Slashdot Mirror
Peter Tippett on Biomedicine and Security
gManZboy writes "IT security borrows some of its most basic terminology (e.g., virus) from biomedicine. It's therefore no surprise then that some of the top minds in the field have backgrounds in biomedicine. Two such figure are Peter Tippett, CTO of Cybertrust, who earned a medical degree and went on to develop what later became Norton Antivirus; and Steve Hofmeyr, who studied the marriage of biology and computation at MIT and later founded Sana Security. In this roundtable discussion, the two discuss how biomedicine informs their thinking about security and when and when not to apply the metaphor. Of particular note is their discussion of the pros and cons of using both signature and non signature-based methods of intrusion detection."
It doesn't seem to matter what they discuss. The media just grab on to words like virus and have themselves a field day, trying to scare people and sound educated.
Leaves those of us who are english geeks frustrated with word misuse, but for the average person, it's irrelivent it seems.
Luke
----
Have a webpage that teaches computer basics too? Contact me. Maybe we can swap links.
A good article/interview. It makes sense that the biomedical field can contribute to the study of computer viruses considering that the bio and computer type seem to at least "infect" in the same manner. And, in both cases, there are "vectors" for how viruses invade a host. Perhaps there is cross-over from other fields as well. It would be interesting to do a little digging to see what other fields can or do provide the same sort of effect.
http://www.busyweather.com/
There have always been similarities and overlap between the worlds of biology and computer science. Nowhere is this more evident than in computer security, where the basic terminology of viruses and infection is borrowed from biomedicine.
The two participants in this month's conversation, Peter Tippett and Steven Hofmeyr, both come from backgrounds in the life sciences that led them to become leaders in the field of computer security.
Tippett, who refers to himself as "one of the graybeards" of the field, has both an M.D. and a Ph.D. in biochemistry from Case Western Reserve. He created "a little software company" and built the first anti-virus product that evolved into Norton Anti-Virus. His company, Certus International Corporation, merged with Symantec in 1992, and Tippett was made director of security and enterprise products at the Peter Norton Group of Symantec. Tippett advised the Joint Chiefs of Staff on cyberwarfare during Desert Storm. The national media often turns to him as their expert during news stories about computer security. He is now chief technology office of Cybertrust, a $160 million company created in 2004 through the merger of Betrusted and Trusecure. Based in Herndon, Virginia, Cybertrust provides information security technologies and services to companies and governments worldwide.
Hofmeyr is newer to the field, earning his Ph.D. from the University of New Mexico in 1999. His research investigated the crossover between biology and computation, and his studies also took him to the Artificial Intelligence Lab at MIT. Using his research as a base he founded Sana Security four years ago and now serves as its chief scientist. Sana, based in San Mateo, California, makes host-based intrusion prevention software. In 2003, MIT's Technology Review named Hofmeyr as one of the top 100 young innovators under 35.
There must be a wacky ass doctor who came up with Worm and Trojan. Sounds more like a gnarly pron
"Simplify, simplify, simplify!" Thoreau
Asian Anti-Virus product for win3.1 and 95/98 was Dr. Ahns Anti-virus. Just like whith these gentlemen it got its start due to its founder being a medical doctor. Since he was the only person in his lab (IIRC he was a pathologist.) who knew anything about computers when they got an infection he was "nominated" to disinfect the computer. He said he was fascinated by how much computer viri actually resembled biological viri in the way they worked and spread. The end result became Dr. Ahns Anti-Virus, which IIRC was bought out in the late 90's by Symantic.
I'm sorry, I'm to tired to be witty at the moment so this message will have to do.
How VERY interesting!
Now, can we please get back to bashing M$ and worshipping Google no matter what they do?
Thanks!
pee pee in yuor pantaloons
I think the layering notion, i.e. combining several different methods of AV protection operating at different levels of system granularity and with different detection methodologies is certainly an interesting one. I'm not sure if I buy the idea that the market is somehow adverse to this, unable to implement it, or stuck in a rut. It seems very easy to toss out the argument that people didn't want a heuristic detection method from norton, because they had become accustomed to McAffee's signature based approach, but I really think it wouldn't have been that difficult to combine the approaches in a single bundled package a long time ago. To go on a nostalgia trip, I remember back in the day even when people started coming out with those 'roll your own' virus engines for script kiddies, which allowed some minor tweaking and customization to foil straight signature approaches. Meanwhile, those crazy bastards in Bulgaria were rumored to be playing with polymorphic virii. To my mind, the problem really isn't one in which a straight biological infectation paradigm works, but one to which something akin to a biowarfare model is more appropriate. Remember that these things don't mutate on their own, but that there will always be a move-countermove going on somewhere. It's the same old thing - if you build better tank armor, someone will come up with better armor piercing rounds, etc.
