Slashdot Mirror
Peter Tippett on Biomedicine and Security
gManZboy writes "IT security borrows some of its most basic terminology (e.g., virus) from biomedicine. It's therefore no surprise then that some of the top minds in the field have backgrounds in biomedicine. Two such figure are Peter Tippett, CTO of Cybertrust, who earned a medical degree and went on to develop what later became Norton Antivirus; and Steve Hofmeyr, who studied the marriage of biology and computation at MIT and later founded Sana Security. In this roundtable discussion, the two discuss how biomedicine informs their thinking about security and when and when not to apply the metaphor. Of particular note is their discussion of the pros and cons of using both signature and non signature-based methods of intrusion detection."
It doesn't seem to matter what they discuss. The media just grab on to words like virus and have themselves a field day, trying to scare people and sound educated.
Leaves those of us who are english geeks frustrated with word misuse, but for the average person, it's irrelivent it seems.
Luke
----
Have a webpage that teaches computer basics too? Contact me. Maybe we can swap links.
A good article/interview. It makes sense that the biomedical field can contribute to the study of computer viruses considering that the bio and computer type seem to at least "infect" in the same manner. And, in both cases, there are "vectors" for how viruses invade a host. Perhaps there is cross-over from other fields as well. It would be interesting to do a little digging to see what other fields can or do provide the same sort of effect.
http://www.busyweather.com/
There must be a wacky ass doctor who came up with Worm and Trojan. Sounds more like a gnarly pron
"Simplify, simplify, simplify!" Thoreau
Asian Anti-Virus product for win3.1 and 95/98 was Dr. Ahns Anti-virus. Just like whith these gentlemen it got its start due to its founder being a medical doctor. Since he was the only person in his lab (IIRC he was a pathologist.) who knew anything about computers when they got an infection he was "nominated" to disinfect the computer. He said he was fascinated by how much computer viri actually resembled biological viri in the way they worked and spread. The end result became Dr. Ahns Anti-Virus, which IIRC was bought out in the late 90's by Symantic.
I'm sorry, I'm to tired to be witty at the moment so this message will have to do.
I think the layering notion, i.e. combining several different methods of AV protection operating at different levels of system granularity and with different detection methodologies is certainly an interesting one. I'm not sure if I buy the idea that the market is somehow adverse to this, unable to implement it, or stuck in a rut. It seems very easy to toss out the argument that people didn't want a heuristic detection method from norton, because they had become accustomed to McAffee's signature based approach, but I really think it wouldn't have been that difficult to combine the approaches in a single bundled package a long time ago. To go on a nostalgia trip, I remember back in the day even when people started coming out with those 'roll your own' virus engines for script kiddies, which allowed some minor tweaking and customization to foil straight signature approaches. Meanwhile, those crazy bastards in Bulgaria were rumored to be playing with polymorphic virii. To my mind, the problem really isn't one in which a straight biological infectation paradigm works, but one to which something akin to a biowarfare model is more appropriate. Remember that these things don't mutate on their own, but that there will always be a move-countermove going on somewhere. It's the same old thing - if you build better tank armor, someone will come up with better armor piercing rounds, etc.
Makes sense to marry the two fields... after all, biology at it's most simple interpretation comes down to a positive or negative particle. Plus - minus, one - zero... see??
...has anyone else felt that the interview ended rather abruptly? I mean, just as they were starting to debate over the issues of technological improvement versus stability, there was nothing left. Was the ensuing conversation too embarassing to be recorded, or did the interviewer get too engrossed in listening to the arguments to write the rest of the interview down? Usually, the interviewer gets the last word (whether it's a brief "thank you for your time" or a quick summary/conclusion). What happened this time?
Otherwise, I found this a very interesting read. I've always wondered why people prefer signature-based active detection over the passive method of hashing (and checksumming) all the critical system files. I use the freeware Tiny Personal Firewall 2 (subsequent versions suck), which happens to include a feature that informs me if an application trying to connect out or listen for connections has had its MD5 changed. While it is particularly painful when a system file gets tampered with (a message pops up every time the modified executable tries to interface with the network and the messages won't stop appearing until the change is accepted), it was crucial in my finding that my Firefox executable had been modified without my knowledge.
The other thing I found interesting is the remark that the internet has lost its innocence. Back even ten years ago, so-called hackers were either kids too smart for their own good, or script kiddies wanting to impress their friends by opening CD trays. Those who exploited security holes for money were a minority. These figures have flipped over the past seven or eight years; today's equivalents are largely in it for the financial gains, with the ones feeling adventurous being in the minority now. When they were talking about worms being less prevelant these days and how it's possible we've seen the end of virii like Sasser and Code Red, I find myself wondering if the internet has left (or is in the process of leaving) its adolescence phase and has fully matured.
