
                            A Project of Vision

                      - An Analysis of Pr0ject Zer0 -
                      By Rhape79 [Ultimate Chaos '99]
                   With Additional Comments From MidNyte

       "Woe is he who tries to be the worlds (or the Vx) 'crossing guard'"
                                                     -Opic [CodeBreakers]

 Introduction
 ------------

Before I begin the main article about Pr0ject Zer0 and discuss its flaws,
ideals and the way we could use part of this to make our day-to-day lives
influence others fer a better outcome I think it's only fair I explain who I
am, so that you can understand my position in all of this. I started activity
in the pro-virus scene about late 1997 then in February of '98 I co-founded The
Ultimate Chaos Virus Team. I have spoken with many VXers and several AVers and
other viruses educated individuals and fully understand all sides of the issue
from being an infected user (on more than one occasion) to being the writer /
distributor or even having to clean it up on other people's systems. So now you
know where I'm coming from...

 The Original Pr0ject Zer0
 -------------------------

The original Pr0ject Zer0 text, as written by the BSJ.

 ------------------

Well welcome back you Guys

I've been wondering what would happen if new virii in the wild, dried up
somewhat for a while (say for perhaps a year)?

I can imagine perhaps two outcomes. You may be able to extend that.

Firstly, would it help to bring about an AV vendor shakeout? Would that be a
good or bad thing? And if a shakeout did occur, which ones would suffer?
Perhaps some of the bigger boys (not mentioning any names of course) with the
big overheads and/or the smaller ones who may presently be struggling for
critical mass. What do you reckon?

During the interval, virus research and development would still progress
albeit contained within the "lab". A time to reflect, regroup, etc. before
the next big breakout, more potent than ever.

If any living organism is confined to a sterile "clean" environment, its
defences ie immune system weakens due to lack of exercise. Not being put
through its paces so to speak. Yes? How long would it take for the worldwide
IT immune system(s) to likewise weaken? Probably more than a year, but perhaps
less? Who knows!

Have you guys ever contemplated along these lines? Perhaps it's purely naive
day dreaming!

Even if the above concept has any merits, I somehow doubt that you dudes could
collectively organise such an experiment. It would be a huge undertaking to
get everyone to commit and then stick to an agreed timetable. But I leave it
with you for your considerations. You may wish to water it down, somewhat, or
somehow modify it. A global experiment. A challenge ever.

The BSJ.

 ------------------

 The Understanding of Pr0ject Zer0
 ---------------------------------

The idea behind Pr0ject Zer0 was that given enough time without new viruses the
AV companies would slowly start to suffer because of no new supply, therefore no
new updates, therefore effectively after a period of time no job. Now, obviously
this wouldn't be an overnight thing and would take many months if not years to
accomplish, but furthermore it would require every single virus writer in the
world to co-operate and not release a virus during this period, which is a near
impossible task in itself. Now, what I am going to put forward to you, the
reader, is a view of the project, show what it's flaws and ideals were and then
suggest an alternative idea based upon the project, which I hope the majority of
VX will agree with and help promote throughout the scene.

 The Flaws of Pr0ject Zer0
 -------------------------

Pr0ject Zer0 was all fine in theory except fer several minor details. Firstly
all VXers around the world were going to have to co-operate in this massed
project and, if that weren't hard enough, all new virus coders would have to be
brought up to speed on the project and need to agree to follow the project until
it's expiry date. Now, obviously there are some VXers out there that will not
follow the project fer any number of reasons and that is their choice.
The main problem even if the project was accepted by most of the vast VX
community is that there is no channel to contact all the VXers everywhere, there
are people who would leave the scene and also new people join and wouldn't know
about the project. Another issue is many of the older VXers/VX teams won't
agree to participate because they have a zine or other code they want to put out
fer the world to see and many new VXers who have just written their first "Hello
World!" virus won't care about the project since they are so excited about
coding their first virus which, like the established virus teams are doing with
their more advanced viruses.
Another downer to the plan in todays current situation is that I heard an
estimate that the number of macro viruses that have been produced over the last
few years would keep the AV busy fer at least another three to five years. And
many VXers aren't going to wait that long, if any would. Large viral projects
and zines by the various teams will want to be released, and some just don't
care about the idea of finding out if an AV would go under as they can't see it,
and feel if anything, the lack of viruses would just help lower the standard of
the average virus.

