural language follows non-monotone logic. So, having a mathematical definition which is accompanied by verbal counterpart it is still questionable how they will match each other. There is also the question how the final model or "picture" corresponds to reality, i.e. how to prove that it is true. That problem is not new. Ludwig Wittgenstein says in his Tractatus Logico-Philosophicus [6] : " 2.223 To recognize if picture is true or false, we should compare it with reality. (Um zu erkennen, ob das Bild wahr oder falsch ist, muessen wir es mit der Wirklichkeit vergleichen.) 2.224 From picture itself it is not possible to recognize if it is true or false. (Aus dem Bild allein ist nicht zu erkennen, ob es wahr oder falsch ist.) 2.225 An a priori true picture does not exist. (Ein a priori wahres Bild gibt es nicht.) 3 Logical picture of fact is thought. (Das logische Bild der Tatsache ist der Gedanke.) " It is not so easy to answer the question of the truth. If we recall of Korzybski's analogy of the map, the main question remains: How to find the map which will cover the territory on the best way? 5. REFERENCES 1. Anzenbacher A., Introduction to Philosophy, SPNP, 1990. (in Czech) 2. Capra F., The Tao of Physics, Shambhala Publications Inc., 1975. 3. Good News Bible, The Bible Societies, 1990. 4. Marik V., Stepankova O., Lazansky J., et all, Artificial Intelligence I, Academia Praha, 1993. (in Czech) 5. Winston P.H., Artificial intelligence, Third edition, Addison - Wesley Publishing Company, 1992. 6. Wittgenstein L., Tractatus Logico-Philosophicus, Oikoymenh, Prague, 1993. (in Czech with original German text) 7. E-mail conversation with Fred Cohen ***&---&***&---&***&---&***&---&***&---&***&---&***&---&***&---&***&---&***& The truth is like a tiger, but with many horns; like a cow, but without a tail. - Zenrinkushu saying - ***&---&***&---&***&---&***&---&***&---&***&---&***&---&***&---&***&---&***& PUZZLE - CONTINUED (2) ====================== In the last issue of "Alive" I was wondering if Misra's algorithm for regenerating token in logical ring could be considered as a sign of "life". I got later some instructions from Fred Cohen how to solve this puzzle. One should try to find a solution in two steps: 1. Define environment 2. Check if observed object reproduces in given environment. Well, I will try to give now more information about environment and entities considered. Distributed systems: -------------------- The environment in general is a distributed system. Distributed systems are characterized by there being no global state visible to an observer at any given instant. There is no common memory. There has to be a communication system which enables sharing of information. Computer networks have provided the first example of a distributed software and hardware structure. The entities comprising the system are the sites at which the computers are located and the communication system that enables these sites to exchange messages. Once the idea of a distributed system is introduced it becomes necessary to specify its components, that is, the distributed algorithms. Whatever the architecture of physical distributed system is, there is a need for distributed algorithms which usually provide the basic functions that are essential to all information systems, e.g. mutual exclusion, detecting termination, etc. Distributed algorithms: ----------------------- 1. Basics: A distributed algorithm has been defined as a set of processes which, by exchanging messages, co-operate to achieve a common end - performing some desired function or providing some required service. A distributed algorithm has two basic elements: a) The processes that receive, manipulate, transform and output data. b) The links along which these data flow and which form a network having both structural and dynamic properties. 2. Concepts and techniques: Whatever the design and construction methodology is employed, distributed algorithms make use of the standard techniques associated with networks, such as using the acknowledgement of receipt of a message to check that it has been sent, broadcasting values to a group of processes and so on. a) Diffusing computations The processes can be linked by their communication paths in any manner whatsoever, but one process is special in that initially it can only issue messages. Further, and initially again, only this process can issue messages, and subsequently any other process can issue a message only if it has received one. It is the principle of spanning tree of the graph representing the processes and their links. b) Circulating token The "token" here is a privilege or priority that is made to circulate around the set of processes connected in a ring structure. This technique is used particularly by algorithms for termination and mutual exclusion. c) Time stamping This mechanism makes it possible to label the events in a consistent manner in relation to the interactions between the processes, that is, the issue and receipt of messages: in terms of time as defined by the logical clocks, an issue will always precede the corresponding receipt. This is particularly used for algorithms that enter into distributed systems, such as those for mutual exclusion and detection of mutual blocking. 3. Communication + ordering = control By its very definition, a distributed algorithm is based on communication of messages. In very many cases this communication can take place according to particular topology - logical ring, tree structure - and with the use of particular technique - circulating token, diffusing computation. Thus there is relation of appropriateness between the structures of the topology and of the communication control. Summary: -------- Environment considered in this puzzle is a distributed system. In such a system distributed algorithms are used to provide the basic functions. Distributed algorithms consist of separate processes that communicate with one another by exchange of messages. The Misra's algorithm, presented in the last number, showed the method for detecting the loss of a token (a special message which the processes hand from one to the other in the logical ring) and regeneration of token if it is lost. The question was if it was a sign of life in given environment. The environment is more explained now. The next step should be to show if basic entities, i.e. processes and tokens (messages) can reproduce in such an environment. References: ----------- 1. Janacek J., Distributed systems, 1993., Vydavatelstvi CVUT, (in Czech) 2. Raynal M., Distributed Algorithms and Protocols, 1988., John Wiley & Sons 3. E-mail conversation with Fred Cohen ^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*! It moves. It moves not. It is far, and It is near. It is within all this, And It is outside of all this. - Upanishads - ^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*!^&*! THE LEGEND - FRED COHEN ======================= There are very few people dealing with computer viruses who have never heard the name Fred Cohen. He is the person who first brought computer viruses to scientific community. Here are some well known formal information: In 1983, Fred Cohen performed and described the first experiments with computer viruses. He gave the definition of computer virus in his paper "Computer Viruses - Theory and Experiments", originally appearing in IFIPsec 84. To quote this paper: "We define a computer "virus" as a program that can "infect" other programs by modifying them to include a possibly evolved copy of itself." Dr Cohen is best known for his pioneering work on computer viruses, the invention of high integrity operating system mechanisms now in widespread use, and automation of protection management functions. He regularly provides consulting services for top management worldwide. During the past 10 years of his research work, Fred Cohen wrote over 60 professional publications and 11 books. He is also a widely sought speaker, averaging over 12 invited talks per year. Dr Cohen's current interests are in the areas of high integrity distributed computing, office automation, information warfare, information theory, artificial life and social aspects of computing..... The Fred Cohen's formal biography is much, much longer, so let's leave it for some other time. Some less formal information Fred Cohen gave himself, speaking exclusively for "Alive" : A: Why did you get interested in computer viruses? FC: When the idea came to me, it was incredibly interesting and I followed up. The most interesting thing is the implication about life in general. When I first started to do experiments and report on the results, I was greeted with quite a bit of hateful commentary. At one point, I was even called on the carpet of one of the Professors and accused of breaking into computers at another university. I was innocent, but treated as if guilty. That experience has helped me through the various other times I have been falsely accused of breaking into computers. Somewhere during that period, an old saying one printed on a wall at Carnegie Tech by Alan Perlis came back to me: Problems worthy of attack, Prove their worth by fighting back. A: What could you say about your work which is not so commonly known? FC: By now, I have published almost everything that has come up. The only real disappointments relate to my inability to find any paying work related to computer viruses. Lots of people have offered me work if I will say things that aren't true, or endorse a product that I think is not very good. People want the use of my name, but not the results of my effort and analysis. A good example is the controversy surrounding benevolent viruses. I have