Slashdot Mirror
Assessing Internet Viruses Like Human Epidemics
underpar writes "This ComputerWorld.com article discusses the UCSD's $6.2 million attempt to study Internet viruses in a manner similar to the study of human epidemics. Stefan Savage, a computer science professor, is quoted in the article as saying, 'We'll be focused on what vectors are used, just like in assessing West Nile, to spread computer viruses and ultimately try to develop defenses to prevent them from spreading.'"
This hardly seems like a novel idea. Isn't the whole calling a computer virus a "virus" supposed to help us understand it in a biological/human way?
"I must not fear. Fear is the mind killer." -Bene Gesserit Litany Against Fear
"...just like in assessing West Nile, to spread computer viruses and ultimately try to develop defenses to prevent them from spreading.'"
Ummm, don't use windows?
Sorry, had to say it.
It's Windows.
Hacking the Network
Well, lets just hope the doctor in charge is not Dr. Gates, M.S.
Humans can't.
Bored? Visit my exciting counter page!
Why not study it like they do the AIDS virus? That is, it's obvious that certain behavior will greatly increase the risk of infection, and some, based on location and lifestyle (OS) have very little chance of infection at all.
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
This is an interesing academic exercise, but the basic defenses that have been preached for years work just fine:
- Avoid IE for surfing
- Avoid OL/OE for eMail
- Firewall (in and out) all OSes with large numbers of exploitable bugs
- Automate patching
- Warn on Anomolous behavior
- Have a virus scanner that is up to date
I don't even rely on the last one and I've been virus free for the past 9 years!
We all know how smallpox spreads. We do not know how to cure it.
We know how viruses spread, but we only know how to remove it from a computer, not how to fix the problems of viruses.
This study will show us where to put better virus filters, which is useful, but it will not tell us how to stop the creation of viruses and malware, which is what we really need.
Mod Wisely.
Computer virusen are actually like STD's. Windows has sex like crazy without any protection, and of course Linux doesn't have sex at all, just like its users. :)
It was a really good paper.
This hardly seems like a novel idea. Isn't the whole calling a computer virus a "virus" supposed to help us understand it in a biological/human way?
I don't like likening malicious computer use to biology. If we call Sasser a "virus", then we would likewise have to call port-scanning a "forcible proctology exam".
You don't want to know what buffer-overflow exploits would be called...
It will amount to the equivilent of "the virus seems to be spreading because mankind has taken to licking diseased rats. Also, the new trend of sneezing directly into each others mouths also appears to account for some of the outbreak..."
If humans were susceptible to as many viruses as Windows, we would all be dead.
Also, natural selection means that species will likely eventually gain a resistance to whatever virus is affecting them (granted, the virus will also adapt). Not so with computer users, unless ISPs decide to start shutting down access to infected boxen.
The best solution, in my humble opinion, is quarantine. Get the infected user off the Internet. My ISP does it and hopefully many others do too.
Um, the epidemic thing ain't an original thought, let alone new news. Infact, I seem to remember an that article said it was good that the internet have all these pesky bugs here and there. Like the human body, countermeasures will be inacted to not simply limit the current infection, but help future minor and potential major outbreaks as well. The tactics of the small cases help devise strategies to deal with larger cases and so forth. I mean, naming the damn thing a virus oughta lead you strait to this line of logic that is now amazingly being considered breaking news here...
Next story, please.
You need a FREE iPod Nano
$6.2 million ?????? $6.2 million ??????
It better be a sucess not an attempt!
Where have our values gone?
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Every article seems to have his tagline attached.Looks like people cant seem to wait for Linux Viruses!
Perhaps they wanna entice people into writing L.virus
Desktop computers, on the the other hand, are not static systems at all. So there's no really good way for a system to differentiate what's not really supposed to be there from something that was deliberately put there by the user. As I said, this isn't a problem for a living organism because that's a closed system, and anything new that gets put into it, without suitable precautions taken beforehand, will be attacked by the body's defenses as a foreign invader. Such a mechanism implemented on a desktop computer would render the computer practically useless for anything that we take for granted that programmable computers do today.
File under 'M' for 'Manic ranting'
I dislike generalization like this. It is neither correct or incorrect, but somewhere in between. In generalizing you can predict or explain some aspects of the object in questing, yet the little details that are just as important slip through the cracks of the generalization and mess up the whole model you built. Sure you can describe computer viruses with biological terms and arguments; however, you will never be 100% correct.
