Japan’s “Good Virus” is an Antibody for Cyber Attacks

Here’s how our world works: every year, the human population increases exponentially and with that, the world gets more congested.  The more people occupying the same space, the easier it is for viral infections to spread.  And the tech world doesn’t really vary that much from the human experience.  As more people turn to technology for help with their everyday lives, much like the human community, one person hit with a viral infection can easily spread the disease.  As for computing devices, one link and one click could infect your system and spread to other systems as well.

The increase in cyberatacks is very alarming, as all our personal information could be made public without our knowledge, and this year, it is predicted that more of these malicious programs would surface and wreak havoc.  So what are we to do?

The Plan

According to the Yomiuri Shimbun, Japan’s Defense Ministry’s Technical Research and Development Institute is working with Fujitsu in developing a computer virus capable of tracking, identifying and disabling sources of cyberattacks.

The 178.5 million yen (US $2.3 million) project of developing a cyberweapon capable of thwarting cyberattacks was said to be launched back in 2008.  The virus features the ability to trace cyberattack sources, identify not only the immediate source of attack, but also all “springboard” computers used to transmit the virus, and it also has the ability to disable the attacking program and collect relevant information.

The Catch

The use of a cyberweapon like the said virus, though it means well, could be considered in violation of the clause banning virus production under the Criminal Code.

According to Keio University Prof. Motohiro Tsuchiya, a member of a government panel on information security policy, Japan should accelerate anticyberattack weapons development by immediately reconsidering the weapon’s legal definition, as other countries have already launched similar projects.

To address this dilemma, a Defense Ministry official stated that the ministry is not considering outside applications for the program, as the virus was developed for more defensive uses like identifying which terminal within the Self-Defense Forces was initially targeted in a cyberattack.

The Issue

A virus is a virus, no matter how good the intention is behind its production, and can act in a negative manner.  Computers are very personal, even those company computers as people using them, in one way or another, leave their personal “mark.”   And having a “good virus” doesn’t seem like a good idea to everyone.

Sophos,  developer and vendor of security software and hardware, sites some examples as to why a “good virus” is not entirely a great idea:

• Even a “good” virus uses system resources such as disk space, memory and CPU time. On a critical system a “good” virus could cause unexpected side effects.
• What you do on your PC is your business, but I want a say on what programs run on mine. An out-of-control “good” virus could spread randomly or unexpectedly from machine to machine, meaning it may be hard to contain.
• Should anti-virus software be updated to protect against the “good” viruses as well as the regular viruses, for those who want to decide what runs on their computers and what doesn’t?
• A “good” virus may trigger false positives from security software, costing time and money as IT departments respond to the alerts.
• All programs, including viruses, contain bugs that can have unintended and damaging consequences. If your “good virus” needs an urgent bugfix, would you release *another* virus to try and catch it up?