Slashdot Mirror
Assessing Internet Viruses Like Human Epidemics
underpar writes "This ComputerWorld.com article discusses the UCSD's $6.2 million attempt to study Internet viruses in a manner similar to the study of human epidemics. Stefan Savage, a computer science professor, is quoted in the article as saying, 'We'll be focused on what vectors are used, just like in assessing West Nile, to spread computer viruses and ultimately try to develop defenses to prevent them from spreading.'"
This hardly seems like a novel idea. Isn't the whole calling a computer virus a "virus" supposed to help us understand it in a biological/human way?
"I must not fear. Fear is the mind killer." -Bene Gesserit Litany Against Fear
"...just like in assessing West Nile, to spread computer viruses and ultimately try to develop defenses to prevent them from spreading.'"
Ummm, don't use windows?
Sorry, had to say it.
Humans can't.
Bored? Visit my exciting counter page!
Why not study it like they do the AIDS virus? That is, it's obvious that certain behavior will greatly increase the risk of infection, and some, based on location and lifestyle (OS) have very little chance of infection at all.
"Somebody has to do something. It's just incredibly pathetic it has to be us."
--- Jerry Garcia
This is an interesing academic exercise, but the basic defenses that have been preached for years work just fine:
- Avoid IE for surfing
- Avoid OL/OE for eMail
- Firewall (in and out) all OSes with large numbers of exploitable bugs
- Automate patching
- Warn on Anomolous behavior
- Have a virus scanner that is up to date
I don't even rely on the last one and I've been virus free for the past 9 years!
We all know how smallpox spreads. We do not know how to cure it.
We know how viruses spread, but we only know how to remove it from a computer, not how to fix the problems of viruses.
This study will show us where to put better virus filters, which is useful, but it will not tell us how to stop the creation of viruses and malware, which is what we really need.
Mod Wisely.
Computer virusen are actually like STD's. Windows has sex like crazy without any protection, and of course Linux doesn't have sex at all, just like its users. :)
It was a really good paper.
This hardly seems like a novel idea. Isn't the whole calling a computer virus a "virus" supposed to help us understand it in a biological/human way?
I don't like likening malicious computer use to biology. If we call Sasser a "virus", then we would likewise have to call port-scanning a "forcible proctology exam".
You don't want to know what buffer-overflow exploits would be called...
It will amount to the equivilent of "the virus seems to be spreading because mankind has taken to licking diseased rats. Also, the new trend of sneezing directly into each others mouths also appears to account for some of the outbreak..."
If humans were susceptible to as many viruses as Windows, we would all be dead.
The best solution, in my humble opinion, is quarantine. Get the infected user off the Internet. My ISP does it and hopefully many others do too.
Desktop computers, on the the other hand, are not static systems at all. So there's no really good way for a system to differentiate what's not really supposed to be there from something that was deliberately put there by the user. As I said, this isn't a problem for a living organism because that's a closed system, and anything new that gets put into it, without suitable precautions taken beforehand, will be attacked by the body's defenses as a foreign invader. Such a mechanism implemented on a desktop computer would render the computer practically useless for anything that we take for granted that programmable computers do today.
File under 'M' for 'Manic ranting'
1) Monoculture is bad in containing viral spread (good for other operating systems)
2) Since viruses cannot be totally eliminated, a virus resistant host is important (good for most other OSes)
3) Effective antivirus/vaccination efforts should be made (most open source OSes are intrinsically resistant to attack)
4) Public education to help prevent risky behaviors (open OS users are generally much more computer adept)
See a pattern here?
I'm involved in the center, at ICSI in Berkeley.
If people have questions, feel free to ask.
Test your net with Netalyzr
In a biological system (an ecosystem) you want a large diversity of species participating in the system, so that environmental fluctuations and pathogens don't wipe out large parts of the ecosystem all at once.
If you extend this to interoperating computer systems, then ideally you want a variety of platforms (indeed, operating systems but also processor architectures and device types).
Periodically I get frantic messages from members and friends with "important messages" about new email and
computer viruses that are actually hoaxes. While savvy Internet users can usually immediately spot the hoaxes,
many of our members can be both intimidated and frightened (not to mention the time and effort wasted when the
messages are passed back and forth, to spread these 'alerts/hoaxes'). Running virus checking software can also be
a very time-consuming endeavor (especially on a large Local Area Network), when you find that you have
stopped everyone from working for several hours to check for a hoax, it can be really embarrassing.
My advice is to do a little checking on your own before you excitedly message all of your friends and associates,
and possibly embarrass yourself by wasting a lot of their time. Here are some of the better sites that track both
email and other computer viruses and virus hoaxes. I rely heavily on the U.S. Department of Energy Computer
Incident Advisory Capability's (CIAC) Internet Virus Hoaxes page, but the others all have good and usually
current information.
Between them, they describe more than a dozen hoaxes, from Good Times, to PENPAL GREETINGS, to Join
the Crew. Background, including the actual "warning" message is provided. These sites provide a valuable service
to the Internet community, especially for new users.
AdsJunction.com Ad Network
Natural Selection.