been black balled by many members of computer security community because I refuse to renounce what I feel to be the truth. Among the leaders of the black balling are academics who I think should be fighting for academic freedom and the proliferation of new ideas, but it turns out they can get more research grants by speaking out against new ideas than by giving them a fair airing. It should be no big surprise - after all, as recently as 1988, I had an NSF grant proposal rejected by poor reviews from academics who claimed that there was no such thing as a computer virus and that viruses could not work in systems with memory protection. Obviously, they never bothered to read any of the 50 or so papers I have written on the subject. A: What problems did you have in presentation of your work? FC: Only a few years ago, I was called a heathen by the computing community including many professors at universities. The reason was that I supported the notion of benevolent viruses. They had a public effort to black ball me from research grants and other work, and it was almost unopposed. It got quite lonely at times, but I persevered, and now I am only loathed and hated by a small majority of the computing community. In the fall of 1992, I was vocally and electronically vilified for publishing the results on the effectiveness of built-in protection in Unix and Novell networks against viruses and specifying the proper protection settings for these environments. A few months later, Novell agreed with me, and they are now changing some things about their protection scheme. Then, I was scheduled to present an updated version of the paper at the DPMA conference in New York, but they censored my benevolent virus paper, and had another speaker present a paper about Novell Netware protection that was just plain wrong, led Novel administrators to use inadequate protection, and got reprinted in a national magazine. I guess I was wrong - you never get used to it - but you have to decide if you want to tell the truth as you see it or be popular - it is unlikely that you will ever get both until well after you are dead. I have made a personal choice that has doomed me to financial ruin over the last seven years or so, but despite the financial impact on me and my family, I have tried to keep on. I have told you some of the problems I have encountered, and there are many more of them, but let's keep to the positive aspects for now. A: Why people still do not understand what do you mean when talking about computer viruses? FC: There are at least two or three answers to that. The first one is that few people recognize that viruses are really only part of a pair - the life form and its environment. The life form is not alive except in an environment, and yet for linguistic ease, we speak of viruses as if they were independent. The second one is that simple explanations are commonly used to avoid having to talk about the great breadth of issues involved in this field. It's a lot easier to sell fear when you can claim all Indians are evil than when you have to explain the difference between a Shawnee and a Mohawk. Another reason is that most people aren't very interested in mathematics or being very precise in what they do. Why bother to fully understand when you don't have to. That's my view, but who knows what is really in other peoples' minds. A: What is your concept of beneficial virus? FC: All technology (in my experience) is a two edged sword. We tend to see one edge or the other, but both exist. When we explore both sides, we get a deeper understanding. A benevolent virus is simply a virus that is used for good purposes, but then this is a matter of context. For example, even an extremely malicious virus used against an enemy could be perceived as beneficial. Good and bad are relative. Most of the viruses I discuss as benevolent are in fact reproducing symbol sequences without any known malicious side effects. For example, the maintenance viruses that automate systems administration functions are only doing what people would otherwise have to do manually. They save extra labour by automatically distributing themselves, etc. but otherwise, that are just the same as any other program. A: Why did you get interested in artificial life? FC: I am interested in life because I am alive and want human life to continue, to grow and evolve, and to advance and survive - both for myself and for my children. The word artificial is really only a side effect of peoples' egos requiring a special name for things they create. My interest is in deeper understanding, and thus I examine the issues of life from an informational standpoint and abstract out the specifics of whether the environment is biological, electromagnetic, or what have you. I am an information scientist by degree, training, and interest. As such, the study of information (a.k.a. symbolic representations in whatever form) is one of my passions. A: Why did you write "It's alive!"? FC: I enjoy writing, and I had done a significant amount of work on this subject that I thought might be of interest to others. I was also somewhat disappointed by the presentation of artificial life as it is given by the growing mainstream of the field, and wanted a venue in which I could express contrary and novel ideas without the growing set of conservative researchers trying to stop me. When I talk about this topic, I am talking about real living creatures, not things that mimic real living creatures. I am talking about foundations for the understanding of life in the general sense, an expansion of biology into the general informational domain, drawing parallels between our biosphere and the infosphere, understanding the implications of the changes in our environment through information systems before we experiment on our children, understanding life forms in a different way, understanding the implications of our emerging technologies and ways of thinking about things, and other stuff like that. In my book, I don't just talk about computers, but about the concepts of God, evolution, the generation and creation of life, death and why it must exist and why we need it to survive, the joint life forms we are now creating, diseases of the joint life forms, models of biological life and our willingness to commit memocide. I try to bring the richness of the world together in my writing so that the outbreak of Ebola Zaire can be related to the Jerusalem virus in a sensible way, and we can see the implications of our actions. As you can see, I have a passion for this subject, and if I continue at this pace, you will have another book to review. A: Why people are willing to reject the concept of beneficial viruses or artificial life in general? FC: I don't care to speculate further on peoples' motives at this time, but as a general guide, we might consider that people have emotions and that their motives are often complex and poorly understood. I have had people tell me that I am paving a road to hell with my good intentions, but I cannot tell which of us is really doing that because I am not omniscient. I just walk the path that seems right to me and try to understand the implications before I make big decisions. A: Do you think that there is anything unethical in claims that beneficial viruses exist? FC: I think it is unethical to claim that there are NO benevolent viruses when we all know that they do exist and have seen published examples. The ethical questions in any research come from the analogy to the two edged sword described above. I feel we have a responsibility to present both sides of the issue, to consider the implications of our work and how it will impact others, and to consider these issues deeply and carefully before proceeding. To me, it is very strange that people complain about my publishing results on benevolent viruses. After all, I got a lot of complaints in the 1980s about publishing results on malicious viruses, including over 40 papers in that period on protection against viruses. My conclusion is that the people complaining about the ethical issues are more often than not, expressing their frustration that somebody else thought of an interesting new line of research and published the results despite its somewhat negative impact on their research. Every once in a while, there may be an ethical issue worth bringing up, but it is patently ridiculous to claim that it is unethical to publish results of research into useful applications of computer viruses. But then, people also claim we should not publish results on useful applications of nuclear physics because there are nuclear weapons. \|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\| Take care of the means and the ends will take care of themselves. - Mahatma Gandhi - \|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\|/\| Article Review: --------------- TRENDS IN COMPUTER VIRUS RESEARCH ================================= by Dr Frederick B. Cohen In this paper (published in 1991.) Fred Cohen discusses current trends in computer virus research. The article is an excellent reading for those who want to get a short insight in entire Fred Cohen's work. The text can be roughly divided in two parts. In the first part the author gives a quick review of history of malicious viruses and defensive methods against that type of computer viruses. The second part deals with benevolent viruses and the design of useful viruses in practice. The article is closed by discussing future research topics. Malicious Viruses and Defense ----------------------------- This part begins with a short insight to the history of malicious viruses' attacks. The term is referred mostly to the population