/~~~~~~\ *********** ***********
~\( * * )/~ *********** ***********
( \___/ ) *** *** ***
\______/ *********** *** *** *** *******
@/ \@ *** *** *** *** *** ***
*** *** *** *** *** ***********
*** *** *** *** *** *********** |\__/|
******** *** ***** / \
******** *** *** ~\( 0 0 )/~
*** ( /---\ )
*** \______/
*** @/ \@
***
Dear Readers!
I guess you are already impatient to find out what Alive is. Calm down till I tell you something about its history.
So, once upon a time...actually about a year ago I started a long search for the best definition of a computer virus. Surprisingly, it wasn't an easy task. Discussions on Virus-L and some private discussions didn't bring any satisfying results. I even started the Contest for the Best Virus Definition in despair. Well, the prizes were rather symbolic and probably it caused a low response. Never mind. All those attempts to answer the question : "What is a computer virus?" only opened new questions. It appeared that computer viruses could be considered as members of a big family of so called "artificial life". Naturally, new questions were: "What is artificial life?", then "How to define a life?", etc.
This magazine is one more try to find answers to some questions. The search for the best definition of computer virus will be continued. It is a general opinion that computer viruses are inherently malicious software. The possibility of viruses to be beneficial will be (hopefully) discussed here. However, protection against malicious viruses will not be neglected. This magazine will try to introduce new ways of protection, e.g. "immune systems". The question "What can be 'alive' in a computer environment ?" will be repeated in all possible variations as long as wish to find answers exists. The examples or descriptions of "liveware" will be presented here as soon as they appear. Probably some new topics will arise as "Alive" progresses. And, of course, I expect a lot of fun for both readers and contributors.
The first topic is presentation of results from Contest for the Best Virus Definition in technical categories. The Contest was announced in April last year on Virus-L. Originally it had 8 categories:
The second topic is a kind of puzzle. It concerns one of the standard distributed algorithms which could be possibly considered as a sign of life. The readers are asked to help to find a solution.
The third contribution is an article which is rewritten here without permission from something which looks like a copy of an internal document from Johannes Kepler University, Linz. I hope that one day I will find the author's address and that he will have nothing against publishing his article in Alive. The article has a very interesting conclusion and I am not going to tell you anything in advance. Just read it!
Subscriptions requests should be sent to mxserver@ubik.demon.co.uk
Ftp sites: the magazine will be available for anonymous ftp from following sites:
So, dear readers, enjoy the reading and make your copy of Alive really alive: SPREAD IT WIDELY!
"Life is all memory, except for the one present moment
that goes by so quick you can hardly catch it going."
- Tennessee Williams -
Author: William Walker
Submitted by: author
Source: Contest posting
A "COMPUTER VIRUS" is a sequence (or set of sequences) of symbols which, when executed or interpreted under certain conditions or in certain environments, will make a possibly altered, functionally similar copy of this sequence (or set of sequences) and will place this copy where it will intercept execution or interpretation at a later time under certain conditions. This is called "REPLICATION," and the copy retains AT LEAST the capability to recursively replicate further. A virus may also have an additional function (or functions) not related to replication, sometimes called a "payload," but this is NOT necessary for something to be a virus.Comments on the above definition:
Author: Vesselin Bontchev
Submitted by: Suzana Stojakovic-Celustka
Source : e-mail conversation
A computer virus is a sequence of symbols, which, when interpreted by computer, attaches itself to other computer interpretable symbol sequences in such a way that they become able to recursively spread the (possibly modified) initial sequence further.Additional explanations of used terms:
"Attaching" means that the interpretation of the infected symbol sequences causes the interpretation of (possibly part of) the computer virus.
"Interpretable" is anything that a computer can interpret.
"Able to spread recursively" means when a virus infects an executable object, this object is able to spread virus to another object, which in turn is able to cause the infection of another object and so on.
Jury's decision: 3 (must be improved)
Author: Fred Cohen
Submitted by: Suzana Stojakovic-Celustka
Source: Article "Computational Aspects of Computer Viruses", Computers &
Security, 8 (1989.), pp 325-344
We informally define a "computer virus" as a program that can "infect" other programs by modifying them to include a, possibly evolved, copy of itself. With the infection property, a virus can spread throughout a computer system or network using the authorizations of every user using it to infect their programs. Every program that gets infected may also act as a virus and thus the infection spreads.Jury's decision: 3 (must be improved)
Author: Greg Hale
Submitted by: author
Source: Contest posting
For a program to qualify as computer virus, the program must meet two qualifications:Jury's decision: 3 (must be improved)
- The virus must replicate itself and all subsequent reproductions (exempting unsuccessful infections) must be able to replicate.
- The virus must execute by replacing or redirecting the user's request for the computer to start the normal operating system or execute a familiar program. ]
Author: Roberto Reymond
Submitted by: author
Source: Contest posting
A set of instructions that, once executed or interpreted, gains the control of the environment. That done, those instructions will, in specific circumstances, make at least one copy of the initial set, identical or modified, placing it/them somewhere in the environment, with the intention that, if and when executed or interpreted, it/they will repeat at least one time the above cycle.Additional explanation of terms:
Author: Fred Cohen
Submitted by: author
Source : Contest posting
A program that reproduces.Jury's decision: 2 (has serious problems)
(The contribution is not presented here, because of mathematical symbols.)
