Slashdot Mirror
Assessing Internet Viruses Like Human Epidemics
underpar writes "This ComputerWorld.com article discusses the UCSD's $6.2 million attempt to study Internet viruses in a manner similar to the study of human epidemics. Stefan Savage, a computer science professor, is quoted in the article as saying, 'We'll be focused on what vectors are used, just like in assessing West Nile, to spread computer viruses and ultimately try to develop defenses to prevent them from spreading.'"
This hardly seems like a novel idea. Isn't the whole calling a computer virus a "virus" supposed to help us understand it in a biological/human way?
"I must not fear. Fear is the mind killer." -Bene Gesserit Litany Against Fear
"...just like in assessing West Nile, to spread computer viruses and ultimately try to develop defenses to prevent them from spreading.'"
Ummm, don't use windows?
Sorry, had to say it.
Humans can't.
Bored? Visit my exciting counter page!
Why not study it like they do the AIDS virus? That is, it's obvious that certain behavior will greatly increase the risk of infection, and some, based on location and lifestyle (OS) have very little chance of infection at all.
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
This is an interesing academic exercise, but the basic defenses that have been preached for years work just fine:
- Avoid IE for surfing
- Avoid OL/OE for eMail
- Firewall (in and out) all OSes with large numbers of exploitable bugs
- Automate patching
- Warn on Anomolous behavior
- Have a virus scanner that is up to date
I don't even rely on the last one and I've been virus free for the past 9 years!
We all know how smallpox spreads. We do not know how to cure it.
We know how viruses spread, but we only know how to remove it from a computer, not how to fix the problems of viruses.
This study will show us where to put better virus filters, which is useful, but it will not tell us how to stop the creation of viruses and malware, which is what we really need.
Mod Wisely.
Computer virusen are actually like STD's. Windows has sex like crazy without any protection, and of course Linux doesn't have sex at all, just like its users. :)
It was a really good paper.
This hardly seems like a novel idea. Isn't the whole calling a computer virus a "virus" supposed to help us understand it in a biological/human way?
I don't like likening malicious computer use to biology. If we call Sasser a "virus", then we would likewise have to call port-scanning a "forcible proctology exam".
You don't want to know what buffer-overflow exploits would be called...
It will amount to the equivilent of "the virus seems to be spreading because mankind has taken to licking diseased rats. Also, the new trend of sneezing directly into each others mouths also appears to account for some of the outbreak..."
If humans were susceptible to as many viruses as Windows, we would all be dead.
Also, natural selection means that species will likely eventually gain a resistance to whatever virus is affecting them (granted, the virus will also adapt). Not so with computer users, unless ISPs decide to start shutting down access to infected boxen.
The best solution, in my humble opinion, is quarantine. Get the infected user off the Internet. My ISP does it and hopefully many others do too.
Um, the epidemic thing ain't an original thought, let alone new news. Infact, I seem to remember an that article said it was good that the internet have all these pesky bugs here and there. Like the human body, countermeasures will be inacted to not simply limit the current infection, but help future minor and potential major outbreaks as well. The tactics of the small cases help devise strategies to deal with larger cases and so forth. I mean, naming the damn thing a virus oughta lead you strait to this line of logic that is now amazingly being considered breaking news here...
Next story, please.
You need a FREE iPod Nano
$6.2 million ?????? $6.2 million ??????
It better be a sucess not an attempt!
Where have our values gone?
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Every article seems to have his tagline attached.Looks like people cant seem to wait for Linux Viruses!
Perhaps they wanna entice people into writing L.virus
Desktop computers, on the the other hand, are not static systems at all. So there's no really good way for a system to differentiate what's not really supposed to be there from something that was deliberately put there by the user. As I said, this isn't a problem for a living organism because that's a closed system, and anything new that gets put into it, without suitable precautions taken beforehand, will be attacked by the body's defenses as a foreign invader. Such a mechanism implemented on a desktop computer would render the computer practically useless for anything that we take for granted that programmable computers do today.
File under 'M' for 'Manic ranting'
1) Monoculture is bad in containing viral spread (good for other operating systems)
2) Since viruses cannot be totally eliminated, a virus resistant host is important (good for most other OSes)
3) Effective antivirus/vaccination efforts should be made (most open source OSes are intrinsically resistant to attack)
4) Public education to help prevent risky behaviors (open OS users are generally much more computer adept)
See a pattern here?
I'm involved in the center, at ICSI in Berkeley.
If people have questions, feel free to ask.
Test your net with Netalyzr
In a biological system (an ecosystem) you want a large diversity of species participating in the system, so that environmental fluctuations and pathogens don't wipe out large parts of the ecosystem all at once.