:)
If only this applied to computers
how would you know [that you've been virus free without installing antivirus software]?
Periodically launching IE (after having firewalled it to connect only to microsoft.com and trendmicro.com) and going to Trend Micro's HouseCall site will tell you whether you have a virus on your machine, and you don't even need to pay for virus definition updates. Run a HouseCall scan overnight once a week (put something in Scheduled Tasks to remind you), and you'll be able to tell Windows XP SP2's security wizard the truth that you are already taking antivirus measures without having to shell out for Norton.
FWIW, readers should always understand that when they read a news story they are getting a reporter's interpretation of an interview that itself attempts to simplify a larger story. Inevitably, this means that technical details don't survive the translation. To wit, on the second page of the proposal we write: While it is tempting to repurpose the epidemiological models of infectious disease in humans [29], Internet pathogens are in fact quite different--they are authored by intelligent adversaries. Consequently, traditional stochastic analyses are highly fragile tools for predicting the dynamics or limitations of future outbreaks. For those actually interested in what our center is planning to do, I've made the proposal and the summary available. It also gives some insight into what an NSF grant proposal looks like for those who are curious. - Stefan
Organisms can die from diseases. A virus won't destroy a computer, the worst case scenario is a wipe and fresh install. This means that Microsoft can make their software bug-ridden.
Maybe if viruses were to fry hardware, we could see some improvements.
Well, if the security of the average Linux distro will not get better this is an accident just waiting to happen.
Most Linux distros relies on the same types of protection of illegitimate use as windows. Just like in windows we have users and groups with read, write and execute permissions. It is therefore likely to have similar problem if sombody decides to write malware like viruses.
So far this has been fairly uncommon, perhaps because there are more constructive ways for hackers to make a difference in the open source world than in the land of Microsoft.
Furthermore, Linux have the advantage of having more skilled users than windows. The average Linux user would be much harder to fool into open e-mail attachments etc than the average Windows user. But as the use of Linux becomes more widespread we can assume that it will get into the hands of users just as badly educated as the average windows user usually is. They will run their systems as root and do stupid things just like they do in windows today. As a result we will see more problems on the Linux platform.
The fact is, that if you avoid MS-Outlook, don't open attachments from unknown people, make sure that you always have the latest security patches from Microsoft installed, the chance of getting hin in windows is quite small. So far I have never had a windows virus, neither have my wife and we have used windows since the release of NT4.
Clearly both Linux and Windows needs enhancements to protect it from clueless users. Microsoft will probably try to do this by shutting the user out of his computer and only allow trusted software to run through the use of their TCPA system.
In Linux we have the SELinux stuff NSA put into the latest 2.6x kernel series that provides mandatory security. It makes it possible to on an application basis control what files an application may read. write, execute or even see regardless of what user that runs the application including root. In similar way it is possible to control what capabilities an application have with regards to e.g. networking or memory.
In this kind of system anything that isn't explicitly allowed is forbidden so if you have a good security policy a virus would be allowed to do very little harm and have limited ability to spread.
E.g you could configure your system to refuse to execute anything downloaded by mozilla or you favorite e-mail client until you explicitly allow it from a password protected user role. This would of course not prevent mozilla from doing some harm if the virus was running within the mozilla process perhaps as a result of a buffer overflow security breach. But even here SELinux could help. If mozilla only could see html files and only was allowed to alter them if you had the role of webmaser the damage would be limited.
So, Linux already have the tools to be secure. The problem is that they are not widely used, and in the cases they are, security policys are often to lenient. One reason for this might be that the tools for creating policys are too hard to use.
I'm happy to see that SELinux is enabled by default in the new Fedora Core 3 test release.
God is REAL! Unless explicitly declared INTEGER
The problem with the terminology (and attempts to use it as a model) is that it implies that human diseases and computer viruses are somehow based on the same mechanisms and can be fought in similar ways. This is obviously untrue. Human and computer viruses may spread in similar patterns, that's not related to how they work, rather the way they are transmitted. A forest fire also spreads by contact.
A better analogy for computer viruses (and trojans and spyware and worms) is the "parasite", since this is a general form that is found at many, many levels: parasites in our blood, in our cells, in our societies, even in our genes. (The bulk of genetic material appears to consist of parasitic DNA).
Looking at computer malware as a disease misses the point. Actually, looking at human viruses as "diseases" also misses the point.
The thing about parasites is that they are inevitable but that there is an implicit balance between a parasite and its host population that generally ensures that the parasite adapts to becoming less harmful and eventually passive or even cooperative. (Which is why there are ten bacterial cells for every human cell in your body).
Parasites only get out of control when the host population has insufficient variation. It's not a troll to say that the Windows monoculture is the fundamental cause of the current plague of malware.
Variation is the basic solution to parasitic behaviour. Given that, parasites will move only slowly, will adapt to causing less harm (or they will kill their hosts and die as well), and will eventually form the basis for an immune system (fighting off other parasites).
It's inevitable that 60-70% of all software running on all computers will, eventually, be parasitic.
This topic was explored in some detail by HeironymousCoward on Slashdot, about a year ago.
Sig for sale or rent. One previous user. Inquire within.