As in this category were no other contributions, this one was considered as a winner without jury's voting.
Editor's note: Either the jury was too severe or plain language is not suitable to define computer virus properly. The winning definition is evaluated as "good enough" only. The others must be improved. However, it seems that the key point in defining a computer virus is a "replication" (as stated by W. Walker). Personally, I found comment 2. in W. Walker's definition very interesting for possible future development of computer viruses.
"A virus is a virus!"
- Nobel laureate Andre Lwoff's answer on the question "What is a virus?" (1959) -
Ring - each process is aware of its two immediate neighbours, called for the convenience the left and right neighbour respectively.
Token - special message which the processes hand from one to another around the ring.
The method uses two tokens, each of which serves to detect the possible loss of the other, by this means: a token T1 arriving at the process Pi can guarantee that the other token T2 has been lost - and can therefore regenerate it - if neither it nor Pi has encountered T2 since T1's last passage through Pi.
The loss of a token is detected by the other in one passage round the ring; and the algorithm works only when one token having been lost, the other makes a complete turn round the ring without itself being lost.
NPing + NPong = 0Initially the two tokens are both in an arbitrarily chosen process and the values are:
NPing = 1, NPong = -1Each process Pi carries an integer variable Mi, initialized to 0, that records the number, NPing or NPong, associated with the token that last passed through Pi. The behaviour of Pi is as follows:
when received Ping(NPing) do
if M = NPing {Pong is lost, regenerate it}
then
begin
NPing:=NPing + 1;
NPong:=-NPing
end
else
M:=NPing
when received Pong(NPong) do
if M = NPong {Ping is lost, regenerate it}
then
begin
NPong:=NPong - 1;
NPing:=-NPong
end
else
M:=Npong
when meeting (Ping, Pong) do {Meeting Ping and Pong}
begin
NPing:=NPing + 1;
NPong:=NPong - 1
end
In practical realization of algorithm numbers NPing and NPong should be limited
by modulo P where P > or = N+1 (number of processes in logical ring + 1).
Ikite iru Simply alive
bakari zo ware to me -
keshi no hana and poppy-flower
- Issa -
"...a computer virus as a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself."In Section 4.1. of [2] Cohen states the undecidability of viral detection. His proof follows a well known proof technique. He argues:
"In order to determine that a given program 'P' is a virus, it must be determined that P infects other programs. This is undecidable since P could invoke any proposed decision procedure 'D' and infect other programs if and only if D determines that P is not a virus. We conclude that a program that precisely discerns a virus from any other program by examining its appearance is infeasible. In the following ... program ..., we use the hypothetical decision procedure D which returns "true" if its argument is a virus to exemplify the undecidability of viral detection......, we have assured that, if the decision procedure D determines (the following program contradictory-virus) CV to be a virus, CV will not infect other programs and thus will not act as a virus. If D determines that CV is not a virus, CV will infect other programs and thus be a virus. Therefore, the hypothetical decision procedure D is self contradictory, and precise determination of a virus by its appearance is undecidable.
program contradictory-virus := {.... main-program := {if D(contradictory-virus) then {infect-executable; if trigger-pulled then do-damage; } goto next; } }Fig..Contradiction of decidability of a virus.."
But even if we adjust the definition, the proof in its generality is wrong: It is based on the implicit assumption that the decision procedure D is not a virus itself.
Suppose the decision procedure D is a virus itself. Then contradictory-virus infects an executable by calling D and consequently is a virus too. Now D, when deciding that contradictory-virus is a virus, gives a correct result even if contradictory-virus, based on D's decision does not execute its own viral code.
However, under the restriction, that only non-virus decision procedures are permitted, Cohen's proof holds. Consequently, each decision procedure D must be a virus.
[2] F. Cohen: Computer Viruses Theory and Experiments, Computers & Security 6 (1987) pp 22-35, North-Holland, 1987.
[3] G. Futschek: Computerviren fuer LOGO Programme Bauanleitung, Wirkungsweise und Abwehrmechanismen, interner Bericht, Technische Universitat Wien, 1988.
[4] F. Hoffmeister: Sicherheitsrisken durch Computerviren - erste Losungansatze, Bericht Nr. 232 der Abteilung Informatik der Universitat Dortmund, Dortmund, 1987.
[5] C.A. Neumann: Computerviren und verwandte Anomalien, GI Symposium "PC's in kleineren und mittleren Unternehmungen", Leipzig 17-19 September 1991., Tagungsbad der Fachgruppe 2.0.1. Personal Computing der GI, 1991.
The Virus Syllogism:
Computers are made to run programs.
Computer viruses are computer programs.
Therefore, computers are made to run computer viruses.
- Peter S. Tippett -
____________________________________________________
/ / | |
/ |\__/| / | THAT'S ALL FOLKS !! |
/~~~~~~\ / \ | NEW "ALIVE" IS COMING NEXT |
~\( * * )/~~\( 0 0 )/~ | HOST TO YOU SOON !! |
( O ) ( O ) |______________________________|
\______/ \______/
@/ \@ @/ \@