If you extend this to interoperating computer systems, then ideally you want a variety of platforms (indeed, operating systems but also processor architectures and device types).
Periodically I get frantic messages from members and friends with "important messages" about new email and
computer viruses that are actually hoaxes. While savvy Internet users can usually immediately spot the hoaxes,
many of our members can be both intimidated and frightened (not to mention the time and effort wasted when the
messages are passed back and forth, to spread these 'alerts/hoaxes'). Running virus checking software can also be
a very time-consuming endeavor (especially on a large Local Area Network), when you find that you have
stopped everyone from working for several hours to check for a hoax, it can be really embarrassing.
My advice is to do a little checking on your own before you excitedly message all of your friends and associates,
and possibly embarrass yourself by wasting a lot of their time. Here are some of the better sites that track both
email and other computer viruses and virus hoaxes. I rely heavily on the U.S. Department of Energy Computer
Incident Advisory Capability's (CIAC) Internet Virus Hoaxes page, but the others all have good and usually
current information.
Between them, they describe more than a dozen hoaxes, from Good Times, to PENPAL GREETINGS, to Join
the Crew. Background, including the actual "warning" message is provided. These sites provide a valuable service
to the Internet community, especially for new users.
AdsJunction.com Ad Network
Natural Selection.
:)
If only this applied to computers
"...and we shall call it Skynet."
how would you know [that you've been virus free without installing antivirus software]?
Periodically launching IE (after having firewalled it to connect only to microsoft.com and trendmicro.com) and going to Trend Micro's HouseCall site will tell you whether you have a virus on your machine, and you don't even need to pay for virus definition updates. Run a HouseCall scan overnight once a week (put something in Scheduled Tasks to remind you), and you'll be able to tell Windows XP SP2's security wizard the truth that you are already taking antivirus measures without having to shell out for Norton.
FWIW, readers should always understand that when they read a news story they are getting a reporter's interpretation of an interview that itself attempts to simplify a larger story. Inevitably, this means that technical details don't survive the translation. To wit, on the second page of the proposal we write: While it is tempting to repurpose the epidemiological models of infectious disease in humans [29], Internet pathogens are in fact quite different--they are authored by intelligent adversaries. Consequently, traditional stochastic analyses are highly fragile tools for predicting the dynamics or limitations of future outbreaks. For those actually interested in what our center is planning to do, I've made the proposal and the summary available. It also gives some insight into what an NSF grant proposal looks like for those who are curious. - Stefan
I am somewhat surprised that virus writers do not use virus ecology/biology more.
In real Life, the really nasty, viruses are the ones that have a comparitively low lehatlity. This allows the infected hosts to continue spreading for a long time. And/Or the (early) symptoms are pretty mild, so hosts will often ignore them.
Hmmm... sounds like most mail relay trojans. I know a few people who *continued* to use thus infected machines, because the inconvenience of cleaning it up is more work for them than having a slower connection now and then. They did not care that they were hosting a trojan.
Xix.
"Everything is adjustable, provided you have the right tools"
But I honestly think the only way we are ever going to alleviate this problem is by writing, as some others have done recently, "virii" to exploit these know holes and patch the machines they exploit.
Then of courseon could forsee a sort of arms race whereby virus authors write in the ability to stop another program from using the same exploit to gain entry to the machine and patch it. So basicly it would be an early bird gets the worm sort of scenario where whomever infects the machine first wins.
Still I think its better than leaving it up to a bunch of lazy computer users who make the rest of the world suffer because they are either too inept or too lazy to patch their machines.
"The saddest words of mice and men, are not those which were, but should have been."
Organisms can die from diseases. A virus won't destroy a computer, the worst case scenario is a wipe and fresh install. This means that Microsoft can make their software bug-ridden.
Maybe if viruses were to fry hardware, we could see some improvements.
The problem with the terminology (and attempts to use it as a model) is that it implies that human diseases and computer viruses are somehow based on the same mechanisms and can be fought in similar ways. This is obviously untrue. Human and computer viruses may spread in similar patterns, that's not related to how they work, rather the way they are transmitted. A forest fire also spreads by contact.
A better analogy for computer viruses (and trojans and spyware and worms) is the "parasite", since this is a general form that is found at many, many levels: parasites in our blood, in our cells, in our societies, even in our genes. (The bulk of genetic material appears to consist of parasitic DNA).
Looking at computer malware as a disease misses the point. Actually, looking at human viruses as "diseases" also misses the point.
The thing about parasites is that they are inevitable but that there is an implicit balance between a parasite and its host population that generally ensures that the parasite adapts to becoming less harmful and eventually passive or even cooperative. (Which is why there are ten bacterial cells for every human cell in your body).
Parasites only get out of control when the host population has insufficient variation. It's not a troll to say that the Windows monoculture is the fundamental cause of the current plague of malware.
