The Darwin Class Virus

People assume that computer viruses are nasty destructive things that appear, get squished, and vanish forever. Viruses don't need to be destructive. In fact they often only get squished with any degree of success because they are destructive: you have to sort them out or your PC is unusable.

Consider instead the virus as alife, an extremophile slowly developing with each generation, seeking to find a survivable form. Because computer viruses are usually produced to be malicious, they won't survive: it is in too many peoples' interests to destroy them. If viruses were benign, most people would not know they existed, and consequently, no attempt would be made to destroy them. The key to alife-style survival for a virus is to be invisible to your top predator (anti-virus software wielding humans).

So, herewith a description of the Darwin-class virus. A hypothetical class of virus that behaves like alife. Darwin-class viruses would contain DNA incorporating their feature-set and predilictions, and would exist in male and female types (to make things more interesting). They would lodge themselves on insecure servers on the internet and on LANs, but by default would be benign. Over time they would grow to sexual maturity, at which point they would seek out a mate on a distant server, 'mate', and the female virus would become 'pregnant'. After a gestation period, the female virus would give birth to a number of live young, baby viruses with a mix of DNA from the two parents, and perhaps a 'wild card'-an element of randomness that may alter the DNA in certain ways in a small number of cases.

Each baby virus would contain its generation code, the initial release being 'Generation 1'. Spawning would be a complex affair whereby the mother created the new baby viruses with next generation derived DNA. DNA from the more successful partner would be more dominant in some areas. The babies would inherit a mixture of predilictions and structural elements according to the DNA of the parents that would control not just how quickly they matured, how frequently and with how many partners they reproduced, but also their formal construction. This must change with each spawning to avoid simple destruction at the hands of anti-virus software. Each generation would have altered code, so bit-strings would not give them away. The writing of the next generation of code devolves upon the mother virus, but the code itself, the obfuscation techniques used, and the predilictions and behaviours incorporated are influenced by both parents' DNA.

Predilictions may include how benign or malicious the virus is. Malicious viruses get wiped out quickly, so a spectrum of behaviours would develop according to DNA lineages. Benign viruses could reproduce more slowly as they would survive longer. Self-monitoring evolution features would allow viruses to meet, interact with, and examine other viruses without mating with them. Numerically, some of these viruses would be seen to be more successful, and viruses may alter their own behaviours to match these numerically successful viruses. Some viruses may ignore others and simply be completely benign or completely malicious, without heed to the consequences. Groups of male or female viruses may gather together on specific servers and share aspects of group identity. Traits that prove to be successful would affect elements of the DNA passed on to the next generation.

It would initially be down to the mother virus to decide where to lodge her spawned babies. The mother would seek insecure servers across the internet or a LAN to lodge babies upon. Finding elderly viruses would indicate a long-term insecure (ie. safe) server upon which to place babies.

Some viruses would be aggressive and would seek to eradicate other viruses inhabiting an insecure server. The fewer viruses on a server, the less chance it would be cleansed by the user. Aggressiveness towards other viruses need not be linked to maliciousness. A very aggressive but entirely benign virus may be maintained upon a server rather like a pet guard-dog to keep other viruses away.

Viruses on a server may be observed with a viewer program, with varying degrees of success (rather like trying to watch bats with night vision and a bat detector). Setting up an insecure server would be like setting up a light in a wood and observing moths. The concept of GM viruses artificially created and introduced rears its ugly head. Perhaps only PGP style code-stamping could remove this threat, allowing viruses to recognise but not mate with 'family members', and to be drawn to mate with lineages they see as numerically successful, or with non-malicious but aggressive tendencies. Checksums may indicate non-GM viruses.

Some viruses may mate repeatedly with one partner, others with as many receptive partners as they can. Some viruses may live as long as they can (benign aggressive ones may survive a very long time), whilst others (perhaps more malicious ones) may mate once and die naturally, protecting their offspring by removing their identifiable bit-strings from the possibility of detection by erasing themselves.

This is all hypothetical. We are still at the primeval swamp stage of virus development, with most viruses being fairly simple, single-attack, malicious, and easy to squish. Darwin-class viruses will appear eventually and will behave like alife. The internet and networks will become infected with them, and we will have to learn to co-exist, as there is likely to always be an insecure server somewhere connected to the net.

Back to Stig's Dump.