TechRepublic pundit Michael Kassner dares to ask a philosophical question. Do antivirus firms have the right to manipulate DNS queries en masse to protect society from a rampant worm or virus? “I’m concerned that precautionary actions being taken may be setting dangerous precedence,” Kassner notes.

Believe me: I envy him for asking this philosophical question. Kudos!

Kassner asks if anti­virus firms have the right to mani­pu­late DNS queries en masse to pro­tect society from the Downadup worm. This forces us to ask “Who watches the Watchmen?”

Obviously, we can respond to Kassner with a tagline from an upcoming movie: “Who watches the Watchmen?” It’s a corollary philosophical question that brings out the debate in all of us.

On the one hand, I don’t think Joe SixPack will care if a reputable DNS provider (e.g. OpenDNS) wants to protect him from a well-documented worm. Joe will almost certainly say “more power to ‘em” and go about his business. If the root servers themselves get involved in this, I think Joe will say the same thing. “They’re protecting me from harm, what’s wrong with that?”

On the other hand, I doubt the U.S. government wants a Russian or Chinese antivirus firm to control the direction & path its military computers take. If any nation could offer protection like this to the root servers themselves, they could very easily weaponize it for a cyber-war. “Greetings, Comrade! Your battalion need directions to g2.army.mil? March your Internet connection to 162.105.161.214…”

Then again, I could very well be wrong here. The Pentagon and the Beltway actually might not care at all who ultimately controls the root DNS servers that their DNS servers rely on.

Things willmight change if/when a reputable civilian firm takes up arms in a cyber-war, making enemies of some of their own customers. But I guess we’ll need to wait for OpenDNS to declare war against the U.S. Air Force.

“Waitaminit, Rob! Didn’t we already debate this in 2001 when The China Syndrome first came to light?” Sure we did — and Joe SixPack told us by his inaction that he doesn’t care one iota if his antivirus firm arms a hostile country with offensive cyber-smallpox technology. Likewise, the U.S. government told us by their inaction that they don’t care, either.

That’s why I might be wrong in thinking the U.S. government actually cares who controls the root DNS servers that their DNS servers rely on. And this only makes sense if you think about it. You just know some members of the U.S. Air Force information assurance community have configured OpenDNS on their home PCs and personal laptops. That means they trust a Russian antivirus firm to protect all of those sensitive-but-unclassified EPRs & OPRs they love to work on after duty hours…

I enjoy reading the opinions of Sophos technovangelist Graham Cluley. I can always count on him to offer a level-headed view of the virus scene from his British perch.

I asked Cluley why his survey didn’t include “antivirus software” as a choice. He slapped his forehead…

Yet Cluley is all too human. In this case he overlooked the obvious in his latest unscientific survey on the Downadup worm that now hogs the media spotlight. When he asked “who is most to blame” for the spread of the worm, his readers responded as follows:

• 53% blamed “the hackers, who wrote the worm in the first place”;
• 30% blamed “system administrators, for not rolling out the Microsoft security patch quickly enough”; and
• 17% blamed “Microsoft, it was their security vulnerability that allowed the worm to spread.”

My longtime readers already know what’s missing in this survey: “Antivirus software, for not detecting it in the first place.” I mean, come on — would Cluley forget “airport security guards” when asking “who is most to blame” for aircraft hijackings?

Cluley certainly knows my opinions on this topic, so I asked him by email why he didn’t include “antivirus software” as a survey choice. He slapped his forehead. “That would have been fun,” he admitted in his reply.

Cluley went on to answer my next question before I asked it. “Our proactive behavioural stuff detected [the Downadup worm] before we saw it in our labs.” Of course, my longtime readers know he made an obvious statement — Sophos has a very long history with heuristic virus detection techniques. Cluley said much the same in a column I wrote waaaaay back in the previous millennium:

“The fact is that Sophos started with this [heuristic] approach years ago before we had a virus-specific product. We had (and indeed still have) a utility called Vaccine. What we found was that customers don’t like generic anti-viruses. It’s actually the customers who have insisted on virus specific protection rather than the [antivirus] companies.”

“It’s actually the customers” who insist on using inferior antivirus software, Cluley said in the 1990s. Computer users to this day — especially the U.S. government — cling to an addictive update model that ironically helps rather than hinders the spread of Downadup and its ilk.

Society has never demanded better antivirus technology up to this point. Right now, though, I don’t think the Downadup worm will convince society to give up the addictive update model. It’ll take a global network catastrophe of some sort, and Downadup just doesn’t look like one in the making.

Yet I do believe that day will come, and my longtime readers will recall what I’ve said for years:

When society finally demands better antivirus technology, I predict the global antivirus cartel will stand up as one and shout “eureka, the state of the art has advanced, and just in the nick of time!” I’ll back the industry 110% when their marketers lie to [society] about the “sudden” technological advancement in antivirus software…