of IBM PC/DOS viruses which started to appear in large numbers since 1987. The author call those viruses - "real-world viruses". In the further text the preview of defense methods against malicious viruses is given. The vulnerabilities and advantages of several well known ideas are discussed. It is stated that all built-in self-test techniques are vulnerable to a generic attack, i.e. when the virus activates before program being attacked and forges the operating environment so that altered information seems to be unaltered to the protection system. According to the author the most effective protection against malicious computer viruses is defense-in- depth. In this approach many approaches are combined, so if one technique fails, redundant techniques provide added coverage. The combined use of virus monitors (scanners), integrity shells, access controls, virus traps, on-line backups, SnapShots ("SnapShoting" of system memory at bootup and performing a complete replacement of the system state with the known state from a previous bootstrap), BootLocks (providing low-level remapping of disk areas to prevent bootstraping mechanisms other than the BootLock mechanism from gaining logical access to the DOS disk) and ad-hoc techniques should provide reliable protection against operation, infection, evasion and damage by known and unknown viruses. Disadvantage of such an approach is space/time consumption when realized entirely in software. It is pointed out that performance of defense system can be greatly enhanced through hardware based implementations. Benevolent viruses and further research --------------------------------------- In the second part the author introduces the concept of benevolent virus. He explains that computer viruses are some of the fastest distributed programs. They distribute freely, easily and evenly throughout a computing environment. The hardest problem in parallel processing is efficient uniform distribution of computing between computers working together on the same problem. With computer viruses the solution of this problem is easier because of their ability to replicate and spread. It is, however, important to know that the problem of controlling virus growth must be addressed before widespread use of viruses in existing computer networks. To avoid confusion, the author gives his famous definition of computer virus from the paper "Computer Viruses - Theory and Experiments" (published 1984.): "We define a computer 'virus' as a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself." There is also description of worm: "...so-called "worm" programs would install segments on computers which were not in use, performing "segments" of the parallel processing problem being solved..." The author's formal definition of computer virus (not presented in this article) for mathematical reasons encompasses all self-replicating programs and programs that evolve and move through a system or network, thus putting many of the worm programs under the formal description of computer virus. The short history of theoretical and experimental work on self-reproducing programs is given. The two examples of useful computer viruses are presented. One example is The Viral Bill Collector. It is a distributed program which allows to the user to avoid a large centralized bureaucracy which controls and directs all activities, by distributing all functions to the individual bill collectors. The computing environment "births" and "kill" collectors according to the current requirements. The second example is Maintenance Virus. To reduce manual system administration, maintenance viruses are implemented. They replicate themselves in limited numbers, seek out known imperfections and repair them. The author points out that "birth/death" processes are central to the problem of designing viruses that do not run amok, as well as to the evolution of viral system over time. Some other future improvements of useful viruses as random variation and selective survival are discussed. It is stated that in the same way as we can generate computer program from specifications, we can generate evolutionary systems from specifications, and assure to reasonable degree that they will act within predefined boundaries. The author regretfully notices that viruses have gotten a bad name, partly because there are so many malicious and unauthorized viruses operating in the world. He offers as possible solution of this problem the "Computer Virus Contest" which rules prohibit the use of viruses that have been released into uncontrolled environments, viruses placed in systems without explicit permission of the owner and viruses without practical mechanisms to control their spread. The author concludes that "just as biological viruses can cause disease in humans, computer viruses can cause disease in computer systems, but in the same sense, the benefits of biological research on the quality of life is indisputable, and the benefits of computer virus research may same day pay off in the quality of our information systems, and by extension, our well being." Further reading: ---------------- I would recommend this article for the start to those who want to get acquainted with Fred Cohen's work. The next step could be the book "A Short Course on Computer Viruses" where the same themes are presented in more details. According to personal wishes, one can continue either going further with the theory by reading Fred Cohen's Ph.D thesis or some of his articles with formal definition of computer virus, or to find some practical solutions of viral and security problems in some of numerous Fred Cohen's articles with that subjects. Personally, I am waiting impatiently to read the newest book "It's Alive!". ^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^ The man who fights for his ideals is the man who is alive! - Miguel de Cervantes - ^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^&&&^^^ THE MYSTERY - MARK LUDWIG ========================= Reading the following text from the article published in Crypt Newsletter No 22, I got curious. Yes, I have heard the name Mark Ludwig earlier, but it always had some negative connotation. This article was somewhat different... [ IN THE READING ROOM: "COMPUTER VIRUSES, ARTIFICIAL LIFE AND EVOLUTION" BLASTS EVOLUTIONARY SCIENCE WITH THEORETICAL PHYSICAL METHODS Just after Christmas, on December 27th, Addison-Wesley France was served with a temporary legal notice prohibiting the distribution of its recently published French language edition of Mark Ludwig's "Little Black Book of Computer Viruses, Volume 1." Entitled "Naissance d'un Virus" or "Birth of a Virus," the French edition was selling for about $50 cash money. The company is also distributing a disk containing copies of Ludwig's TIMID, INTRUDER, KILROY and STEALTH viruses separately for a few dollars more. However, before the ink was dry on the paper a French judge dismissed the complaint, said Ludwig between laughs during a recent interview. Addison -Wesley France, he said, subsequently worked the fuss into good publicity, enhancing demand for "Naissance d'un Virus." Almost simultaneously, Ludwig has published through his American Eagle corporation, its follow-up: "Computer Viruses, Artificial Life and Evolution," which will come as a great surprise to anyone expecting "The Little Black Book of Computer Viruses, Part II." For those absent for the history, "The Little Black Book of Computer Viruses," upon publication, was almost uniformly denounced - by the orthodox computer press - as the work of someone who must surely be a dangerous sociopath. Most magazines refused to review or mention it, under the working assumption that to even speak about viruses for an extended length - without selling anti-virus software - only hastens the digital disintegration of the world. Ludwig found himself engaged in a continued battle for advertising for his book, losing contracts without notice while the same publications continued to stuff their pages with spreads for cosmological volumes of pornography. This has always been a curious, but consistent, hypocrisy.... ] ...Later in the same text there were few words about the author... [...Not surprisingly, the controversy has kept sales of "The Little Black Book" brisk since its initial printing and financed the expansion of American Eagle. Which brings us, finally, to "Computer Viruses, Artificial Life and Evolution," a book which takes a hard scientific look at life and the theory of evolution, and only incidentally contains working viruses. To grapple with the underlying philosophy behind "CVAL&E," its helpful to know Ludwig was a physics major at Caltech in Pasadena, CA, at a time when Nobel-laureate theoretical physicists Richard Feynman and Murray Gell-Mann were in residence. The ruthlessness with which these scientists dealt with softer disciplines not up to the task of thorough theoretical analysis coupled with the academic meat-grinder that is Caltech's reputation, casts its shadow on "CVAL&E." Ludwig writes in the introduction: ". . . Once I was a scientist of scientists. Born in the age of Sputnik, and raised in the home of a chemist, I was enthralled with science as a child. If I wasn't dissolving pennies in acid, I was winding an electromagnet, or playing with a power transistor, or . . . freezing ants with liquid propane. When I went to MIT for college I finally got my chance to totally immerse myself in my first love. I did rather well at it too, finishing my undergraduate work in two years and going on to study elementary particle physics under Nobel laureates at Caltech. Yet by the time I got my doctorate the spell was forever broken . . . I saw less and less of the noble scientist and more and more of the self-satisfied expert."