Makes sense to marry the two fields... after all, biology at it's most simple interpretation comes down to a positive or negative particle. Plus - minus, one - zero... see??
Well, they made somd nice connections and analogies about a decade ago! So that must mean they're computer authorities! I feel a sudden urge listen to anything they say about computers and be amazed at their wisdom!
True, here are some sound connections there, and some nice analogies, but the buck stops short, real short, of me trying to apply comparisons like that to any of my own programming. Really, this is a nice idea, but is it practical to spend time focusing on something like this?
...has anyone else felt that the interview ended rather abruptly? I mean, just as they were starting to debate over the issues of technological improvement versus stability, there was nothing left. Was the ensuing conversation too embarassing to be recorded, or did the interviewer get too engrossed in listening to the arguments to write the rest of the interview down? Usually, the interviewer gets the last word (whether it's a brief "thank you for your time" or a quick summary/conclusion). What happened this time?
Otherwise, I found this a very interesting read. I've always wondered why people prefer signature-based active detection over the passive method of hashing (and checksumming) all the critical system files. I use the freeware Tiny Personal Firewall 2 (subsequent versions suck), which happens to include a feature that informs me if an application trying to connect out or listen for connections has had its MD5 changed. While it is particularly painful when a system file gets tampered with (a message pops up every time the modified executable tries to interface with the network and the messages won't stop appearing until the change is accepted), it was crucial in my finding that my Firefox executable had been modified without my knowledge.
The other thing I found interesting is the remark that the internet has lost its innocence. Back even ten years ago, so-called hackers were either kids too smart for their own good, or script kiddies wanting to impress their friends by opening CD trays. Those who exploited security holes for money were a minority. These figures have flipped over the past seven or eight years; today's equivalents are largely in it for the financial gains, with the ones feeling adventurous being in the minority now. When they were talking about worms being less prevelant these days and how it's possible we've seen the end of virii like Sasser and Code Red, I find myself wondering if the internet has left (or is in the process of leaving) its adolescence phase and has fully matured.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
I never really realized exactly that so many medical persons were really actually applying their knowledge to computers. Now it's time for Steve Jobs to give me new kidneys.
I've noticed that when a great university's research is mentioned, they always mention the name of the university; not so for lesser institutions. There's a lot to be said for reputation and plain old momentum in academia.
What, exactly, is "biomedicine?" Isn't that kind of like "technocomputers" or "kleptorepublicans?"
Or is it just a way for plain ol' medicine to sound cooler and get more research grants?
If you mod me down, I shall become more powerful than you can possibly imagine.
As far as I know there are two different things:
1)Biology, which is a science dedicated to the study of life and its laws. Its ultimate purpose is aquiring knowledge, not making money.
2)Medicine, which is a profession and a business dedicated to healing people and making money in the process by exploiting human misery. Medicine is much closer to law than to science because law too is a profession and a business dedicated to sucking money from people by exploiting human misery.
The US classification of academic degrees takes into account this difference. MD and DJ (Doctor of Medicine and Doctor of Law) are professional degrees, not scientific degrees.
If you believe in evolution, at least in survival of the fittest, you'll quickly understand that in the fight for survival, pretty much any mechanism that can be used will be tried. That's why you get parasites with parasites, why you get half alive creatures like virii, and, why you get infections - if there's a way to get yourself a bit further ahead, you use it.
In any case, there's no surprise in my mind that people chose biology analogies when confronted with novel concepts - you can always find an analogous situation in biology no matter how bizzare the situation is.
As for naming Trojans, mythology dies hard sometimes, even amongs computer geeks and biologists.
The more you know, the more you know you don't know.
As far as I know, Peter Norton wrote Norton Anti-Virus.
Thank you for the illuminating post!. About the similarities between medical doctors and lawyers, see wikipedia
http://en.wikipedia.org/wiki/J.D.
