Virus writers need a new order
Published: 26 Nov 2004 13:30 GMT
It is with some trepidation that we report on the rise of the open-source virus. According to F-Secure's antivirus research team, open-source viruses can generate nearly as many variants in a day as the closed-source ones do in a month. This would seem to be a conclusive vindication for the benefits of open-source development - freely available information leads to a vigorous and productive environment. Yet the closed viruses, such as Bagel and Mydoom, are much more effective. This suggests that the argument of the proprietary lobby - closed software is higher quality - has some weight.
These two observations are not necessarily at odds. After all, six hundred variants of the same code from a crowd of hackers are likely to be easy to recognise and filter en masse, while anyone with access to closed code is going to be motivated and able to make things significantly different for each release. Indeed, Sophos says that open-source variants are often caught by generic filters.
It's time for the virus writing community to listen to Microsoft, and do a proper TCO, time to market and deployment cost analysis. After all, what's the point of five hundred virus writers labouring for a month and only infecting twenty million computers, when one proprietary team of three can produce a virus in a week that hits fifty million? In terms of productivity, the latter approach is over a thousand times more effective. (These figures are entirely fictitious. Before committing to a strategy, we advise you to pay analysts to make up equivalent data professionally).
So open-source virus production is insecure, ineffective and more expensive in every way. The virus writers should immediately ban open source as a dangerous, cancerous distraction to their industry and institute a proper policy of IP management, backed up as necessary with legal sanctions and/or Ivan's Health & Safety Inspectorate. This is the only way to encourage innovation. Indeed, because the virus industry is comparatively small and self-contained, there is a good chance that it can evolve really effective techniques for controlling workers and data from which the wider world could profitably learn.
Without a proper structure of certification for skills, of course, even a well-drilled workforce will be ineffective. We suggest that concomitant with imposing controls on source code, the virus industry create a centralised qualification system with a well-defined career progression path. Promising youngsters can be pressed into a cadre while they are still open to correct ideas: an early start in the Viral Youth would provide a solid basis for the party -- sorry, industry -- leaders of the future.
The combination of discipline, proper structure and imposed motivation will revolutionise the virus world. Tomorrow could belong to them.
Did you find this article useful?
18 out of 28 people found this useful
- Share this article:
