Antibodies

[yogi]

I am floating an idea here to asses its merit. Its unrelated to bitcoin but is p2p.

The idea is called Antibodies (p2p antivirus).

An antibody in this context is a package of data containing information, name/author/... , and most importantly a script.

The antibody client connects to a p2p network that share's its antibodies with other nodes.

Antibodies are prioritized and run in the background. They have only got read access to the memory/filesystem of local system. They can also send a message to the user such as "Warning, this system is infected with a virus!".

And if you have the skills you can publish your own antibody.

Obviously there would be the potential for spammy antibodies but the network would have a degree of resiliency to this as you can choose to mark an antibody as 'BAD' and this information is shared across the network.

[1713982191]

1713982191

[1713982191]

1713982191

[1713982191]

1713982191

[1713982191]

1713982191

[1713982191]

1713982191

[moocow1452]

Seems like it works on paper, but you'd probably create a bigger monster if someone found a way to spike the network.

[Remember remember the 5th of November]

I like the sound of this. Anti-virus companies take time to update virus definitions, but a p2p one, we could potentially mark a file as a virus, that could be new, though we need some proof-of-virus algorithm.

[RodeoX]

I like the sound of this. Anti-virus companies take time to update virus definitions, but a p2p one, we could potentially mark a file as a virus, that could be new, though we need some proof-of-virus algorithm.

Yeah, that's a good point about "proof-of-virus". Legitimate programs are flagged as viri all the time, even bitcoin. But the overall idea is kinda cool, and just the sort of task that could work in a crowd sourcing environment. 

[benjamindees]

Maybe you could track the antibodies in a block-chain.  Design it so that only those who have access to the virus in question can hash it and vote on whether the antibody is valid or a false positive.  Mining the block chain and voting on antibodies then replaces your anti-virus subscription.

[yogi]

Finding a good way to determine good from bad antibodies is definitely the crux of the problem here.

[CA Coins]

Nice idea, but I see several issues.  Like you mentioned, differentiating between good/bad is tough.  Even our own immune system has issues with it, hence the multitude of auto-immune diseases.  Also, I doubt many people are going to let a p2p software scan their system even if it is just read-only. 

[RodeoX]

Nice idea, but I see several issues.  Like you mentioned, differentiating between good/bad is tough.  Even our own immune system has issues with it, hence the multitude of auto-immune diseases.  Also, I doubt many people are going to let a p2p software scan their system even if it is just read-only. 

Hmmm. true. Perhaps the scan can be preformed with only the results viewable on the network? 

[CA Coins]

Not sure what you mean, the scan results are only viewable on the network and not by the end-user?

[moocow1452]

Could it be an issue if you have a list of open ports and ip addresses that the Antibodies would be hooked up to, and one buffer overflow later, you got yourself a premade botnet ready to roll?

[yogi]

Could it be an issue if you have a list of open ports and ip addresses that the Antibodies would be hooked up to, and one buffer overflow later, you got yourself a premade botnet ready to roll?

No, antibodies run inside a script engine that only has safe read bindings.

It can only look and tell user what it see's.

[RodeoX]

Not sure what you mean, the scan results are only viewable on the network and not by the end-user?

I may be in over my head here, but I was trying to think of a way to limit what info is broadcast to other peers on the network. For example, I would not want my directory structure to be viewable to other peers.

[yogi]

Not sure what you mean, the scan results are only viewable on the network and not by the end-user?

I may be in over my head here, but I was trying to think of a way to limit what info is broadcast to other peers on the network. For example, I would not want my directory structure to be viewable to other peers.

Peers only exchange antibodies not system info.

[naypalm]

That would be one big ass block file for all the viruses out there. Really good idea though.

[Phinnaeus Gage]

Not sure what you mean, the scan results are only viewable on the network and not by the end-user?

I may be in over my head here, but I was trying to think of a way to limit what info is broadcast to other peers on the network. For example, I would not want my directory structure to be viewable to other peers.

Same here (see bold above), but allow me to suggest branding this idea with something better than antibodies.

~Bruno~

[moocow1452]

p2pwn?