Slashdot Mirror

← Back to Stories (view on slashdot.org)

Assessing Internet Viruses Like Human Epidemics

Posted by ryuzaki0 on from the beating-the-spread dept.

underpar writes "This ComputerWorld.com article discusses the UCSD's $6.2 million attempt to study Internet viruses in a manner similar to the study of human epidemics. Stefan Savage, a computer science professor, is quoted in the article as saying, 'We'll be focused on what vectors are used, just like in assessing West Nile, to spread computer viruses and ultimately try to develop defenses to prevent them from spreading.'"

20 of 171 comments (clear)

  1. Distinction... by z3021017 · · Score: 3, Interesting
    Computers can have their data wiped for a new, clean beginning.

    Humans can't.

    --
    Bored? Visit my exciting counter page!
  2. Interesting Academic Exercise by tony3w · · Score: 5, Interesting

    This is an interesing academic exercise, but the basic defenses that have been preached for years work just fine:

    - Avoid IE for surfing
    - Avoid OL/OE for eMail
    - Firewall (in and out) all OSes with large numbers of exploitable bugs
    - Automate patching
    - Warn on Anomolous behavior
    - Have a virus scanner that is up to date

    I don't even rely on the last one and I've been virus free for the past 9 years!

    1. Re:Interesting Academic Exercise by tony3w · · Score: 2, Interesting
      I actually used to use Outlook as my preferred mail client. Then they 'updated' it and prevented my mail-viewing template from working properly. I basically created a filter that (before any non-text email was rendered) removed a list of about 15 strings that had potential for being harmful (ActiveX, XSL, CSS, JS, images, etc.) The geniuses that updated OL in OfficeXP SP2 changed the behavior of OL to actually pre-render the HTML content before it hit my filter. So the images were downloading, CSS would format the text, JS would run, etc. That's when I ditched OL in favor of Mozilla Mail.

      I recognize that there are some rudimentary protections in SP1 and SP2 that supposedly make some of this content 'safe,' but given the ease with which people have found cross-zone scripting, redirecting, and spoofing problems I would rather just use something that gives me more control over the content that gets executed on my machine.

      If you still use Outlook/IE, please patch it now to correct the latest JPEG overflow in addition to a few other holes from the past few months. That only prevents the currently known-to-work problems from biting you. If history is any indicator, there will be quite a few more in the future.

      You stated that you don't automatically patch, but have Windows Update alert you when there is a problem. That's an excellent idea as long as you actually install the patches that most affect you. I used to promote that behavior but found that most people just ignore the 'ready to install' notification and contract the malware that would have been prevented. I don't advocate 'automatic install' from WU for all people. There are other excellent methods of automating patching (SUS and SMS come to mind for organizations.)

      Unfortunately, common sense avoiding doesn't work anymore with executable content. Defense-in-depth is necessary. You have to set up independent layers (Good software selection, AV, Firewall/IDS, AutoPatching) to protect you because it's really inconvenient to surf without JPEGs and you didn't even know to block them until 6 months after the problem was found...

  3. Re:Fixes by wikdwarlock · · Score: 2, Interesting

    IANACSM (I am NOT a CS major) but I would think that "stop[ping] the creation of viruses and malware" is impossible for any application short of Hello World! Viruses and malware have found a niche online, just like virii and bacteria in RL. I would assume the best hope, as with the wetware versions, is peaceful, mostly unobtrusive cohabitation, not irradication.

    --

    "I must not fear. Fear is the mind killer." -Bene Gesserit Litany Against Fear
  4. Re:Hasn't this been done before? by hashish · · Score: 5, Interesting

    Yeah, and this does miss some points. Viruses in humans can mutate and attach themselves to other viruses. Until a computer virus does this they eventually die out when the PC gets patched.

    But i guess it was fun for someone to do...

  5. Linux tagline by microsopht · · Score: 2, Interesting
    Computer security analysts have also warned that more viruses in the future will be written to attack systems that run on the Linux operating system and hand-held devices like cell phones.

    Every article seems to have his tagline attached.Looks like people cant seem to wait for Linux Viruses!