...] ...Well, at this point I decided to contact Mark Ludwig and ask him some questions. Here is he, answering exclusively for "Alive": A: Why did you get interested in computer viruses? ML: I thought they were interesting as genetic, self-reproducing entities, and I just wanted to learn something about them, as a scientist. What little I could find out about artificial life seemed very much skewed toward the evolutionary point of view, which is in my mind more philosophy than good science. Since computers are universal simulating machines, I think one thing AL [Artificial Life] researchers can get into is a sort of programmatic story telling which has little to do with reality. I mean, of course you can design something to evolve (Lamarkian or Darwinian) just because you have an universal simulating machine. But does that have anything to do with real life? I saw viruses as a real-life phenomenon, rather than a laboratory construct. Perhaps they are the only "life-form" apart from earth's carbon-based life we will ever meet. Laboratory AL experiments tend to be contrived because the researcher's intelligence inevitably enters in. Viruses, as a phenomenon, are somewhat different. They're in the wild. What do they do there? Do they evolve? Can they evolve? The whole question just seemed fascinating to me. A: When did you start to deal with computer viruses and could you describe shortly your work? ML: About 1988 or 1989. Given the above interest, the natural thing to do seemed to be to get some viruses and learn about them. That proved to be a real challenge though. Technical knowledge of this field was very hush-hush then. I ended up solving the problem by setting up a BBS and announcing that I'd send people $20 if they'd send me a virus. So I got a few that way. But I realized it was going to be hard to discuss my scientific interests with anyone if no one understood the technology behind viruses. Furthermore, I did not believe that this silence was best for mankind in the long run. I mean, here is this brand new technology -computers & information science- and a brand new phenomenon -viruses- and all anybody wanted to do was to make it go away. As a scientist, I was much more inclined to explore the possibilities. Yet I knew I couldn't possibly do that alone if we're really going to find out what uses these things might have, or what understanding they might actually contribute to other scientific disciplines. Science doesn't work like that now-a-days. The knowledge has to be more generally available before anyone could even begin to think along these lines. So I set out to make that knowledge accessible. A: Why did you write "The Birth of a Virus" ? ML: "The Birth of a Virus" is the French edition of "The Little Black Book of Computer Viruses." I plainly wrote it so that the average programmer could learn the basics of how a virus operates. That was published in 1991. It is not intended to be a compendium of all the tricks virus programmers use, or anything like that. It is an introduction. The viruses discussed in the book (4 of them) are pretty basic, but they get some of the basic techniques across, and illuminate the issues which a virus must face to reproduce. A: Why did you write "Computer Viruses, Artificial Life and Evolution"? ML: CVALE is a first stab at discussing my original interest in viruses. It discusses questions like "Are viruses alive?" and digs into viral evolution, comparing viruses to real-world organisms, etc. It's about more than just viruses, though. It's about the whole Artificial Life movement, as well as science and philosophy. Really, I think what I've seen in staring hard at viruses might be very valuable in bringing about a revolution in evolutionary biology. Using carbon-based organisms is a horrible way to study evolution. They're too complex and we don't understand them well enough. The time frames of evolution are too large. And deep philosophical questions rear their heads all over the place. Inside the computer, most of these difficulties just vanish. The one thing you have to be careful of is the universal nature of the computer. What you don't want is to create some kind of science that will always confirm itself. Looking at viruses can teach us how to impose some of the checks and balances that science needs to be valid. A: Do you think that your work is unethical or illegal? ML: Illegal? Some people tell me that it is in some parts of the world. Certainly it is not illegal in the US. Unethical? That is a more difficult question. I don't think so, but I'm open to correction. I mean, I realize that by publishing viruses, somebody could use that information to hurt somebody else. It's not my intention to empower would-be criminals. At the same time, I think a lot of people can get hurt because people who should have the technical expertise to deal with malicious viruses don't have it and have a hard time getting it. The idea that you can combat a human intelligence with a piece of software is ludicrous. Anybody who just installs an anti-virus and sits back on his laurels is asking for trouble. At least some virus writers are intelligent people. And the only way to combat a human intelligence is with human intelligence. In other words, you start with first hand knowledge of what viruses are and how they work. Given that first hand knowledge, you can reasonably choose anti-virus software to protect your systems, etc., but you don't just pick the program based on some advertisement, or some review that purports to be unbiased, albeit written by an a-v developer or by some peon at an advertiser-driven magazine. Thus, I see my work as being potentially very beneficial in that it brings education and light where darkness has been. The only way I can see to answer the ethics question is to weigh the merits and dismerits of what I'm doing. I've always taken the attitude that I'll do this on a tentative basis, but if it proves out that people are taking my stuff and wreaking havoc with it, I'd be the first one to condemn it. Now, 3 years after the release of The Little Black Book, I think I can say safely that people are not, for the most part, running out to destroy the world with it. They are behaving responsibly. We do not make it illegal to manufacture hammers or knives because people do, occasionally, kill other people with those implements. We do not call the knife manufacturer immoral or unethical. Killing someone or not with them is the responsibility of the user, not the manufacturer. I fail to see why viruses should be treated differently. The a-v community argues that there is no such thing as a good virus, ergo there is no benefit side to the equation, as in the case of a hammer. Even if they were right on that point, though, it would not be logical to conclude, therefore, that making information about viruses available is therefore also bad. Someone who learns about viruses -who gets the first hand knowledge about them- is going to be a whole lot better at facing a malicious virus running amok in a network than somebody who simply sits back and lets somebody else, e.g. an anti-virus company, do his job for him. The second person will in all likelihood need expert help to get rid of the virus. The first will be the expert to begin with. Thus it seems reasonable to suggest that even if all viruses were only evil (which I do not believe), it could still be very good to make the knowledge of them available, because in so doing you are teaching people how they work and giving them the expertise to fight them better. As far as I can see, the benefits do outweigh the dangers here. I think when considering the ethics of all of this, we have to realize that the a-v community is trying to partake of a new ethic which, if carried to its logical conclusions, will have a chilling effect on all innovation and all human initiative. You see this new ethic throughout society. It damns anything which could potentially be harmful before you even know whether it will be beneficial or not. I don't care whether you're talking about a-v or environmentalism or about the latest drive to socialize medicine in the US, this mindset is behind it. The bottom line is an attempt to create a risk-free socialist world controlled by a technical elite. Now, you can't stop hammers with this approach, but you can sure stifle anything new, because you can magnify the risks, and diminish the benefits, and people don't have an intuitive feel for it. The truth is that people who reason this way are trying to make gods out of themselves. They are not content to let their opinions be opinions. Rather they try to elevate them into moral truism. A lot of people in the west still have a love-affair with socialism, so they buy into this risk-free attitude without questioning it much. We shouldn't be deceived by such propaganda though. A: What problems did you have in presentation of your work? ML: Well, nobody wanted to print it. But it was not that big of a deal since I already owned a publishing company which published other books for university classes. I just had to decide whether we should get into this line or not. I've had enough experiences in other fields of science to know that if you want to do anything new you're going to meet resistance. I haven't run into any problems I didn't expect from the start. A: Why people are willing to reject the concept of beneficial viruses or artificial life in general? Most people don't reject the idea of a beneficial virus if you discuss it with them intelligently. Rather, they become open to it rather quickly. There's a