Sting operations to discourage prostitution have some particular characteristics: they are performed in targeted areas which do not affect the whole population, or bring the whole population into unnecessary temptation. Furthermore there may be rules about exactly how much provocation is fair.

Thus if malware can use a propogation channel which it is unethical to perform entrapment via, then it is free of direct interference. What we are left with is not defence by entrapment, but defence by education (George and I describe a specific example of this in the paper… “viral prophets”).

As an example ethical dilemma for fighting viruses by entrapment: suppose a 10 year old child types the word “porn” into a search engine on a school computer. It may be very well for the school IT system to return a scalding message (or just an educational one).

But now suppose the 10 year old is sent an email saying “Here, wouldn’t you like to see pictures of people with no clothes on”, with a link. To appeal to the child’s natural curiosity in this way, and then to hit them with a scalding (even educational) message seems to me a bit out of line.

I think the same problem comes of fighting Satan Viruses using entrapment. Entrapment as a technique is so close to the mark that it’s practically sinking to their level to employ it.

Timwi. Firstly I believe the criticism should be directed at myself and Dr. Danezis and not to the messenger, who simply posted our press release. Secondly, if you study the paper in detail, in particular the conclusions, you will see that we do not advocate panic. Thirdly, I’m not sure it is fair to describe a paper which is to appear in due course in a peer reviewed publication (NSPW) as unscientific.

Mike Bond.

Alice, or Bob, or the coporate security division, or other ‘friendly’ malware, might run a sting program that offers fake (or in the case of third-party malware, real) access to a victim’s files but cuts the access and reports the offence immediately.

The attractiveness of a pact with the devil is the idea that otherwise unobtainable rewards really are available in the short term, which in turn requires trust — there is no literary genre of people selling their souls to politicians or used-car salesmen.
More prosaically, police sting operations are quite effective at discouraging prostitution or low-level drug trafficking in a targeted areas.

A few well-publicised cases of people being fired after being tricked into looking for porn on co-workers computers could do a world of good.

“Conscience is the little voice that tells you someone might be watching”

Is the University of Cambridge Computing Laboratory superstitious? Report number 666 (on computer malware) was published on 6/6/6 and is entitled Pact with the Devil …