It's well established that assault, more precisely, the use of "reasonable force", is sometimes necessary and valid. The Crown Prosecution Service website states:
A person may use such force as is reasonable in the circumstances for the purposes of:
- self-defence; or
- defence of another; or
- defence of property; or
- prevention of crime; or
- lawful arrest.
After a bit of banter on twitter I wondered about the possibility, morality and legality of retributive malware prevention.
One of the natural moderators against some forms of physical violence in the real world is the fear of coming off worse.
If, in hacking or otherwise attacking my computer with malware, there was a risk of the attacker coming off worse, wouldn't it act as a natural moderator against such a crime?
I'm sure it would be possible to build this into popular antivirus software. When a verifiable attack is detected, computers could counter-attack with a wide range of known exploits.
If an exploit succeeds, wipe as many critical files as possible from the system directory, disabling your attacker - reasonable force in order to defend your computer, your property?
Of course there would be collateral damage; many malware attacks are launched from compromised machines belonging to innocent third parties. But there would be a public good in taking a compromised machine out of service, preventing further attacks; and the machine, in distributing malware, is already compromised - damaged - in need of repair.
Do we now start to see a definition of "reasonable force" as disabling the operating system, removing system files which could be replaced by a repair technician with physical access to the computer, but leaving all other files untouched, so as not to risk trashing irreplaceable items such as family photographs, etc?
The problem is especially acute for server operators. Running a small farm myself I regularly see automated attacks in the region of 6,000 per day, per machine. I've given up monitoring and tracing - I used to fire-off emails to the registered owner of the IP address block, but it never seemed to help.