For lawyers a scientific doctorate is J.S.D. (Doctor of Juridical Science). I am not sure about physicians; probably they can get PhDs in biology but not in medicine (after finishing medical school)
At times medicine can be considered as a science because now and then it uses the scientific method. Slowly it is getting closer to a real science, last 80 years, since 1920+ is has even started to use mathematical modeling a little bit. Sure there will be a long way, decades, maybe centuries, until it will reach the maturity of real, hard sciences like physics and astronomy. The human body is a very complicated machine, it takes a long time to understand how it functions and to describe it mathematically.
after all, biology at it's most simple interpretation comes down to a positive or negative particle.
I know you're joking, but at this point you have devolved it to physics, not biology or even chemistry.
If I remember correctly, back in 1927 or 1928, Kermack and McKendrick, two Scottish physicians wrote a system of differential equations for the propagation of epidemic diseases and applied them successfully for the description of observation data regarding the propagation of Black Death in India (possibly Bombay) at the beginning of the 20th Century. Were there any others before them?
He said he was fascinated by how much computer viri actually resembled biological viri in the way they worked and spread.
Nature and virus writers both converged on the same (only?) optimal solution.
And this was back in the 18th Century!. This guy
(http://en.wikipedia.org/wiki/Euler) was the greatest mathematician of all times.
computer viri actually resembled biological viri
The plural of virus is viruses. Thanks for playing, better luck next time.
Nowdays biology uses a lot of mathematics, much more than medicine, and I am not talking about bioinformatics, a discipline which is not as mature as mathematical biology. For example, population genetics has used sophisticated mathematics from its beginning in early 20th Century. Usually the mathematical methods and techniques are imported from physics and chemistry to biology. In the case of population genetics, the situation is different, mathematical methods first developed in biology were imported to physics, chemistry and computer science (for example the genetics algorithms)
Unfortunately, in medicine there are only rudimentary applications of mathematics (a little bit in pharmacokinetics, pharmacodynamics and toxicology, statistical planning of clinical trials, statistics in epidemics, etc). There are also large scale computations for the prediction of behavior of biomacromolecules, but this field involves a lot of biology, biophysics, biochemistry, bioinformatics and only a little bit of medicine.
Today a physician or surgeon can be a great healer even though he believes that man was created by god from earth and did not evolve from other animals. This is impossible for a biologist, without evolution, in the 21th Century biology does not make sense.
Medicine is very limited, it only cares about illnesses and curing them. In biology, the study of pathology is a minor issue. The grand questions of biology are of the type: What is life? How did dead matter became alive? How has man evolved from other animals?, etc. For medicine such great questions are not only irrelevant, but counterproductive.
I guess inserting a few words that sound like your're a real genius, like "immunological system" will promote their anti-virus software, won't it? Even though it doesn't resemble it in the least.
Who are these guys kidding? They're part of the problem. They make obscene ammounts of money on a diseased platform (now there's a good biological metaphor).
If they were really up to it, they'd be working on cutting-edge stuff like capabilities. Even relatively simple measures like those taken by some UNIXes have succeeded more than that Windows PR BS. Of course, that would mean ditching Windows, and that's a real stupid choice for the money-makers/user-pimps.
Main difference between the BSD license and the GPL license: one is from California and the other is from Massachusetts
Yeah yeah, revisionist history once again...
:P
Virii was used long prior to the prototypical 'macro virus' used almost exclusively today.
Is it bad that I remember virii that were considered "huge" when they were over 512b or 1k in size?
IT security borrows some of its most basic terminology (e.g., virus) from biomedicine. It's therefore no surprise then that some of the top minds in the field have backgrounds in biomedicine.
What? IT security also borrows some of its basic terminology from construction ("firewall"). Shouldn't these people be architects?Einstein was a Deist or a Pantheist, not a really religious man. Something that all laws of nature put tohether, that is God. In addition he believed that the laws of nature are NOT proabilistic, this was his true religion. Remember, he said 'God does not play dice'.
Of particular note is their discussion of the pros and cons of using both signature and non signature-based methods of intrusion detection.
signature based == $$$$ from signature updates
non-signature based: Tight sandboxing around network priviledged apps, and new 'untrusted' content on the system. Behavioural monitoring, like an internal firewall - mime type priveledges - hang on '-rwxr-xr-x ana.kournivova.jpg' cannot access other executable files! It is not allowed to!
-rwxr-xr-x gimp however is allowed to read and list filre system, and access and modify all image* mime types. (and compressed files that contain image mime types etc like svg.gz).