"If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
I never really realized exactly that so many medical persons were really actually applying their knowledge to computers. Now it's time for Steve Jobs to give me new kidneys.
What, exactly, is "biomedicine?" Isn't that kind of like "technocomputers" or "kleptorepublicans?"
Or is it just a way for plain ol' medicine to sound cooler and get more research grants?
If you mod me down, I shall become more powerful than you can possibly imagine.
If you believe in evolution, at least in survival of the fittest, you'll quickly understand that in the fight for survival, pretty much any mechanism that can be used will be tried. That's why you get parasites with parasites, why you get half alive creatures like virii, and, why you get infections - if there's a way to get yourself a bit further ahead, you use it.
In any case, there's no surprise in my mind that people chose biology analogies when confronted with novel concepts - you can always find an analogous situation in biology no matter how bizzare the situation is.
As for naming Trojans, mythology dies hard sometimes, even amongs computer geeks and biologists.
The more you know, the more you know you don't know.
As far as I know, Peter Norton wrote Norton Anti-Virus.
after all, biology at it's most simple interpretation comes down to a positive or negative particle.
I know you're joking, but at this point you have devolved it to physics, not biology or even chemistry.
He said he was fascinated by how much computer viri actually resembled biological viri in the way they worked and spread.
Nature and virus writers both converged on the same (only?) optimal solution.
I guess inserting a few words that sound like your're a real genius, like "immunological system" will promote their anti-virus software, won't it? Even though it doesn't resemble it in the least.
Who are these guys kidding? They're part of the problem. They make obscene ammounts of money on a diseased platform (now there's a good biological metaphor).
If they were really up to it, they'd be working on cutting-edge stuff like capabilities. Even relatively simple measures like those taken by some UNIXes have succeeded more than that Windows PR BS. Of course, that would mean ditching Windows, and that's a real stupid choice for the money-makers/user-pimps.
Main difference between the BSD license and the GPL license: one is from California and the other is from Massachusetts
I think this statement might be a little overstated. The field of artificial immune systems was well established well before Hofmeyr arrived on the scene.. In addition to what wikipedia says, one can trace its roots back to the 1960s with the likes of John Holland and genetic algorithms. (If I remember correctly, Holland was a supervisor for Stephanie Forrest, who in turn was Hofmeyr's supervisor)
Where Hofmeyr differs from the other researchers in this field is that he is the first (at least the first I am aware of) to attempt to make a viable product using the negative selection paradigm.
IT security borrows some of its most basic terminology (e.g., virus) from biomedicine. It's therefore no surprise then that some of the top minds in the field have backgrounds in biomedicine.
What? IT security also borrows some of its basic terminology from construction ("firewall"). Shouldn't these people be architects?It's true what you say about physicians. It is kind of strange...Then again, Einstein believed in God. There needs to be more of a Biological culture in the medical field. OTOH, in the end, Medicine is about treating patients, in the end (regardless if the physician only does research - even with computers).
Pathology is not irrelevant. For Biologists, it is sometimes as if organisms function at their prime, at all times, and that's a very theoretical and unrealistic viewpoint, that often leads to oversimplifications. In fact, the lack of study of Pathology in Biology leads to a lack of insight in the understanding of major phenomenons, like host-parasite interactions, aging, mutations, etc.
Main difference between the BSD license and the GPL license: one is from California and the other is from Massachusetts
What a load of opinionated BS.
If you had done any readings in Mathematics as it applies to Biology, you wouldn't post such stuff.
Main difference between the BSD license and the GPL license: one is from California and the other is from Massachusetts
Of particular note is their discussion of the pros and cons of using both signature and non signature-based methods of intrusion detection.
signature based == $$$$ from signature updates
non-signature based: Tight sandboxing around network priviledged apps, and new 'untrusted' content on the system. Behavioural monitoring, like an internal firewall - mime type priveledges - hang on '-rwxr-xr-x ana.kournivova.jpg' cannot access other executable files! It is not allowed to!
-rwxr-xr-x gimp however is allowed to read and list filre system, and access and modify all image* mime types. (and compressed files that contain image mime types etc like svg.gz).
So there you have it. How to remove viruses, like an internal firewall of application permissions (which is already inherent with run as user and stuff, but mime type priviledges are a new idea I think).