certain amount of inertia you have to overcome to get people to actually install a beneficial virus, though, because they've been brainwashed into believing that virus = bad. Once you get past that, it's not a problem. Now, obviously, I won't say the same of the anti-virus community. Here you have a case of group-think where everyone just echoes everyone else's opinion. It's kind of like an extreme political party. Breaking ranks will get you ostracized. They are the ones who've been trying to brainwash people, and they want to keep it up because they are pushing an agenda that puts them in the driver's seat. They know full well that to make any concession in their position is to open the floodgates. How will you ever pass legislation against the free dissemination of virus-related information once you admit that some of it might be beneficial? You won't. So they'll fight the idea of a beneficial virus to their dying breath. Artificial Life is a different matter, though. I think a lot of people reject the concept in its strong form for religious or philosophical reasons. Furthermore I think those reasons are completely valid. I mean, IF you accept the idea that life is nothing more than atoms and physics, it makes sense to define life functionally and then design something functionally equivalent and call it life. However that IF is a big if. There are plenty of reasons not to do that, both philosophical and purely scientific. Most of the people doing AL work just leap right in like good positivists and sweep the deeper questions under the rug. If AL is ever to garner widespread support, those who study it are going to have to be more sensitive to the philosophical issues. I tried to do that in my book, though I haven't gotten a whole lot of feedback as to how well I succeeded. A: Are there persons in virus/anti-virus field that you respect and why? ML: Technically there are quite a few people I respect. Writing viruses and anti-viruses is kind of like a programmer's version of a grand master's chess game. You need both a good deal of skill and a sense of the art of it to play on either side. Intellectually, I don't have very much respect for many of the people who've made a name for themselves in a-v work. Many of them aren't thinking for themselves anymore. They've made up their minds and they won't hear new ideas. They're like politicians who are so committed to a movement that they don't dare change, and they stagnate intellectually as a result. There are a whole lot of people a step below the big names, though, who are just good people trying to keep the computers in their companies clean and what not. They aren't pushing an agenda - they're just trying to get their job done. They're open minded and they will listen to new ideas. I respect these people a lot, and it's my sincere desire to help them get their job done. By making technical information about viruses available, I'd like to believe that I'm doing that. !{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}! And God saw that it was good. And God blessed them, saying 'Be fruitful and multiply' -Genesis 1:21,22 (The dedication to Mark Ludwig's "Little Black Book about Computer Viruses") !{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}!{**}! IT CONQUERED THE WORLD: A FICTION EXCERPT FROM MARK LUDWIG'S "CVAL&E," ======================================================================= FOR YOUR ENJOYMENT ================== [Warning: Sections of the following may seem morbid and unpleasant.] Cast 50 years in the future . . . "Atomic storage technology was developed and put to work in computers 40 years ago. Five years later the first notebook computers with 100 terabytes of pico-second access, non-volatile storage became available for under $5000. Of course, software lagged far behind hardware. For nearly 20 years, the software giants battled it out developing operating systems to make effective use of the storage technology. In fact, operating systems proliferated to such an extent that real progress in programming gave way to brute competition between operating systems. By and by, IBM came up with the solution. Their OS/4 operating system was an incredible engineering feat. About 1.2 terabytes of code, fully interactive speech recognition, touch and vision interface, artificial reality feedback. But the clincher was the artificial intelligence which allowed the operating system and applications to adapt to both the individual user and the software developer. It was a cinch to write very complex programs in this environment because of the artificial intelligence, despite the fact that there were nearly 2 million possible system calls. Shareware proliferated for it, and then commercial programs that would boggle the mind of anyone just ten years earlier. "By 2045, OS/4 was the _de facto_ standard. There weren't even any close competitors. Nobody even had any interest in new operating systems, because this one seemed to fit everyone's needs so well. It seemed to be the golden age of computing, except for one thing. OS/4 had some anti-virus measures built into it. They worked pretty well. However, a fairly simple but benign virus appeared in this environment that those anti-virus measures couldn't cope with. This virus was only about 2 megabytes in size, and since it was benign, nobody cared much about it. However, at the time the United States had become a tyranny whose evils had eclipsed even those of Stalin and Hitler. Most intelligent people had fled the country long ago. The government went on a crusade to find the author of the virus. They got their man, and subjected him to functional re-engineering at the hands of nano-robots. A horrible fate. This focused quite a bit of attention on the virus and its alleged author. To defend this poor scapegoat, a team of scientists got together and proved that just such a virus should evolve into a useful clean-up utility if left alone. "A couple weeks later IBM released a supplementary anti-virus utility to take care of the problem. Even though the scientists said not to worry, a lot of people wanted the virus out, and IBM saw this as a good way to make a moral statement about virus writing that would make a number of governments happy. This . . . was the beginning of the end, though. A typical case of the quick fix. No one took the time to disassemble the virus. Nobody listened to the team of scientists. "Until that anti-virus utility was released, there was little evolutionary pressure on the virus, and most of it caused evolution in beneficial ways. The utility was quite adept at putting pressure on the virus to make it malevolent, though. And the virus mutated with incredible ease . . . If that were not enough, the artificial intelligence of the anti-virus only succeeded in driving the viruses - which also used system AI resources - to become smarter and more prolific. The anti-virus was made available on a Monday, free of charge to the general public. By Wednesday, the whole world was in chaos. Everything was shut down. Financial markets. Communications. Hospitals. The works. Nobody went to work. People were dying . . ." (c)opyright 1993 American Eagle Publishing. Used with permission. &&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&** The disciples asked the master: - What will happen with you after your death? - I will go to the hell. - But, they think that you are very holy master! - If I don't go to the hell, how can I help you? - Zen text - &&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&**&&** [ The book review of "Computer Viruses, Artificial Life & Evolution" and "It Conquered The World" originally appeared in the February 1994 issue of The Crypt Newsletter. They are reprinted in "Alive" with permission of Crypt's editor George Smith (Urnst Kouch). The Crypt Newsletter is a monthly publication featuring science news, media reviews and comment of interest to a computing audience. E-mail: ukouch@delphi.com ] Editor's note: -------------- The "underground" versions of The Crypt Newsletter contain source code of some viruses. It is disputable if they are beneficial or not. The "clean" versions (without virus code) are available on Compuserve. ~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~***~~~ THE REALITY - VESSELIN BONTCHEV =============================== Many people know the name Vesselin Bontchev from discussions on Virus-L/ comp.virus. His formal biography says: In 1988 Mr Bontchev became interested in computer viruses and soon afterwards his freeware anti-virus programs were the most popular in Bulgaria. In 1990 he became the director of the Laboratory of Computer Virology at the Bulgarian Academy of Sciences - a laboratory, created mainly due to his efforts. Since 1991 he is working on his Ph.D. thesis in the Virus Test Center at the University of Hamburg, Germany. Since 1990 Mr Bontchev is the Bulgarian representative in IFIP's TC-11 (Computer Security). He is also a founding member of CARO (the Computer Anti-virus Researchers' Organization), a founding member of VSI (the Virus Security Institute), and a member of EICAR (the European Institute for Computer Anti-virus research). Mr Bontchev's main fields of interest include computer viruses, computer security, integrity and data protection, encryption, number theory....etc. Leaving formalities for a moment, Vesselin Bontchev speaks for "Alive" exclusively: A: Why did you get interested in computer viruses? VB: Initially - because they are interesting, of course. I mean, they are challenging; doing something that is unusual and clever. Later I discovered that my knowledge in this field can help many other people and this motivated me additionally. A: When did you start to deal with computer viruses and could you describe shortly your work? VB: It all began in the Spring of 1988. At that time I was working on a voluntary basis as a consultant for the only Bulgarian computer-related magazine - "Komputar za vas" ("Computer for You"). I was asked to provide some help in translating a German article (from the German magazine "CHIP", I believe) about computer viruses. I didn't know German at all, but I knew a lot about computers. The article was initially translated by a professional translator, who knew German perfectly, but knew nothing about computers and the special jargon used in this area. There was a lot of funny stuff in the draft translation... But I digress. In short, the article was about computer viruses. I read it, and the subject captivated me at once. Knowing from personal experience that the quality of the information obtained from such sources as popular magazines tends to be rather low, I used the information system of the Bulgarian Central Institute for Scientific and Technical Information to do a library search by keywords and then to read all available serious journals that had some articles on this subject. The most valuable source of information proved to be "Computers & Security", and in particular the papers from Dr. Fred Cohen and Prof. Harold Highland - two of the very few people that seemed to know what they were talking about. After reading all that was available to me at that time (not that much; there weren't so many articles published on this subject at that time), I decided that while an interesting mental exercise, computer viruses couldn't be that dangerous, because every moderately competent computer techie should be able to spot them at once. Also, it was obvious that all the hype in the popular media was caused mostly by people who knew near to nothing on the subject. Even the viruses that existed at that time didn't seem anything particularly clever - I remember that when I read the description of Brain, I spent long time wondering what the *other* part of the code could do, because it was clear to me that anybody with some experience in assembly language programming could fit the described functionality into less than one kilobyte of code - so what were the other 2 Kb of the virus *doing*? In short, I wrote an article for "Komputar za vas", explaining my view that computer viruses can't be a real threat. What I have overlooked was that by far not all computer users are technical experts who know by heart the internals of their machines... Just a couple of days after my article was published, two guys came at the editor's office of the magazine and proudly announced that they have found a virus! It was what we are calling now Vienna.648.Reboot.A, but nobody knew it at that time. The two guys had already dealt with the infection in the company they were working for (they were system programmers, after all) and demonstrated us how well their custom-made disinfector works... disinfecting the only copy of the virus left in their disposition. Of course, I wanted to examine "the beast" and to understand how exactly it works and why. The problem was, it was already gone! I visited the office in their company, and after a long and fruitless search for an infected file, we finally found a piece of paper in the trash bin, that contained the hex dump of an infected file... I got that piece of paper and entered the code with DEBUG byte-by-byte. Then I disassembled it, understood it, wrote my own disinfector (and even a vaccine) for it... This is how it all began for me. My second case was Cascade, then Ping_Pong, then the Bulgarian viruses began to appear (Old_Yankee, Yankee_Doodle), and then came the Dark Avenger... My work now? Well, I am working in the Virus Test Center at the University of Hamburg, under the leadership of Prof. Klaus Brunnstein. I am in charge of maintaining our virus collection. I am also analysing viruses, helping people who are asking virus-related questions from all parts of the world, writing my Ph.D. thesis, testing anti-virus products, and many other less exciting things. A: Why did you leave Bulgarian anti-virus scene and moved to Germany? VB: Because I was proposed the wonderful opportunity to live and work under excellent working conditions in place with a very high reputation in the computer anti-virus field - and also to get a Ph.D. there. A: Are you familiar with present virus/anti-virus situation in Bulgaria? VB: It depends on your definition of "familiar". I have a pretty clear idea of what is happening there, although I am not as much familiar with the virus/anti-virus scene there as I used to be. A: It is known that certain animosity existed between you and Bulgarian virus writer known as Dark Avenger some time ago. VB: That is put very mildly, yes. A: What do you think about him today? VB: The same bad things I've been always thinking about him. Sorry, but my education does not allow me to list them here. A: What is your general opinion about virus writers? VB: Most of them are just irresponsible juvenile people (I am tempted to say - kids), who want to "establish" themselves and to impress their peers, by doing things that they perfectly know are regarded as "bad" by the society, but for which, as they also know very well, this same society is unlikely to be able to punish them. They like so much to brag about their "exploits" and "civil liberties", but it is actually the same old graffiti writing, only in a more modern, electronical form. In short - vandals. A: What do you think about beneficial viruses and artificial life? Why are people willing to reject the concept of beneficial viruses and artificial life in general? VB: I don't feel competent to comment about artificial life, because I am not expert in this area. I don't believe that computer viruses are a form of artificial life, however. People don't like to even hear about the so-called "beneficial viruses" mostly because the term "computer virus" is already loaded with negative meaning in the public opinion - maybe incorrectly, just like the term "hacker", but that's it how it is. I would suggest to anybody who is doing serious and responsible research in the field of self-replicating code, to use some other term, if they don't want to be misunderstood by the general public. After all, what Dr. Cohen is understanding under the term "beneficial virus" is *very* different from those nasty little programs that the general public is acquainted with. A: Do you think that is unethical to claim that computer viruses can be beneficial and why? VB: Now, that's a difficult question... Well, it depends. It depends on what are the motives of the person making the claim. Is he a legitimate scientist who is trying to use an interesting phenomenon for something useful for the humanity? Or is he just an irresponsible person who is looking for an excuse for his asocial acts and is trying to masquerade them under the scientifically-looking term "research"? However, I think that even the legitimate researcher ought to emphasize that he is talking about something completely different from the real computer viruses known to the general public - in order not to be misunderstood. Also, I think that he should clearly (and loudly) distinguish himself from the virus writing crowd. Research - yes, but seriously done, in clear and strictly controlled environment, by people who have the knowledge and experience to conduct it. Just like the kind of research into biological experiments. A: You often mention "real viruses". What are they and how are they related to the concept of "beneficial viruses" ? VB: I am convinced that what most people understand under the term "computer virus" cannot be beneficial. When the average user hears the term "computer virus", he almost certainly does not have a valid definition for it, but just as certainly he has a pretty clear view of what the term is about. I call this a "real computer virus". Real computer viruses are always bad. My professional understanding of "real virus" is this: "Something has entered my computer without my authorization and is replicating there, potentially doing damage." The accents are on (a) entered without authorization, (b) replicating - i.e. modifying executable objects and wasting time and disk space, and (c) maybe it is doing damage, maybe it is intentionally, maybe not intentionally. The average user's understanding of "real virus" is probably: "Something is here, I didn't allow it to be here. I've been told it can spread like living being and that it can destroy my data/programs. I don't like it." Two years ago I asked the net to send me the arguments why they think a "good" virus is a bad idea. I have collected dozen reasons. I do not claim that computer viruses cannot be beneficial, but any virus that pretends to have this property must not violate any of the 12 conditions. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Originality and the feeling of one's own dignity are achieved only through work and struggle. - Dostoevsky - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vesselin Bontchev: DOZEN REASONS WHY A "GOOD" VIRUS IS A BAD IDEA ============================================== I. Technical points: -------------------- 1. Once released, one has no control on how the virus will spread; it may reach an unknown system (or the one which could have even not existed at the time the virus is created) and on which it might cause non-intentional damage. Any virus that claims to be beneficial, must contain measures to prevent this. For instance, if it infects a particular object, it must at least keep a cryptographically strong checksum of this object, in order to make sure that it does not infect anything else by mistake. And this is only a simplistic example; in reality the precautions must be much more elaborated. A virus that claims to be beneficial should provide means to be controlled. It should be possible to easily prevent the infection even of a system that has never heard about the virus; it should be possible to remove the infection easily from any infected system, without causing any harm; and it should be possible to send a message to all instances of the virus to terminate themselves, restoring the infected systems to their uninfected state - or to update themselves. Such a message should propagate faster than the virus itself. In some sense, those messages will be "viruses" for the "computational environment" consisting of all existing copies of the virus, just like the virus is a virus in the "normal" computational environment (the one that the user uses). If such a solution is implemented, this is still dangerous, although the danger is of a different kind. Suppose that a system uses the beneficial virus and relies on it. Then a malicious attacker could send a message to the virus to terminate itself, thus causing harm to the system (a denial of service attack). Therefore, the message should be cryptographically authenticated. In short, the virus should be able to authentify itself to the system and the system should be able to authentify itself to the virus. The user of the beneficial virus should actively invite (e.g. install) the virus on his/her system. It is not enough if the virus asks for permission, because this forces the user to take some measures in order to keep their system virus-free. By default (i.e. if no measures are taken), the virus should not infect that system. Only if the virus finds some kind of "invitation", it should infect the system. There must be a way to turn off the prompting - the user must both be able to set the default action to "no, don't infect" (by removing the invitation or not installing it in the first place) and to "yes, keep infecting without asking". And again, cryptographic means should be used to ensure that what the virus sees as invitation is indeed one and not some kind of mistake. No uncontrollable mutations of virus should happen, either of random (errors) or deterministic (intentional changes) nature. 2. The anti-virus programs will have to distinguish between "good" and "bad" viruses, which is essentially impossible. Also, the existence of useful programs which modify other programs at will, will make the integrity checkers essentially useless, because they will be able only to detect the modification and not to determine that it has been caused by a "good" virus. Therefore, a virus that claims to be beneficial, must not modify other programs. 3. A virus will eat up disk space and time resources unnecessarily while it spreads. The virus is a self-replicating resource eater. Therefore, a virus that claims to be beneficial, should keep only one instance of itself per infected machine and the costs of the time and other resources used by it must be negligible, compared to the benefits it brings to the user. 4. A virus could contain bugs which might damage something or harm somebody. Any program could be buggy, but the buggy virus is a self-spreading buggy program which is out of control. 5. A virus will disable the few programs on the market which check themselves for modifications and halt themselves if they have been changed. It is important to repeat again that a virus that claims to be beneficial, *must not modify* other programs. Summary of technical points against "good" viruses: -impossibility to control it or possibility to lose control over it -uncertainty in discerning "good" from "bad" viruses -resource wasting -bugs which are harder to detect and easier to spread around -modification of programs The above points apply to any practical system of use today, i.e. the systems which are based on von Neumann's architecture. II. Ethical/legal points: -------------------------------- 6. It is unethical to modify somebody's data without his or her active authorization. In several countries this is also illegal. The user of a beneficial virus must actively invite the virus to infect his or her machine. The virus must wait for an invitation, not bother the user with asking for permission or sneaking in without one. 7. Modifying a program could mean that the owner of the program loses his or her rights for technical support, ownership, or copyright. An example of such a possibility could be the case reported recently to VTC - Hamburg. The company refused technical support to somebody whose system was infected - they insisted that their product is re-installed. 8. An attacker can use a "good" virus as a means of transportation to penetrate a system. That is why a "good" virus must be able to authentify itself to the system, and the system must be able to verify that it is exactly what it claims to be. A person with malicious intents can furthermore get a copy of the "good" virus and modify it to include something malicious. Actually, an attacker could trojanize -any- program, but a "good" virus will provide the attacker with means to transport his malicious code to a virtually unlimited population of computer users. The possibility to transport malicious code is one of the things that makes a virus "bad". 9. Declaring some viruses as "good" will just give an excuse to the crowd of virus writers to claim that they are actually doing "research". Working with potentially dangerous things - either poisonous substances or self -repli- cating programs - should be left to people who have (a) the moral and ethical stability and (b) the technical expertise to do it. 10. Anything useful that could be done by a virus, could also be done with a normal, non-replicating program. Any virus that claims to be beneficial must do something that either cannot be done by a non-viral program, or is not done as effectively as with a viral one to avoid problems stated in previous points. The summary of ethical/legal points against "good" viruses: -modification of data/programs without active authorization of user -possibility to lose ownership rights on infected program -possibility to modify a "good" virus with malicious code to transport such a code further -the question of responsibility of persons writing viruses -the question of suitability of "good" viruses to perform a certain task III. Psychological points: -------------------------- 11. A virus activity ruins the trust that the user has in his or her machine. The impression that a virus steals user's control of the machine can cause the user to lose his or her belief that she or he can control it. It may be a source of permanent frustrations. 12. For most people the word "computer virus" is already loaded with negative meaning. They will not accept a program called like that, even if it claims to do something useful. *^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^* Those who are good, travel the road that avoids evil; so watch where are you going - it may save your life. - Proverbs 16.17 - *^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^*^^^* Vesselin Bontchev: AN EXAMPLE OF BENEFICIAL VIRUS ============================== ...Here is an example of a software package that uses replication to some extent and which is without doubt beneficial. Consider a company that has about 1,000 PCs, all networked together in a LAN. The company also takes the virus problem seriously, and insists that each and every of those PCs must be running the latest version of the SuperDuper Scan, before it is allowed to access the network. (Let's ignore for a moment whether the decision to rely on a scanner for virus protection is wise or not.) This is a very reasonable requirement, because scanners tend to get old like nothing else, and a new virus could sneak in undetected by the obsolete scanners and wreak havoc. So, the person responsible for the network has imposed a requirement: no PC that does not run the latest version of SuperDuper Scan is allowed to log in. That's fine, but how do you achieve that? The simple answer is - by keeping a copy of the (presumably resident) scanner on each of the PCs and regularly updating them. Only problem is - how do you keep 1,000 PCs up-to-date? And keeping them up-to-date with a product, a new version of which is released every month? If you try to go to each PC (and they are probably in different buildings and some are in obscure locations and used rarely) and update it manually from a floppy - then one month will not be sufficient to update them all - and before you have finished, you'll have to start all over again! A real nightmare... The obvious alternative is to keep one copy of the anti-virus package on the server and update the PCs from there. (Of course, it is presumed that you have a site license, but any company with 1,000 PCs that is using a particular anti-virus product has also probably been careful enough to get a site license.) However, if you go to each PC and manually download the new version from the server, then the situation has not improved very much. One option is to tell the users to do it regularly, and even set some sort of automatic system that sends them automatic reminders each time the software on the server is updated. However, users tend to be lazy and automatic messages tend to be automatically ignored... But there is an alternative! Design the anti-virus package like a network virus (a worm actually). One segment of the worm constantly monitors the logins. Each time a workstation attempts to login, that