Slashdot Mirror

← Back to Stories (view on slashdot.org)

Assessing Internet Viruses Like Human Epidemics

Posted by ryuzaki0 on from the beating-the-spread dept.

underpar writes "This ComputerWorld.com article discusses the UCSD's $6.2 million attempt to study Internet viruses in a manner similar to the study of human epidemics. Stefan Savage, a computer science professor, is quoted in the article as saying, 'We'll be focused on what vectors are used, just like in assessing West Nile, to spread computer viruses and ultimately try to develop defenses to prevent them from spreading.'"

20 of 171 comments (clear)

  1. Hasn't this been done before? by wikdwarlock · · Score: 5, Insightful

    This hardly seems like a novel idea. Isn't the whole calling a computer virus a "virus" supposed to help us understand it in a biological/human way?

    --

    "I must not fear. Fear is the mind killer." -Bene Gesserit Litany Against Fear
    1. Re:Hasn't this been done before? by Mistlefoot · · Score: 3, Insightful

      Viruses do mutate.

      Just need a little bit of help from humans.

      How many mutations of sasser have we seen?

      Actually....I'd bet more viruses are mutations then original.

    2. Re:Hasn't this been done before? by Anonymous Coward · · Score: 1, Insightful

      Polymorphic viruses don't really mutate, it's just a stealth thing, they can't evolve. Viruses these days take advantage of the one problem no software company can eliminate (even though we'd often want to): the user and his/her stupidity.

  2. Why West Nile? by Curunir_wolf · · Score: 4, Insightful

    Why not study it like they do the AIDS virus? That is, it's obvious that certain behavior will greatly increase the risk of infection, and some, based on location and lifestyle (OS) have very little chance of infection at all.

    --
    "Somebody has to do something. It's just incredibly pathetic it has to be us."
    --- Jerry Garcia
    1. Re:Why West Nile? by Anonymous Coward · · Score: 3, Insightful

      That is not how this comment was meant, I think. Regardless of sexual preference, an example of a high-risk lifestyle would be having promiscous unprotected sex. A low risk lifestyle would be to be involved in a long-term monogomous relationship.

    2. Re:Why West Nile? by PitaBred · · Score: 2, Insightful

      I know that this is terribly offtopic, but this is EXACTLY what pisses me off about "minorities." You assume that someone is insulting you because they use the term "lifestyle." Lifestyle can be having promiscuous sex, going to clubs, sitting at home and masturbating, and of a LARGE number of things. Yet you think someone means you, and you're being discriminated against, thus giving you the right to... something. Reparations, additional rights, whatever.
      Excuse me, but grow the fuck up and get over yourself. You're nowhere near as special as you'd like to think you are.

      --
      My blog. Good stuff (when I remember to update it). Read it.
    3. Re:Why West Nile? by Mordaximus · · Score: 2, Insightful
      As a gay man I take offense.

      No, I don't think it's your sexual affinity, I think that it's the fact that you are a total bigot. Parent post didn't even hint at gay, rather (s)he mentioned location and lifestyle, yet you're up in arms. Spend less time looking for ways to take offence to what people have to say.

      You assume parent poster isn't gay, you assume that parent is male and that (s)he doesn't participate in anal sex. And you got all of that from a rather insightful post from the parent. Hope you make yourself sick, you certainly make me feel that way. Because yes, you are way prejudiced, and fucking paranoid to boot.

      Don't even think that because you're straight and don't take it in the ass that you're immune.

      You realise where you're posting - a giant blog populated by a like-minded group of individuals who are generealy stereotyped as unwashed, Star Trek convention attending virgins who live in their basement decorated with Farscape posters? What an idiotic thing to say to an audience that is probably most sensitive to any group that is that has been the target of stereotypes and misconceptions.

      You'd be smart to apologise to parent poster.

  3. Fixes by Zevets · · Score: 5, Insightful
    While this will study will explain how viruses spread, will it really tell us how to cure viruses.

    We all know how smallpox spreads. We do not know how to cure it.

    We know how viruses spread, but we only know how to remove it from a computer, not how to fix the problems of viruses.

    This study will show us where to put better virus filters, which is useful, but it will not tell us how to stop the creation of viruses and malware, which is what we really need.

    --

    Mod Wisely.