To confirm you're not a script,
please type the word in this image: skidding
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
What most people don't realize is that the field of biology, or more specifically, microbiology is incredibly dependant on computer technology.
When you are talking about sequencing DNA, you are talking about building a massive database. With an insane number of cross-connections.
The ability to DO microbiology at the level we are now able is pretty much codependant on the development of the computer technology needed to process this incredible quantity of information.
It's been said that a single human DNA sample contains about 20 GB of data. Not 20 GB of static, self-standing, serial MP3 files, but 20 GB of heavily dependant, interlinked, cross-connected, pseudo-relational data.
And, this doesn't take into account recent studies which indicate that DNA might not even represent the majority of the information needed to keep a cell working.
You can't process that kind of information, and all those cross-dependencies without some serious hardware backing you up, and so the rise of microbiology is closely intertwined with the rise of powerful, compact, reliable computing resources.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
How else would you put it? He was looking into the field of biocomputing and went to MIT, it does not say he ran the place!
The only reason some people get lost in thought is because it's unfamiliar territory.
Introducing new predators into an existing ecosystem can increase the overall diversity as they become keystone predators. This effect is seen even if the predator doesn't preferentially hunt the former dominant species, though it can be amplified in that case. In extreme cases, the former dominant species is replaced by other species, though the former dominant species doesn't necessarily go extinct.
What does this have to do with computers? The Internet has changed significantly in the last few years. Broadband connections are fundamentally different from dialup connections. First, obviously, they are much faster. Second, they are 'always on'. As broadband has spread, a new ecological niche has opened up - that of spyware/adware.
Even if it were just malicious teenagers writing these things, they'd be a significant problem. But there's a business model now - (unethical) people can make money with this stuff. Ads, selling demographic info, redirecting referral clicks, spam, protection rackets, fraud and identity theft. Of course, these guys are preferentially hunting Windows boxes right now. They're the current dominant species, and tend to be easy to subvert.
I think spyware is going to be the keystone predator of the operating system ecology. And I think we're going to see a lot more diversity in that area in the future.
PHEM - party like it's 1997-2003!
Anyone who had much ME or EE would have refered to an out-of-control compounding of virii+worms+hacks as positive feedback and not "... It's almost the definitive negative feedback loop...."
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
Remember when Niels Bohr proved him wrong?
This wasn't just plain terrible, this was fancy terrible. This was terrible with raisins in it. — Dorothy Parker
The difference is that doctors don't actually *fix* patients. They can't make wounds heal, they can only assist the body's self healing process. If they could, no one would ever die from old age. On the other hand, engineers have no help fixing things that are broken -- a piece of software won't debug itself.
That is also why the bio-analogy is total BS. Life can evolve and adapt without the help of a creator. Techical systems on the other hand are constructs that depend on someone to build and update them.
Hello,
This was a while ago, so I don't have exact dates but Peter Tippett founded a company named FoundationWare around 1987-1989 nwhich made an integrity checking program called Vaccine. Vaccine was eventually renamed to Certus and the company followed suit in the early 1990s, renaming itself after its flagship product.
Certus was initially an integrity checker and behavior blocker. The integrity checker calculated a CRC or hash value on files and system areas, stored them in a database and compared the two to look for differences which could be the result of viruses. The behavior blocker looked for "virus-like" behavior (attempts to write to boot sectors of floppy diskettes, master boot records of hard disk drives, executable files and so forth) and prevented/required prompting to allow the changes to occur. Later on, a "standard" signature-based scanner was added to the suite, but I don't think this was updated as frequently as those from companies who developed them as a primary means of protection.
In late 1992, Symantec completed its acquisition of Certus. At that point, Symantec had already acquired Peter Norton Computing, Inc. (PNCI) and had moved forward with Norton Anti Virus (NAV), scrapping their own DOS-based anti-virus product, which was code-named Andromeda. The primary reason they grabbed Certus was to incorporate the integrity features into the product--I don't know if this happened--and to consolidate marketshare, which did.
I was working at McAfee Associates at the time of the acquisition and while the move was viewed with interest, there was not any particular alarm on our part. Stealth viruses (viruses which hooked the interrupts managing disk and file I/O and redirected attempts to look for themselves or stripped copies of the viral code off the file before passing it to the requesting program) were becoming more and more common which limited the effectiveness of integrity management programs since a stealth virus would pass "clean" copies of the infected disk structures or files back and behavior blockers were viewed as ineffective because of the high false-positive rate. Perhaps someone who was at Symantec at the time of the acquisition could give a better view of what was going on at the time.
Regards,
Aryeh Goretsky
Dexter is a good dog.