Variation is the basic solution to parasitic behaviour. Given that, parasites will move only slowly, will adapt to causing less harm (or they will kill their hosts and die as well), and will eventually form the basis for an immune system (fighting off other parasites).
It's inevitable that 60-70% of all software running on all computers will, eventually, be parasitic.
This topic was explored in some detail by HeironymousCoward on Slashdot, about a year ago.
Sig for sale or rent. One previous user. Inquire within.
...for the parent post's suggestions, point-for-point:
/.ers out there---that means bathing/showering, shaving/haircut and brushing teeth) and exercise regularly (ie. stand up and move around--outside of the basement when you can)
- avoid drugs and alcohol
- avoid saturated fats
- wear a condom if you screw around
- practise good hygeine (hint for some of the
- get that funny mole checked out if it gets bigger or suddenly loses or grows hair
- get your flu shot
BTW...if you don't rely ona virus scanner, how do you know you've never had a virus on your PC? Without scanning your PC these days, you could have one and never know because the paylod didn't damage anything important, or bugs in the virus code or your particualr configuration prevented it from invlicting damage...
Anyways, I don't have to do a bunch of research to tell you what comuting is like in human terms:
- We are currently in mediaeval times. The unwashed masses are ruled by the tyrant King William (Gates) III and are subject to his whims. The fear of MSGod drives them to give tithes to the church of Pope Steve Ballmer.
- The unwashed masses are relatively ignorant and are truly unwashed...poor hygeine is rampant, as is malnutrition, making conditions ripe for major plagues
- the privleged MSCE Nobles who know better build fortresses...with moats and "firewalls"...to protect their domains from the savage outside world
So look to the middle ages to see what computing has in store for us in the near future. There is hope though:
- Linus Torvalds and his merry band of rebel bandits are out trying to steal market share from the rich to share with the poor. (yeah I know...Robin Hood is legend not history...whatever)
- A holy man--one Eric Raymond--has written a protest against the indulgences of the powers that be and nailed it to the door of the cathedral...for all in the bazzar to read.
There is a little optimisim trying to crawl out from the rock that is the cynic in me...I'm waiting eagerly for the renaissance of Free Software (the rise of Democracy as it were)
Comparing every aspect of computing and networking to biology is not any less fallacious than trying to understand how does a car work looking at it like it was a biological organism. Real life has evolved randomly together with virii and parasites but all of the software including any kind of malware was intelligently designed. The most common misconception resulting from such a reasoning is that computer malware will always be relatively harmless because killing the victim is not smart from any parasite's point of view. Wrong. A deadly worm quickly spreading and erasing all of the data an hour later would not survive so long as Code Red, but it doesn't have to survive in the first place if that is not important for its creator. Survival is not important because software doesn't have to live long enough to evolve. It is designed and created manually and then released. It can be written for months or years and then live only few hours if that is the purpose of writing it. I think that assessing the spreading patterns of Internet malware like those of human epidemics might be very interesting but there is a hidden fallacious reasoning that comparing the virii themselves to human diseases will somehow help fighting them which leads to concentrating on spectacular effects instead of boring causes of the problem. The problems are buffer overflows which can be completely eliminated, running code from untrusted sources, etc. It has nothing to do with literally anything known in the real world any more than proving a theorem does. Another thing is comparing Internet to a population and fighting malware in the context of epidemics. This is foolish. In reality, there is a user with a computer and her data. She can lose her data or some of her secrets may become public and in that case she won't say "that's OK because this epidemic disease is contained and the population of computer users will survive" because if she loses her work she doesn't care about other computers. When she gets broken into she shouldn't think "I am sure my system will keep working because killing it would be disadvantageous from the evolutionary standpoint for the software" becuase the ultimate reason of the attack is not just the existence itself. The reason may be getting user's credit card number or performing a DDoS attack. The reason may be causing panic by deleting everything. The reason may be anything. And the problem is not millions years of evolution side by side with parasites but using "gets" instead of "fgets." It's not that we don't know how does the malware work or that we cannot write secure code. Look at KeyKOS or EROS. Look at OpenBSD. Look at Debian. Do we have any "epidemics" there to contain and to fight? No. Such studies are interesting but only because observing symptoms and effects is interesting. If we really want to stop malware we should start from reading the source code of EROS instead of analysing global patterns in problems with Windows. Please read this paper from 1979: GNOSIS: A Prototype Operating System for the 1990s. The problem is that we have 2004 and still the most popular operating system completely ignore the solutions from the 1970s.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
we're comparing human virus and computer virus, and that makes Microsoft the mucus membranes... right?
every day http://en.wikipedia.org/wiki/Special:Random