Writing Virus Protection

I was talking with a friend today about how it would be neat to develop a program that would detect someone trying to hack or infect your computer. Rather than just detect and deny or block the intrusion it would fight back and either infect or disable the intruders computer. The friend I was telling this to said that he thought people were writing programs like this on a personal level, but that it wasn't being produced or marketed. Has anyone heard of these types of programs, and if so, would you know any sites with reference material about writing this type of software. Would love to write something for my system.

I only know of three approaches: fingerprinting, detecting suspicious activity, and hueristics. Most scanners use the first approach by adding it to a dictionary of known viruses and the solution. Its manual, but easy process. Detection isn't too hard, but you need to know what's bad behavior. So its mostly just building it into the application itself. Heuristics are probably the best long-term approach, but are a pain to get working right.

The approach that is getting adopted is to use the above approaches, but sandbox every layer. The more restrictions you put around the process, the less damage you can do. Its the only approach that has worked well over the long haul, but is the most painful since users will always bump into the walls.

I think you need to figure out what exactly you want to prevent and try out one of the above methods.

I think what he means, is if a computer is intruded, that computer (with the software installed) will automatically infiltrate the hacker's computer, shutting it down, or installing a virus of its own.

The way I see it, the system would have to hack the hacker's computer, which is just as illegal. Assuming the hacker had a firewall, they'd be beating you up, while keeping YOU out. :P It would be a one-way barrier.