At 11:06 PM 10/22/03 -0700, Bill Frantz wrote:
Mark Miller pointed out to me that currently much of our protection
from
viruses comes from people at the anti-virus companies who quickly grab
each
new virus, reverse engineer it, and send out information about its
payload
and effects.
You could be talking about biology as well.
Any system which hides code from reverse engineering will
make this process more difficult. To the extend that
Palladium/TCPA/NGSCB
hides code, and to the extent it succeeds at this hiding, the more it
encourages new and more pervasive viruses.
A virus that contains friendly IFF codes can evade an immune system.
Some cloak themselves in membranes derived from cells they were born in.
Thus they present the right IFF response.
A virus that appears to Palladium to be friendly and worthy of the full
protection
-the right hashes, etc- will be a fun thing.
Some virii are innocuous except when they pick up a piece of virulence
code. Then they kill. IIRC anthrax is like this, some of the streps.
One can imagine writing a virus which is in fact merely a bit of
virulence code taken in by an other innocuous but replicating program.
Its common in biolabs to cross a hard-to-grow nasty with an easy-to-grow
labbug so you can study the nasty. Sometimes, the result is dangerous.
See
the synthetic mousepox which killed the mice.
And virii that infect the immune system can be fun too --imagine a virus
infecting your antiviral program. HIV for Windows.
