Bug Watch: Virus writing just ain't cool

It was recently revealed that an antivirus company had come close to employing Onel de Guzman and Michael Buen, suspected for their involvement with the Love Bug and other viruses. While the company withdrew the offers of work after the pair were accused of writing the Love Bug, this incident is a powerfulreminder of the care which antivirus and other technology companies must take when employing workers.

It can and has been argued that employing a virus writer to write antivirus software might be a good idea. Some technology companies outside of the antivirus market have even issued press releases announcing their employment ofinfamous ex-virus writers such as Chen Ing-Hau, author of the destructive Chernobyl virus.

However, the assumptions that virus writers are somehow technical geniuses, or that a reformed virus writer would know exactly what the dangers are and could better defend against other viruses, are fundamentally flawed.

You certainly do not need to be an Einstein to be able to create a computer virus. In fact, if you know where to look on the web, there are plenty of other virus writers out there willing to guide you every step of the way. Most virus writers simply copy those that have gone before them.

Even those virus writers who do create something original are not necessarily able to write the software to detect computer viruses. The ability and skills needed to write antivirus software are very different from those needed to write a computer virus. Developing the software to provide protection against viruses is similar to unlocking a puzzle or solving a crossword.

Each and every virus has to be unravelled and taken apart before a detection file can be produced. Furthermore, antivirus software has to work on a wide variety of operating systems, and detect tens of thousands of viruses perfectly without ever making a mistake or crashing. As a result, antivirus researchers are resolutely methodical in their approach and the work demands meticulous attention to detail.

Virus writers, on the other hand, do not care if their creations work properly and seldom reliably test their programs.

Most viruses do not succeed in spreading purely because they are so badly written. Compare this haphazard approach with the demands of technology companies in the real world and it becomes obvious why the vast majority of virus writers would be completely unsuitable as employees.

But there is another reason why offering virus writers glamorous IT jobs may be a bad idea. What kind of message does it send out to other potential virus writers? Worryingly, more than 50 per cent of the population of the Philippines were proud that the Love Bug was written in their country. Many virus writers believe that writing viruses may make them famous or secure them a well-paidjob. Michael Buen even wrote a virus which printed out his CV on infected computers - demanding the infected companies gave him a job!

The IT industry needs to take a united stance of zero tolerance towards virus writers. Governments around the world should ensure computer crime laws are in place so those virus writers who are identified are punished appropriately. Together we must send out a clear message that virus writing is not cool, not clever, and is unlikely to make you a national hero.