1) Monoculture is bad in containing viral spread (good for other operating systems)
2) Since viruses cannot be totally eliminated, a virus resistant host is important (good for most other OSes)
3) Effective antivirus/vaccination efforts should be made (most open source OSes are intrinsically resistant to attack)
4) Public education to help prevent risky behaviors (open OS users are generally much more computer adept)
See a pattern here?
I'm involved in the center, at ICSI in Berkeley.
If people have questions, feel free to ask.
Test your net with Netalyzr
In a biological system (an ecosystem) you want a large diversity of species participating in the system, so that environmental fluctuations and pathogens don't wipe out large parts of the ecosystem all at once.
If you extend this to interoperating computer systems, then ideally you want a variety of platforms (indeed, operating systems but also processor architectures and device types).
Periodically I get frantic messages from members and friends with "important messages" about new email and
computer viruses that are actually hoaxes. While savvy Internet users can usually immediately spot the hoaxes,
many of our members can be both intimidated and frightened (not to mention the time and effort wasted when the
messages are passed back and forth, to spread these 'alerts/hoaxes'). Running virus checking software can also be
a very time-consuming endeavor (especially on a large Local Area Network), when you find that you have
stopped everyone from working for several hours to check for a hoax, it can be really embarrassing.
My advice is to do a little checking on your own before you excitedly message all of your friends and associates,
and possibly embarrass yourself by wasting a lot of their time. Here are some of the better sites that track both
email and other computer viruses and virus hoaxes. I rely heavily on the U.S. Department of Energy Computer
Incident Advisory Capability's (CIAC) Internet Virus Hoaxes page, but the others all have good and usually
current information.
Between them, they describe more than a dozen hoaxes, from Good Times, to PENPAL GREETINGS, to Join
the Crew. Background, including the actual "warning" message is provided. These sites provide a valuable service
to the Internet community, especially for new users.
AdsJunction.com Ad Network
...all you need to know is written in a book named 'The White Plague' by Frank (Dune) Herbert.
We're all doomed, basically...
Why don't they check this experiment with multiple viruses?
My system, though thought as a virus-free, turned out to have 9 different viruses.
Since they were all battling for the top performance draining position, they cancelled each other out. To equate this to biology, I had what Mr. Burns had on the Simpsons - everything.
Natural Selection.
:)
If only this applied to computers
"...and we shall call it Skynet."
Anybody remember this Onion article?
r .htm /Not my website
http://members.aol.com/marinrobt/Gates_CE_Disaste
...will they cancel each other out?
Have the virus record timestamps, hops, path, etc. Then have the virus relay the data to a central server and delete itself. That should garnish a LOT of information.
The conclusion will be Windows is a weapon of mass destruction. It will be wiped out in a war by the Coalition of the Willing (GNU, Apple, Sun, Qnx).
how would you know [that you've been virus free without installing antivirus software]?
Periodically launching IE (after having firewalled it to connect only to microsoft.com and trendmicro.com) and going to Trend Micro's HouseCall site will tell you whether you have a virus on your machine, and you don't even need to pay for virus definition updates. Run a HouseCall scan overnight once a week (put something in Scheduled Tasks to remind you), and you'll be able to tell Windows XP SP2's security wizard the truth that you are already taking antivirus measures without having to shell out for Norton.
FWIW, readers should always understand that when they read a news story they are getting a reporter's interpretation of an interview that itself attempts to simplify a larger story. Inevitably, this means that technical details don't survive the translation. To wit, on the second page of the proposal we write: While it is tempting to repurpose the epidemiological models of infectious disease in humans [29], Internet pathogens are in fact quite different--they are authored by intelligent adversaries. Consequently, traditional stochastic analyses are highly fragile tools for predicting the dynamics or limitations of future outbreaks. For those actually interested in what our center is planning to do, I've made the proposal and the summary available. It also gives some insight into what an NSF grant proposal looks like for those who are curious. - Stefan
A lot of human social structures tend to mimic nature, partly because we often conciously imitate succesful natural activities and partly because some structures are inherently efficient and will arise spontaneously.
Looking at malware and similar internet problems through the perspective of biological controls may be helpful in other aspects too - spammers, for example live in a remarkably similar ecologogical niche to human parasites such as head lice. Seeing how our current attempts to control those parasites are failing (because poisons etc select for the fittest individuals and create resistant populations) will help us evaluate potential controls for net parasites as well.
"I've got more toys than Teruhisa Kitahara."
and their definitions are two years out of date because they don't want to pay for the subscription!