So there you have it. How to remove viruses, like an internal firewall of application permissions (which is already inherent with run as user and stuff, but mime type priviledges are a new idea I think).
To confirm you're not a script,
please type the word in this image: skidding
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
What most people don't realize is that the field of biology, or more specifically, microbiology is incredibly dependant on computer technology.
When you are talking about sequencing DNA, you are talking about building a massive database. With an insane number of cross-connections.
The ability to DO microbiology at the level we are now able is pretty much codependant on the development of the computer technology needed to process this incredible quantity of information.
It's been said that a single human DNA sample contains about 20 GB of data. Not 20 GB of static, self-standing, serial MP3 files, but 20 GB of heavily dependant, interlinked, cross-connected, pseudo-relational data.
And, this doesn't take into account recent studies which indicate that DNA might not even represent the majority of the information needed to keep a cell working.
You can't process that kind of information, and all those cross-dependencies without some serious hardware backing you up, and so the rise of microbiology is closely intertwined with the rise of powerful, compact, reliable computing resources.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
As opposed to what kind?
Introducing new predators into an existing ecosystem can increase the overall diversity as they become keystone predators. This effect is seen even if the predator doesn't preferentially hunt the former dominant species, though it can be amplified in that case. In extreme cases, the former dominant species is replaced by other species, though the former dominant species doesn't necessarily go extinct.
What does this have to do with computers? The Internet has changed significantly in the last few years. Broadband connections are fundamentally different from dialup connections. First, obviously, they are much faster. Second, they are 'always on'. As broadband has spread, a new ecological niche has opened up - that of spyware/adware.
Even if it were just malicious teenagers writing these things, they'd be a significant problem. But there's a business model now - (unethical) people can make money with this stuff. Ads, selling demographic info, redirecting referral clicks, spam, protection rackets, fraud and identity theft. Of course, these guys are preferentially hunting Windows boxes right now. They're the current dominant species, and tend to be easy to subvert.
I think spyware is going to be the keystone predator of the operating system ecology. And I think we're going to see a lot more diversity in that area in the future.
PHEM - party like it's 1997-2003!
Anyone who had much ME or EE would have refered to an out-of-control compounding of virii+worms+hacks as positive feedback and not "... It's almost the definitive negative feedback loop...."
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
The difference is that doctors don't actually *fix* patients. They can't make wounds heal, they can only assist the body's self healing process. If they could, no one would ever die from old age. On the other hand, engineers have no help fixing things that are broken -- a piece of software won't debug itself.
That is also why the bio-analogy is total BS. Life can evolve and adapt without the help of a creator. Techical systems on the other hand are constructs that depend on someone to build and update them.
Hello,
This was a while ago, so I don't have exact dates but Peter Tippett founded a company named FoundationWare around 1987-1989 nwhich made an integrity checking program called Vaccine. Vaccine was eventually renamed to Certus and the company followed suit in the early 1990s, renaming itself after its flagship product.
Certus was initially an integrity checker and behavior blocker. The integrity checker calculated a CRC or hash value on files and system areas, stored them in a database and compared the two to look for differences which could be the result of viruses. The behavior blocker looked for "virus-like" behavior (attempts to write to boot sectors of floppy diskettes, master boot records of hard disk drives, executable files and so forth) and prevented/required prompting to allow the changes to occur. Later on, a "standard" signature-based scanner was added to the suite, but I don't think this was updated as frequently as those from companies who developed them as a primary means of protection.
In late 1992, Symantec completed its acquisition of Certus. At that point, Symantec had already acquired Peter Norton Computing, Inc. (PNCI) and had moved forward with Norton Anti Virus (NAV), scrapping their own DOS-based anti-virus product, which was code-named Andromeda. The primary reason they grabbed Certus was to incorporate the integrity features into the product--I don't know if this happened--and to consolidate marketshare, which did.
I was working at McAfee Associates at the time of the acquisition and while the move was viewed with interest, there was not any particular alarm on our part. Stealth viruses (viruses which hooked the interrupts managing disk and file I/O and redirected attempts to look for themselves or stripped copies of the viral code off the file before passing it to the requesting program) were becoming more and more common which limited the effectiveness of integrity management programs since a stealth virus would pass "clean" copies of the infected disk structures or files back and behavior blockers were viewed as ineffective because of the high false-positive rate. Perhaps someone who was at Symantec at the time of the acquisition could give a better view of what was going on at the time.
Regards,
Aryeh Goretsky
Dexter is a good dog.