    Perhaps they wanna entice people into writing L.virus

  6. The computer-organism paradigm doesn't work by mark-t · · Score: 4, Interesting
    Because living organisms are more or less static, and if it weren't for evolution, would be completely unchanging. Living organisms can defend against viruses reasonably well because they know what they are and can therefore easily recognize anything that doesn't match that, and just go bezerk on it.

    Desktop computers, on the the other hand, are not static systems at all. So there's no really good way for a system to differentiate what's not really supposed to be there from something that was deliberately put there by the user. As I said, this isn't a problem for a living organism because that's a closed system, and anything new that gets put into it, without suitable precautions taken beforehand, will be attacked by the body's defenses as a foreign invader. Such a mechanism implemented on a desktop computer would render the computer practically useless for anything that we take for granted that programmable computers do today.

    --
    File under 'M' for 'Manic ranting'
    1. Re:The computer-organism paradigm doesn't work by Qzukk · · Score: 4, Interesting

      So there's no really good way for a system to differentiate what's not really supposed to be there from something that was deliberately put there by the user.

      Thats not a good way to categorize things, given the number of malware and trojans "deliberately" installed by the user. Rather, we should identify the malware based on its behavior: Does it alter other executables not installed with it? Does it connect to one site repeatedly? Many sites rapidly? Does it attempt to access the addressbook? Mail itself out? Make multiple copies of itself in the windows directory? Edit registry settings it doesn't create? Remove or replace other files that weren't installed with it? And so on...

      Once we look at it that way, its fairly simple to identify malware as its operating, and once its identified, the cleanup process can begin.

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
  7. Re:Apples to Oranges by savagedome · · Score: 2, Interesting

    Actually humans *are* susceptible to a lotttt of viruses. Its the immune system that you should be thankful for. If you need a layman's read to get a feel of what we are made of, get hold of the book Genome by Matt Ridley. Very fascinating.

    --


    Free XBox, PS2
  8. Conjecture on their conclusions by Large+Bogon+Collider · · Score: 3, Interesting
    If their conclusions about computer viruses vs biological viruses are similar then my guesses as to the outcome are:

    1) Monoculture is bad in containing viral spread (good for other operating systems)

    2) Since viruses cannot be totally eliminated, a virus resistant host is important (good for most other OSes)

    3) Effective antivirus/vaccination efforts should be made (most open source OSes are intrinsically resistant to attack)

    4) Public education to help prevent risky behaviors (open OS users are generally much more computer adept)

    See a pattern here?

  9. OK, let's go with this by bigberk · · Score: 4, Interesting

    In a biological system (an ecosystem) you want a large diversity of species participating in the system, so that environmental fluctuations and pathogens don't wipe out large parts of the ecosystem all at once.

    If you extend this to interoperating computer systems, then ideally you want a variety of platforms (indeed, operating systems but also processor architectures and device types).

  10. Re:Hasn't this been done before? by Mshift2x · · Score: 5, Interesting

    Yes. This has been done before. We've done this in our calclulus class. We've used a program to map the 'lifecycle' of a virus. First numerous vulnerable PCs, the way in which they spread to eachother, new vulnerable computers being connected to the internet, patching of the computers. It was all pretty cool stuff.

  11. Re:Fixes by halowolf · · Score: 2, Interesting
    This reminds me of a documentary I saw about various RL viruses and such that could be made to completely harmless, as long as we stopped attacking them with drugs and different treatments.

    There was an example about all the big cats species around the world (except for 1) that all had a virus that appeared to be completely harmless to them. Also there was an example of what I vaguely remember as a cholera outbreak that the more it was attacked with drugs the more virulent and damaging it became.

    The point of the documentary was that instead of using bigger and badder drugs to attack these nasties (which could lead to them becoming more nasty since they have to adapt so that they can survive) that another way that they could be effectivly treated was to guide their evolution to a place where they can exist within us but do no harm.

    However i'm not comparing this to computer viruses :)

  12. Write a virus that tracks it's spread... by kkith · · Score: 1, Interesting

    Have the virus record timestamps, hops, path, etc. Then have the virus relay the data to a central server and delete itself. That should garnish a LOT of information.

  13. Re:Why West Nile? by xombo · · Score: 2, Interesting

    +4 interesting?!?!!
    As a gay man I take offense.
    Straight women, specifically minority women, have the highest infection rates of AIDS right now. Don't even think that because you're straight and don't take it in the ass that you're immune.