 A Modification of Pr0ject Zer0
 ------------------------------

Ideally during this silent period virus coding and techniques would be improved
within the teams, new information and ideas would be shared within the VX
community whilst the AVers were left to play with pre-Zer0 era viruses.. Now as
well as the possible, but unlikely, closing of some antivirus companies. The VX
community would have new technologies and ideas the AVers had no protection or
method to combat this therefore their scanners will be next to useless against
the new generation of viral code but, that will never happen. The entire VX
community is always in such as state of flux that there is no way you could get
everyone to participate at any one time. However, if the virus creations were to
be channelled through another method such as through group zines rather than
straight into the wild the information and code could still be seen by anyone
who's interested in it, and the average computer user need never see it. Yet the
code and author's name gets known by the VX community, and overall will result
in less "Hello World!" type viruses found ITW. Another side-effect of releasing
through zines rather than directly ITW is that as less users get infected the
media has less to hype so therefore the VX community as a whole doesn't get any
worse a reputation and their is no need fer enforcement agencies such as the FBI
to start tracking down individuals. It has been pointed out that it's not the
VX community who are putting "Hello world!" and hacked viruses ITW, it's the
newbies who are learning and are excited and "want to see if it werks".
I feel that they shouldn't be stopped from getting their creations known, but
should be encouraged to release their creations in a manner in which people are
far less likely to get effected and their data will stay intact.

During a chat with Opic of the Codebreakers he said "i like the fame, i like the
attention, i like the challenge, i like trying to turn an inherently 'bad'
thing like a virus into a 'good' thing which makes positive changes (like
caligula)." This shows that some virus authors want to be recognised fer their
work, which is not a bad thing, but in it pushes the coder to want to
release their work ITW to be noticed, and many coders see that what they do is
to one degree or another unethical and irresponsible. But then, isn't smoking?

Now, seeing above that Pr0ject Zer0 would be impossible to run successfully,
allow me to make a suggestion. I'm not trying to suggest that you don't
share your code with other VXers, all I'm saying is that the older VX community
should try to encourage the new generation of VXers to distribute their code
though zines, either of their own or as part of a larger team's zine, such as
the Codebreakers or 29A.
If the newbies write articles and well commented source to distribute in zines
which will help other newbies learn without spreading old 'clone' viruses, such
as another .COM appender or a .EXE OWer which has been done a hundred times
already then the end-users don't have to worry about the virus, the coders learn
the techniques and can teach others their skills and overall the VX community as
a whole gets away without getting its reputation made any worse.

The Ultimate Chaos Team is willing to put together a small zine on a regular
basis dedicated to purely code and nothing else.. So if you've just written a
virus that you'll like people to see send it to one of the members and we'll
do our best to get it published in the zine fer you.

 MidNyte's Comments
 ------------------

Would newbie coders actually take in and appreciate the concept of Pr0ject Zer0?
It all depends on the mentality of the coder and the way the idea of Pr0ject
Zer0 is presented to them. The best approach could be to offer more help and
more recognition to coders who use this forum, giving the impression that it's
the accepted route into VX recognition. This could motivate them to use this
forum for quick recognition rather than waiting for their virus to spread
enough to make the wildlist. Those who would get bored quickly would do no
damage before tiring of the scene. Maybe if the coders from the group offered
a review of each submission released through the magazine, with credit where it
is due, and constructive criticism to help the newbie achieve what they want to,
we could help encourage this perception. Maybe groups could also bias the
acceptance of new members on people who have used project zero, or deny
acceptance to those who flout it. This last point of course depends on the
groups willingness to accept Pr0ject Zer0's principles.

We would like all the other groups to follow Ultimate Chaos' example and try to
encourage newbie coders to release their creations through ezines. We have the
chance to help the press realise we're not entirely deserving of the image we
have, that we don't all write viruses for the sole purpose of wilfull
destruction. We all know that, but the press is never going to accept the fact
without us making an effort to persuade them.

 ------------------

If anyone is interested in helping with this or any other similar projects, has
any suggestions or comment please feel free to contact me at
ultchaos@godnet.demon.co.uk.

 Thank you fer reading.

  Peace,
 Rhape79 and MidNyte [Ultimate Chaos '99]

 Find us at http://www.ultimatechaos.org