No excuse. The HouseCall tool by Trend Micro is available free of charge to all users of IE 6 for Windows, and it always uses Trend Micro's latest virus definitions. Sure you don't get the "realtime" protection of say Norton, but if you don't open executable e-mail attachments, don't use Outlook, and don't use IE except on HouseCall and Windows Update, then "realtime" protection probably isn't worth the system slowdown.
Rather, we should identify the malware based on its behavior: Does it alter other executables not installed with it?
Careful. Microsoft could use this as an excuse to prohibit competing compiler toolchains from running on Windows.
Does it connect to one site repeatedly? Many sites rapidly?
Firewalls already detect this by hooking into the network stack, but correlating these with your other heuristics might provide a better idea.
Edit registry settings it doesn't create?
And watch it misclassify antispyware tools as spyware.
Remove or replace other files that weren't installed with it?
A word processor replaces files that weren't installed with it, namely your documents whenever you save them. I'd find this one tricky to define.
This is not biology. The severe, frequent virus outbreaks that have happened in recent times were entirely, realistically, preventable. You don't have to conduct a 6.2 million dollar study into "vectors" and whatnot.
How many more incidents does it take until some major corporations start sueing Microsoft for the damages caused by their gross negligence?
11*43+456^2
I am somewhat surprised that virus writers do not use virus ecology/biology more.
In real Life, the really nasty, viruses are the ones that have a comparitively low lehatlity. This allows the infected hosts to continue spreading for a long time. And/Or the (early) symptoms are pretty mild, so hosts will often ignore them.
Hmmm... sounds like most mail relay trojans. I know a few people who *continued* to use thus infected machines, because the inconvenience of cleaning it up is more work for them than having a slower connection now and then. They did not care that they were hosting a trojan.
Xix.
"Everything is adjustable, provided you have the right tools"
But I honestly think the only way we are ever going to alleviate this problem is by writing, as some others have done recently, "virii" to exploit these know holes and patch the machines they exploit.
Then of courseon could forsee a sort of arms race whereby virus authors write in the ability to stop another program from using the same exploit to gain entry to the machine and patch it. So basicly it would be an early bird gets the worm sort of scenario where whomever infects the machine first wins.
Still I think its better than leaving it up to a bunch of lazy computer users who make the rest of the world suffer because they are either too inept or too lazy to patch their machines.
"The saddest words of mice and men, are not those which were, but should have been."
Organisms can die from diseases. A virus won't destroy a computer, the worst case scenario is a wipe and fresh install. This means that Microsoft can make their software bug-ridden.
Maybe if viruses were to fry hardware, we could see some improvements.
The problem with the terminology (and attempts to use it as a model) is that it implies that human diseases and computer viruses are somehow based on the same mechanisms and can be fought in similar ways. This is obviously untrue. Human and computer viruses may spread in similar patterns, that's not related to how they work, rather the way they are transmitted. A forest fire also spreads by contact.
A better analogy for computer viruses (and trojans and spyware and worms) is the "parasite", since this is a general form that is found at many, many levels: parasites in our blood, in our cells, in our societies, even in our genes. (The bulk of genetic material appears to consist of parasitic DNA).
Looking at computer malware as a disease misses the point. Actually, looking at human viruses as "diseases" also misses the point.
The thing about parasites is that they are inevitable but that there is an implicit balance between a parasite and its host population that generally ensures that the parasite adapts to becoming less harmful and eventually passive or even cooperative. (Which is why there are ten bacterial cells for every human cell in your body).
Parasites only get out of control when the host population has insufficient variation. It's not a troll to say that the Windows monoculture is the fundamental cause of the current plague of malware.
Variation is the basic solution to parasitic behaviour. Given that, parasites will move only slowly, will adapt to causing less harm (or they will kill their hosts and die as well), and will eventually form the basis for an immune system (fighting off other parasites).
It's inevitable that 60-70% of all software running on all computers will, eventually, be parasitic.
This topic was explored in some detail by HeironymousCoward on Slashdot, about a year ago.
Sig for sale or rent. One previous user. Inquire within.
Can we BE more Naive ?
....send us a million and poor grad students like me can get funded for doin security projects.
1) Its ok to compare human viruses to computer ones while talking to PHB's but at least everyone knows that the same techniques does not make sense. Like OS is similar to a very primive organism very unlike humans.
2) We need to look into natural clusters like ant colony and how they get wiped out by some disease and how they cope up (I belive they have quarintine etc) How the individual immunity leads to collective immunity.