  14. Re:Hasn't this been done before? by darkain · · Score: 5, Interesting

    polymorphic code

  15. Flipside by xixax · · Score: 2, Interesting

    I am somewhat surprised that virus writers do not use virus ecology/biology more.

    In real Life, the really nasty, viruses are the ones that have a comparitively low lehatlity. This allows the infected hosts to continue spreading for a long time. And/Or the (early) symptoms are pretty mild, so hosts will often ignore them.

    Hmmm... sounds like most mail relay trojans. I know a few people who *continued* to use thus infected machines, because the inconvenience of cleaning it up is more work for them than having a slower connection now and then. They did not care that they were hosting a trojan.

    Xix.

    --
    "Everything is adjustable, provided you have the right tools"
  16. Difference between computers and organisms: by cr0z01d · · Score: 5, Interesting

    Organisms can die from diseases. A virus won't destroy a computer, the worst case scenario is a wipe and fresh install. This means that Microsoft can make their software bug-ridden.

    Maybe if viruses were to fry hardware, we could see some improvements.

  17. A "meatspace" analogy... by WebCowboy · · Score: 2, Interesting

    ...for the parent post's suggestions, point-for-point:

    - avoid drugs and alcohol
    - avoid saturated fats
    - wear a condom if you screw around
    - practise good hygeine (hint for some of the /.ers out there---that means bathing/showering, shaving/haircut and brushing teeth) and exercise regularly (ie. stand up and move around--outside of the basement when you can)
    - get that funny mole checked out if it gets bigger or suddenly loses or grows hair
    - get your flu shot

    BTW...if you don't rely ona virus scanner, how do you know you've never had a virus on your PC? Without scanning your PC these days, you could have one and never know because the paylod didn't damage anything important, or bugs in the virus code or your particualr configuration prevented it from invlicting damage...

    Anyways, I don't have to do a bunch of research to tell you what comuting is like in human terms:

    - We are currently in mediaeval times. The unwashed masses are ruled by the tyrant King William (Gates) III and are subject to his whims. The fear of MSGod drives them to give tithes to the church of Pope Steve Ballmer.

    - The unwashed masses are relatively ignorant and are truly unwashed...poor hygeine is rampant, as is malnutrition, making conditions ripe for major plagues

    - the privleged MSCE Nobles who know better build fortresses...with moats and "firewalls"...to protect their domains from the savage outside world

    So look to the middle ages to see what computing has in store for us in the near future. There is hope though:

    - Linus Torvalds and his merry band of rebel bandits are out trying to steal market share from the rich to share with the poor. (yeah I know...Robin Hood is legend not history...whatever)

    - A holy man--one Eric Raymond--has written a protest against the indulgences of the powers that be and nailed it to the door of the cathedral...for all in the bazzar to read.

    There is a little optimisim trying to crawl out from the rock that is the cynic in me...I'm waiting eagerly for the renaissance of Free Software (the rise of Democracy as it were)

  18. Re:Hasn't this been done before? by Anonymous Coward · · Score: 2, Interesting

    It has. It is actually a pretty interesting problem. There are a number of things that make studying computer virus different than biological viruses. One area of interest is incorporating the network topology into the model. Computer networks tend to be 'scale-free', the internet certainly is. Most epidemiological models (SIS, SIR etc) assume completely mixed populations. When you put them on a different network topology you can get different results.

    Vaccination strategies center on trying to lower R_0. In computer networks it is possible to have a vanishingly small epidemic threshold. Also, in scale-free networks the hubs are central to viral transmission. These papers
    http://www.cosin.org/publications/condmat0205260.p df/
    http://www.cs.princeton.edu/courses/archive/fall03 /cs323/links/pastor-satorras.pdf/
    contain these ideas.

    Generally in a scale-free human disease network like STD transmission you want to vaccinate the highly connected hubs. Since the transmission time for viruses on computer networks approaches zero you can run into some serious problems. Such as it is not possible to 'vaccinate' enough of the network hubs in time=> no real way to stop epidemics on computer networks via 'vaccination'. Hopefully this research will provide better answers to these questions.