segment automatically questions that station whether it is running the anti-virus product and which version of it. If it turns out that a newer version is available, the segment informs the user about this, and proposes to update the local version. If the user refuses, then access to the network is denied. If the user accepts, another segment of the worm fetches the relevant (updated) parts of the package from the server, uploads them to the workstation, and reboots the latter, in order to make sure that the changes will take effect. Of course, the user is kept informed about this and user permission is requested each time. Now comes the best part. The "worm" - the set of programs that are responsible for the automatic distribution of the software actually come as part of it. They are part of the anti-virus software, and they are used to copy parts of the anti-virus software accross the network, in an automated way. That is, to some extent, the package is a virus (worm), because it is able to replicate (parts of) itself. Are there any ethical problems? I don't see any. The owner of the network has the full right to decide what the policy of admitting workstations to log in will be. The user has the alternative not to comply - and not to use the network. Of course, in a well-implemented (read: secure) package, the different parts of the virus will use cryptographic means to authentify each other. That is, it will be impossible for the user to lie that "yeah, the newest version of the software is already running", and it will be impossible for a rogue program to lie "hi, I'm the automatic distribution service; lemme "update" your anti-virus package". In most of the existing implementations the packages do not go to such trouble, but in the future they probably will - because this is the way to go. Of course, there will be some other goodies, like making sure that the different "worms" of this kind do not conflict with each other and so on, but this is not so important for this discussion. In fact, it is extremely easy to implement a primitive version of what I described above. A simple set of command lines inserted in the system login script and a couple of external programs will do the job... Editor's note: -------------- This example of beneficial virus is taken from the Mr Bontchev's posting to Virus-L/comp.virus which in its entirety appeared in Virus-L Digest Volume 7, Issue 48, 1 Jul 1994. @^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@ Has a dog Buddha-nature or not? Mu! - Zen koan - @^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@***@^^^@ THE GRAND DEBATE ABOUT BENEFICIAL VIRUSES AND ARTIFICIAL LIFE ============================================================= In the previous articles, three more or less different viewpoints about beneficial viruses and artificial life were presented. The topic is undoubtedly interesting. Could computer viruses be beneficial? What is artificial life? Are computer viruses the form of artificial life or not? Is it ethical to play with such things?...etc...The questions are numerous. The answers, opinions and approaches can vary widely - from the scientific (and somewhat controversial) interests of Fred Cohen and Mark Ludwig, pragmatic (and somewhat sceptical) approach of Vesselin Bontchev till vague and possibly confused opinions of "average computer user" and spurious intentions of anonymous virus writers today. There is a lot of confusion in the computer virus/anti-virus society today. Many things are not clear. For example, do we know what are we talking about when talking about computer viruses and/or artificial life? Do we talk with each other or it is a heap of monologues without anybody listening carefully? Where are the limits between scientific research and criminal activity? What is the science and what is marketing and media hype? Who can tell the difference? Are there connections between research in artificial life and hyper production of computer viruses (with possibly malicious purposes) today? I would like to put some order in the confusion. On the pages of "Alive" everybody will have a right to give his or her opinion, regardless if he or she is an anti-virus expert/producer/researcher or "average user" (whatever it means) or virus writer. I would like to invite all to Grand Debate about Beneficial Viruses and Artificial Life to present your opinions and eventual work in computer virus and/or artificial life field. However, I prefer a little calmer atmosphere than it is on some public forums, at least the discussions without pointless personal attacks. In fact, it is the only rule for the Grand Debate. Everything else is free. By this I announce officially that Grand Debate about Beneficial Viruses and Artificial Life is opened. The purpose of the Grand Debate is to give some answers, if possible. The subject is complex and there is no unique answer. For example, Fred Cohen said: "...viruses are only part of a pair - the life form and its environment..." According to Mark Ludwig viruses are "...a real-life phenomenon, rather than a laboratory construct..." and perhaps "...the only 'life-form' apart from earth carbon-based life we will ever meet..." Vesselin Bontchev thinks that viruses are "...challenging, doing something which is unusual and clever...", but he doesn't believe that "...computer viruses are a form of artificial life..." Talking about beneficial viruses Fred Cohen stated: "A benevolent virus is simply a virus that is used for good purposes, but then this is a matter of context...Good and bad are relative. Most of the viruses I discuss as benevolent are in fact reproducing symbol sequences without any known malicious effect..." Mark Ludwig thinks: "There's a certain amount of inertia you have to overcome to get people to actually install a beneficial virus, though, because they've been brainwashed into believing that virus = bad..." Vesselin Bontchev says that "...what most people understand under the term of 'computer virus' cannot be beneficial..." and that "...'real' computer viruses are always bad..." Furthermore, he gives the definition of "real virus" and average user's understanding of the term. At this point it seems that the problem of good definition of computer virus is the most important problem to solve. What is artificial life? According to Fred Cohen there is no difference from real life and "the word artificial is really only a side effect of people's egos requiring a special name for things they create..." He is talking "...about foundations for the understanding of life in the general sense, an expansion of biology into the general informational domain, drawing parallels between our biosphere and the infosphere, understanding the implications of the changes in our environment through information systems before we experiment on our children..." Mark Ludwig said that "...staring hard at viruses might be very valuable in bringing about a revolution in evolutionary biology. Using carbon-based organisms is a horrible way to study evolution. They are too complex and we don't understand them well enough. The time frames of evolution are too large. And deep philosophical questions rear their heads all over the place. Inside the computer, most of these difficulties just vanish..." Although not talking about artificial life Vesselin Bontchev gives very good points to think about in his "Dozen reasons..." When experimenting with potentially dangerous things which have ability to reproduce and to modify themselves the question of controllability of such "creatures" is very important. "A virus that claims to be beneficial should provide means to be controlled..." and "...the user of the beneficial virus should actively invite (e.g. install) the virus on his/her system..." The brief conclusions from these introductory discussions are: a) a good definition of computer virus is needed b) beneficial viruses are possible, but it is hard to change the negative meaning which term "computer virus" already got in public c) the research in computer viruses and artificial life can bring us to better understanding of life in general d) it is important to know how to control experiments and practical use of self reproducing entities (with eventual possibility of modification of themselves and their environment). It seems that this is quite a lot for the beginning. I expect that in further discussions more questions and problems will arise, before some answers appear. After all it is all real life. Maybe, the computer viruses are in the world to teach us something. Computer viruses are not only pointing to vulnerabilities in today's information systems, but also in vulnerabilities in human society. In the smaller extent everything can be seen here. I am not sure that there is an exact answer to question why people want to hurt other people or to destroy something. The destruction due to malicious computer viruses is not really the same as destruction in war. The writers of malicious computer viruses are not the killers. Anyway, they want to tell us something. What is that we have to find out by ourselves. Maybe we will also find the way to learn how to put the human dimension in our everyday life. ++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++ God made us plain and simple, but we have made ourselves very complicated. - Ecclesiastes 7.29 - ++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++oooo++++ ____________________________________________________ / / | | / |\__/| / | THAT'S ALL FOLKS !! | /~~~~~~\ / \ | NEW "ALIVE" IS COMING NEXT | ~\( * * )/~~\( 0 0 )/~ | HOST TO YOU SOON !! | ( O ) ( O ) |______________________________| \______/ \______/ @/ \@ @/ \@