I’ve always thought about the idea of “Good” malware as a solution to some of the problems out there. The idea being that you use the same techniques used to compromise systems but to change some settings to a more secure value, but using some of the subversive methods to propogate.
Some of the settings that I consider a good default to change:
* Daily checks for software updates + Auto-Install of these updates
* Disable compromising features (eg: AutoRun)
Things to perhaps change
* Disable ActiveX
* Enable firewall (w/ exception handling)
* Nuke all AutoRun items
* Nuke all MSIE malware/extensions except “safe” plugins, eg: flash, quicktime, silverlight, etc..
The natural problem with this is doing good things with these bad techniques would likely get you classified as a virus/malware, and certainly if you attempt to do some of the network-scanning activities to distribute yourself. Too bad one cannot justify such activities legally.
We can combine all the settings into one new tool to make easier to run and monitor. Or is there any tool that provides all these?
There’s also the problem that you’d probably end up having bugs that made it easier to compromise the system.
If you could be sure that your good malware was perfect, then it might be interesting, but since you cannot, it’s just a bad idea.
There have been attempts at this in the past and as far as I know, all of them have had problems that were worse than the issues they were trying to address.