--- title: "I've sometimes wondered if a virtuous arms race could evolve among…" date: 2018-08-31 source: facebook type: Archer T. Ships shared a link. --- # I've sometimes wondered if a virtuous arms race could evolve among… *August 31, 2018 · Facebook* ::::: {} ::: {} [https://web.archive.org/web/20151228154951/http://philosecurity.org/2009/01/12/interview-with-an-adware-author](https://web.archive.org/web/20151228154951/http://philosecurity.org/2009/01/12/interview-with-an-adware-author){target="_blank"} ::: ::: {} I\'ve sometimes wondered if a virtuous arms race could evolve among virus writers, due to the fact that if you\'re a virus, you get more of the system resources if you block other viruses from installing themselves. Kicking other viruses off becomes even more desirable if the payload is a cryptocurrency miner. If you weren\'t greedy, and kept your resource usage at say, 2/3rd of the free memory/CPU, the user might not even notice anything was amiss.\ \ Turns out that Matt Knox, working for an adware company named Direct Revenue did something like this almost a decade ago.\ \ \"Let's back up a second. Why did you write adware?\ \ M: I was utterly and grindingly broke for a little while. I started working on SPAM filtering software. That work got noticed by \[Direct Revenue\], who hired me to analyze their distribution chain. For a little while, the site through which all their ads ran was something like top 20 in Alexa. Monstrous, really huge traffic. Maybe 4 or 5 months into my tenure there, a virus came out that was disabling some of the machines that we had adware on. I said, "I know enough C that I could kick the virus off the machines," and I did. They said "Wow, that was really cool. Why don't you do that again?" Then I started kicking off other viruses, and they said, "That's pretty cool that you kicked all the viruses off. Why don't you kick the competitors off, too?"\ \...\ Eventually, we got sick of writing a new C program every time we wanted to go kick somebody off of a machine. Everybody said, "What we need is something configurable." I said, "Let's install a Turing-complete language," and for that I used tinyScheme, which is a BSD licensed, very small, very fast implementation of Scheme that can be compiled down into about a 20K executable if you know what you're doing.\ \ Eventually, instead of writing individual executables every time a worm came out, I would just write some Scheme code, put that up on the server, and then immediately all sorts of things would go dark. It amounted to a distributed code war on a 4-10 million-node network.\ \ [https://web.archive.org/web/20151228154951/http://philosecurity.org/2009/01/12/interview-with-an-adware-author](https://web.archive.org/web/20151228154951/http://philosecurity.org/2009/01/12/interview-with-an-adware-author){target="_blank"} ::: :::::