Open Source Self-Healing Software For Virtual Machines

An anonymous reader writes Computer scientists have developed Linux based software that not only detects and eradicates never-before-seen viruses and other malware, but also automatically repairs damage caused by them. If a virus or attack stops the service, A3 could repair it in minutes without having to take the servers down. The software then prevents the invader from ever infecting the computer again. "It's pretty cool when you can pick the Bug of the Week and it works." (Here's a paper with more details.)

Immune system for operating systems?

[Archtech]

The analogy is a big stretch, as it would take a very long time and huge effort to approach the unbelievably complex sophistication of the immune system. But the outlines are there: software that detects previously unknown threats, quickly mobilizes to defeat them, and then stands guard against each (now known) threat in future.

Re:Immune system for operating systems?

[__aaclcg7560]

As a security remediation specialist, I doubt I'll be out of the job anytime soon in repairing systems that won't update on their own. Software can only do so much before it requires carbon-based intervention to fix.

Re:Immune system for operating systems?

[blue+trane]

Sadly, it's becoming all too true in factory farming.

Meat is murder.

Re:Wrong approach

[Archtech]

Er, did you realize that vaccination and other forms of inoculation consist of injecting a small sample of the bacterium, virus, etc. to give the immune system a smell of it? Then the immune system tools up and is ready for the full-scale infection if it occurs.

One of the many nice things about A3 is that (optionally) sysadmins could emulate inoculation by handing specific details of threats directly to A3 instead of waiting for it to detect them itself. That would eliminate delay and enable A3 to be lined up on the border with tank divisions, a howitzer every 2 yards, and millions of men when the invasion starts.

Re:Wrong approach

[kesuki]

the big problem with self-healing servers has always been getting in a restore lock from a polymorphic virus that essentially causes the machine to spend all its time restoring machines without ever being able to re-detect the polymorphic code.

As we say in help desk, get rid of users...

[__aaclcg7560]

Once the operating system can self-heal, evolve into an A.I., and network itself across the Internet, getting rid of the carbon-based units will be the next step in self-healing.

Re:Wrong approach

[fahrbot-bot]

I just don't think you'll find many in the younger crowd of coders to be humble enough to think that 1) their code could be buggy, or 2) that something/someone else could fix it. The only people I run into that talk about hard and true reliable coding as a standard are over 45 years old. All the young bucks think its impossible.

I think it's a matter of experience and maturity. I'm 51 and have been a (mostly) Unix system programmer and admin since while in college. I've worked on all sorts of systems from Linux/Windows PCs to a Cray 2 and YMP and I'm used to having to account for the unexpected. I try to teach the young padawans on my team to think about what could possibly go wrong, and discuss this more with others as the importance of something rises, and to expect the unexpected. An example I offer is an error message I once got from Tcsh way back - "Assertion botch: This can't happen!" Obviously this is balanced against how critical the code/usage is and the famous "cheap, fast, good - pick two" triangle along with the practical aspects of customer/contract needs and requirements. I also stress trying to understand *why* something works, or needs to work, the way it does, not just *how*.

The most important thing seems to be curiosity and a desire to (really) learn and understand how to solve problems, not just solving them. Find the right youngster, give them support and the right environment and some time to learn. Of course, the really hard part is finding the right person.

Give a man a compiler and he'll generate code; teach him to write a compiler and he'll get hooked on caffeine, go crazy, quit and spend his remaining days curled up in a ball sobbing and muttering about Yacc and Lex - or something like that...

or how about

[ihtoit]

enforcing user privileges? But that'd put AV firms out of business! Tough! They can do something else, like fucking grow food.

WTF?

[AqD]

The author seems completely non-technical. He probably wants to explain things simple to people, but such article is worthless as it says basically nothing but bullshit.

What exactly is stackable debuggers? There are experimental projects detecting malware from outside of VM, but information from that couldn't be too high-level (probably involves re-assembling memory pages and monitoring of key kernel-space tables/code) or stretched into pure user-space attack like Shellshock. I doubt it could be low-cost enough to monitor real-world applications.

It fails to clarify several key things:

- What exactly is "operation that is not correct"? How do they identify it?
- "stop the virus"? What's the "virus" sending rm -fr / via Shellshock? bash itself?
- Approximate a repair for the damaged...? What's the damage in bash to allow remote command?

Unless they probe the contents sent/received via HTTP, looking for pattern of shell commands. But that'd be too cheap!