  4. The difference is... by Tyrdium · · Score: 2, Insightful
    ... most organisms don't want to get viruses. From what I've seen from doing tech work, the average user doesn't care about viruses. Hell, half of the time, they don't even know what they are, and their definitions are two years out of date because they don't want to pay for the subscription! And I won't even mention the lack of Windows updates and the horrid use of IE... [/rant]

    Also, natural selection means that species will likely eventually gain a resistance to whatever virus is affecting them (granted, the virus will also adapt). Not so with computer users, unless ISPs decide to start shutting down access to infected boxen.

  5. The best solution... by bizpile · · Score: 3, Insightful

    The best solution, in my humble opinion, is quarantine. Get the infected user off the Internet. My ISP does it and hopefully many others do too.

  6. Hello? Viruses????? Doorknob? by Mulletproof · · Score: 2, Insightful

    Um, the epidemic thing ain't an original thought, let alone new news. Infact, I seem to remember an that article said it was good that the internet have all these pesky bugs here and there. Like the human body, countermeasures will be inacted to not simply limit the current infection, but help future minor and potential major outbreaks as well. The tactics of the small cases help devise strategies to deal with larger cases and so forth. I mean, naming the damn thing a virus oughta lead you strait to this line of logic that is now amazingly being considered breaking news here...

    Next story, please.

    --
    You need a FREE iPod Nano
  7. Re:Interesting Academic Exercise by Anonymous Coward · · Score: 3, Insightful

    " - Have a virus scanner that is up to date

    I don't even rely on the last one and I've been virus free for the past 9 years!"

    Ummm......... how would you know?

  8. Re:Distinction... by fatman22 · · Score: 4, Insightful

    In humans it's called "dying"

  9. Hate to say it... by MortisUmbra · · Score: 2, Insightful

    But I honestly think the only way we are ever going to alleviate this problem is by writing, as some others have done recently, "virii" to exploit these know holes and patch the machines they exploit.

    Then of courseon could forsee a sort of arms race whereby virus authors write in the ability to stop another program from using the same exploit to gain entry to the machine and patch it. So basicly it would be an early bird gets the worm sort of scenario where whomever infects the machine first wins.

    Still I think its better than leaving it up to a bunch of lazy computer users who make the rest of the world suffer because they are either too inept or too lazy to patch their machines.

    --

    "The saddest words of mice and men, are not those which were, but should have been."
  10. Re:Linux tagline by unoengborg · · Score: 4, Insightful

    Well, if the security of the average Linux distro will not get better this is an accident just waiting to happen.

    Most Linux distros relies on the same types of protection of illegitimate use as windows. Just like in windows we have users and groups with read, write and execute permissions. It is therefore likely to have similar problem if sombody decides to write malware like viruses.

    So far this has been fairly uncommon, perhaps because there are more constructive ways for hackers to make a difference in the open source world than in the land of Microsoft.

    Furthermore, Linux have the advantage of having more skilled users than windows. The average Linux user would be much harder to fool into open e-mail attachments etc than the average Windows user. But as the use of Linux becomes more widespread we can assume that it will get into the hands of users just as badly educated as the average windows user usually is. They will run their systems as root and do stupid things just like they do in windows today. As a result we will see more problems on the Linux platform.

    The fact is, that if you avoid MS-Outlook, don't open attachments from unknown people, make sure that you always have the latest security patches from Microsoft installed, the chance of getting hin in windows is quite small. So far I have never had a windows virus, neither have my wife and we have used windows since the release of NT4.

    Clearly both Linux and Windows needs enhancements to protect it from clueless users. Microsoft will probably try to do this by shutting the user out of his computer and only allow trusted software to run through the use of their TCPA system.

    In Linux we have the SELinux stuff NSA put into the latest 2.6x kernel series that provides mandatory security. It makes it possible to on an application basis control what files an application may read. write, execute or even see regardless of what user that runs the application including root. In similar way it is possible to control what capabilities an application have with regards to e.g. networking or memory.

    In this kind of system anything that isn't explicitly allowed is forbidden so if you have a good security policy a virus would be allowed to do very little harm and have limited ability to spread.

    E.g you could configure your system to refuse to execute anything downloaded by mozilla or you favorite e-mail client until you explicitly allow it from a password protected user role. This would of course not prevent mozilla from doing some harm if the virus was running within the mozilla process perhaps as a result of a buffer overflow security breach. But even here SELinux could help. If mozilla only could see html files and only was allowed to alter them if you had the role of webmaser the damage would be limited.