3) 6.2 Million is a lot of money. Institutions like us are DRY on funding
- Rants of an Anonymous Coward
...for the parent post's suggestions, point-for-point:
/.ers out there---that means bathing/showering, shaving/haircut and brushing teeth) and exercise regularly (ie. stand up and move around--outside of the basement when you can)
- avoid drugs and alcohol
- avoid saturated fats
- wear a condom if you screw around
- practise good hygeine (hint for some of the
- get that funny mole checked out if it gets bigger or suddenly loses or grows hair
- get your flu shot
BTW...if you don't rely ona virus scanner, how do you know you've never had a virus on your PC? Without scanning your PC these days, you could have one and never know because the paylod didn't damage anything important, or bugs in the virus code or your particualr configuration prevented it from invlicting damage...
Anyways, I don't have to do a bunch of research to tell you what comuting is like in human terms:
- We are currently in mediaeval times. The unwashed masses are ruled by the tyrant King William (Gates) III and are subject to his whims. The fear of MSGod drives them to give tithes to the church of Pope Steve Ballmer.
- The unwashed masses are relatively ignorant and are truly unwashed...poor hygeine is rampant, as is malnutrition, making conditions ripe for major plagues
- the privleged MSCE Nobles who know better build fortresses...with moats and "firewalls"...to protect their domains from the savage outside world
So look to the middle ages to see what computing has in store for us in the near future. There is hope though:
- Linus Torvalds and his merry band of rebel bandits are out trying to steal market share from the rich to share with the poor. (yeah I know...Robin Hood is legend not history...whatever)
- A holy man--one Eric Raymond--has written a protest against the indulgences of the powers that be and nailed it to the door of the cathedral...for all in the bazzar to read.
There is a little optimisim trying to crawl out from the rock that is the cynic in me...I'm waiting eagerly for the renaissance of Free Software (the rise of Democracy as it were)
Thus explaining why people who use Linux and people who never get laid tend to be the same people.
And why Windows users are getting fucked constantly.
If people were releasing their home spliced viruses and bacteria into the wild, then this might be a fair comparison.
"Which is why there are ten bacterial cells for every human cell in your body"
;)
This is basically an urban legend. The vast number of bacteria to which you are referring are isolated inside the colon - they are not really "in your body" in a functional sense. Except for certain epithelial-lined surfaces (the GI tract, upper airways, surface of the skin, lower GU organs) all tissues are normally free of bacteria.
Trust me, I'm a doctor
Comparing every aspect of computing and networking to biology is not any less fallacious than trying to understand how does a car work looking at it like it was a biological organism. Real life has evolved randomly together with virii and parasites but all of the software including any kind of malware was intelligently designed. The most common misconception resulting from such a reasoning is that computer malware will always be relatively harmless because killing the victim is not smart from any parasite's point of view. Wrong. A deadly worm quickly spreading and erasing all of the data an hour later would not survive so long as Code Red, but it doesn't have to survive in the first place if that is not important for its creator. Survival is not important because software doesn't have to live long enough to evolve. It is designed and created manually and then released. It can be written for months or years and then live only few hours if that is the purpose of writing it. I think that assessing the spreading patterns of Internet malware like those of human epidemics might be very interesting but there is a hidden fallacious reasoning that comparing the virii themselves to human diseases will somehow help fighting them which leads to concentrating on spectacular effects instead of boring causes of the problem. The problems are buffer overflows which can be completely eliminated, running code from untrusted sources, etc. It has nothing to do with literally anything known in the real world any more than proving a theorem does. Another thing is comparing Internet to a population and fighting malware in the context of epidemics. This is foolish. In reality, there is a user with a computer and her data. She can lose her data or some of her secrets may become public and in that case she won't say "that's OK because this epidemic disease is contained and the population of computer users will survive" because if she loses her work she doesn't care about other computers. When she gets broken into she shouldn't think "I am sure my system will keep working because killing it would be disadvantageous from the evolutionary standpoint for the software" becuase the ultimate reason of the attack is not just the existence itself. The reason may be getting user's credit card number or performing a DDoS attack. The reason may be causing panic by deleting everything. The reason may be anything. And the problem is not millions years of evolution side by side with parasites but using "gets" instead of "fgets." It's not that we don't know how does the malware work or that we cannot write secure code. Look at KeyKOS or EROS. Look at OpenBSD. Look at Debian. Do we have any "epidemics" there to contain and to fight? No. Such studies are interesting but only because observing symptoms and effects is interesting. If we really want to stop malware we should start from reading the source code of EROS instead of analysing global patterns in problems with Windows. Please read this paper from 1979: GNOSIS: A Prototype Operating System for the 1990s. The problem is that we have 2004 and still the most popular operating system completely ignore the solutions from the 1970s.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
Computer viruses are dealt with not by evolution, but by code review and patching the system. Nothing to do with evolution.
