http://qs321.pair.com?node_id=109710


in reply to So I have this crazy idea about an 'anti-virus virus'

This was a very interesting thread, and I'm sorry I missed it before. I'm going to try not to repeat what has been said already, but to make a couple of points that come to my mind.

There are two main problems I see to this approach. The first, and human in nature, is that people do not like their systems being intruded on and modified. Not for evil, and not for good.

The second, and technical in nature, is that it is extremely difficult (some would say impossible) to ensure the integrity of mobile code (which is what your proposal essentially is). If your program is running on an environment that is completely out of your control, it can have no secrets, and there is no guarantee that it will execute the way you intended it to.

Speaking about the immune system, there has been very interesting work (and a Ph.D. thesis so far) done by Prof. Stephanie Forrest and her group at University of New Mexico, in building intrusion detection systems based on immunology concepts. You can find all the papers at http://www.cs.unm.edu/~immsec/

--ZZamboni

P.S. Thanks to ginseng for pointing me to this thread, and for mentioning my work. My work does not involve mobile entities, but stationary ones that monitor activity at the hosts.