    So, Linux already have the tools to be secure. The problem is that they are not widely used, and in the cases they are, security policys are often to lenient. One reason for this might be that the tools for creating policys are too hard to use.
    I'm happy to see that SELinux is enabled by default in the new Fedora Core 3 test release.

    --
    God is REAL! Unless explicitly declared INTEGER
  11. "Viruses" vs. "Parasites" by ites · · Score: 4, Insightful

    The problem with the terminology (and attempts to use it as a model) is that it implies that human diseases and computer viruses are somehow based on the same mechanisms and can be fought in similar ways. This is obviously untrue. Human and computer viruses may spread in similar patterns, that's not related to how they work, rather the way they are transmitted. A forest fire also spreads by contact.

    A better analogy for computer viruses (and trojans and spyware and worms) is the "parasite", since this is a general form that is found at many, many levels: parasites in our blood, in our cells, in our societies, even in our genes. (The bulk of genetic material appears to consist of parasitic DNA).

    Looking at computer malware as a disease misses the point. Actually, looking at human viruses as "diseases" also misses the point.

    The thing about parasites is that they are inevitable but that there is an implicit balance between a parasite and its host population that generally ensures that the parasite adapts to becoming less harmful and eventually passive or even cooperative. (Which is why there are ten bacterial cells for every human cell in your body).

    Parasites only get out of control when the host population has insufficient variation. It's not a troll to say that the Windows monoculture is the fundamental cause of the current plague of malware.

    Variation is the basic solution to parasitic behaviour. Given that, parasites will move only slowly, will adapt to causing less harm (or they will kill their hosts and die as well), and will eventually form the basis for an immune system (fighting off other parasites).

    It's inevitable that 60-70% of all software running on all computers will, eventually, be parasitic.

    This topic was explored in some detail by HeironymousCoward on Slashdot, about a year ago.

    --
    Sig for sale or rent. One previous user. Inquire within.
    1. Re:"Viruses" vs. "Parasites" by Tony-A · · Score: 2, Insightful

      Hmmm, very interesting.
      It's inevitable that 60-70% of all software running on all computers will, eventually, be parasitic.

      My first reaction is to violently disagree. It is quite possible to knock that number down, way way down. There are even some things we can do like recover back to a previous state. "I wish I hadn't done that. Wish granted."

      However, the question is how uninfected is it worth taking the trouble to be. I'm afraid the answer is that it's a lot more trouble than it's worth.

      The problem with "generally ensures that the parasite adapts to becoming less harmful and eventually passive or even cooperative" is that is true of the survivors and not necessarily representative of the original population. This makes avoiding a monoculture all the more essential to having something survive.

  12. Re:Difference between computers and organisms: by ESqVIP · · Score: 2, Insightful

    The recent viruses (including worms and trojans) on the computing world are more like "smart" parasites than killers. They don't go as far as some biological viruses (though the ones that overuse your bandwidth are getting quite close).

  13. Faulty application of biology to engineering by Anonymous Coward · · Score: 1, Insightful

    Why do computer scientists and engineers think that a cursory knowledge of a biological model is going to help solve deep problems in CS&E? This whole "virus" vs. "parasite" vs. "epidemiology" crap is a big freaking funding grab by university researchers from NSF and NIH (who has the bigger budget to waste). This trend in CS will end badly because it is motivated more by greed than feasible solutions to problems. Unfortunately, it is currently succeeding because it is easy to confuse funders and reviewers with multi-disciplinary biocyber babble-speak. Very few are versed in both disciplines well-enough to call BS with any effect.

  14. coz we so good at the human virus strategies by mikieboy · · Score: 1, Insightful

    we are about 30 years overdue for an influenza pandemic. The last one in 1918 killed more people than the first world war. When it comes it will come from asia due to the juxtaposition of poultry, pigs and humans allowing a significant change in the antigens covering the flu (antigenic shift rather than drift)
    Therefore we would expect the health professionals in Hong Kong to be pretty good re surveillance, minimising spread etc.
    No
    When SARS came out it was the medics that caught it and spread it and died from it.
    The difference between SARS and influenza is that if one person with SARS coughs in a room containg 1000 people then 7 people will be infected, with influenza it is 700 people that are infected.

    I wish people would stop drawing parallels between IT systems/procedures and medicine. Please remember that health professionals have been BSing the people for hundreds of years and are quite good at it.
    If we use medical models of infection control in IT then we are all fscked

    Dr mikieboy MB.ChB.