Evolution takes place in human society. For example many people switch from MSIE to Mozilla. Other from Windows to Apple or Linux. People start treating security much more serious these days. And good indicator of such "rate of evolution" may be web site log statistic of web broser and operating system usage change.
But this have nothing to do with applying biological principles to computer systems.
we're comparing human virus and computer virus, and that makes Microsoft the mucus membranes... right?
every day http://en.wikipedia.org/wiki/Special:Random
So you come up with a descriptive model of computer virus propagation that is evocative of epidemiology. So what? We know how to prevent most of the recent virus/worm outbreaks and yet those solutions are ignored. I don't think most users really care about the epidemiological issues and -- they care about not being hacked, which is very doable.
So what does this research add to the computer security research cacophony? I'm not trying to be ugly, just honest about it all. Is it just to get NSF money (which is what I suspect since I served on NSF review panels).
Why do computer scientists and engineers think that a cursory knowledge of a biological model is going to help solve deep problems in CS&E? This whole "virus" vs. "parasite" vs. "epidemiology" crap is a big freaking funding grab by university researchers from NSF and NIH (who has the bigger budget to waste). This trend in CS will end badly because it is motivated more by greed than feasible solutions to problems. Unfortunately, it is currently succeeding because it is easy to confuse funders and reviewers with multi-disciplinary biocyber babble-speak. Very few are versed in both disciplines well-enough to call BS with any effect.
Laziness and stupidity.
Laziness = not patching your systems when you know you should.
Stupidity = being willfully ignorant - anyone who wants to be safe can easily find out how. But it seems that most people not only don't bother, they're proud to stay ignorant. That = stupidity.
- Write software with safer languages.
- Design/implement/test deserve equal emphasis
- Don't add features at the last minute
- Practice the principle of least privilege when designing, developing, and administering computer systems
We make things more complex than they need to be, and the complexity creates the problems we have now: the more complexity, the more things defenders must defend and the easier attackers can find vulnerabilities. It's called "asymmetric threat analysis" and has been known for several hundred years.
One major difference between human and computer viruses is topological. Because diseases spread by contact, connectivity regulates the pattern of transmission. For people, connectivity is largely 2-D -- the flu spreads through in neighborhoods and cities before moving across countries and the globe. (Exceptions do come from air travel and intracity connectivity is somewhat greater than 2-D). Human connectivity is also very sparse. A given person can only reach a minute fraction of the population in a day.
In contrast, computer connectivity is nearly infinite-dimensional as the latency between any pair of computers is nearly constant. Watching the spread of worms (e.g. Witty), the doubling time is not limited by travel times and all computers in the world are simultaneously vulnerable.
Two wrongs don't make a right, but three lefts do.
we are about 30 years overdue for an influenza pandemic. The last one in 1918 killed more people than the first world war. When it comes it will come from asia due to the juxtaposition of poultry, pigs and humans allowing a significant change in the antigens covering the flu (antigenic shift rather than drift)
Therefore we would expect the health professionals in Hong Kong to be pretty good re surveillance, minimising spread etc.
No
When SARS came out it was the medics that caught it and spread it and died from it.
The difference between SARS and influenza is that if one person with SARS coughs in a room containg 1000 people then 7 people will be infected, with influenza it is 700 people that are infected.
I wish people would stop drawing parallels between IT systems/procedures and medicine. Please remember that health professionals have been BSing the people for hundreds of years and are quite good at it.
If we use medical models of infection control in IT then we are all fscked
Dr mikieboy MB.ChB.
Viruses come from email, web surfing, program files, image files, music files, floppy disks, cd's, dvd's, thumb drives, network attached storage, routers, hijacked ip streams...
(And I bet I have just listed more than the 6.2 million dollar study).
I am really glad the government has decided this is worth 6.2 million dollars. Couldn't they have purchased a report from any *one* of the specialized companies that does this for a living. Cripes...
hmmm is this what happened in terminator 3?
http://www.npcgaming.com Dedicated Gaming Servers