Slashdot Mirror
Virtual Immune Systems Headed for Market
bughunter writes "This week's Science News cover story reports on the effort to model biological immune systems as a tool against computer viruses and other security threats. Although Science News is written for laypersons and secondary students, the article has several interesting quotes and clearly illustrates the principles behind adaptive immunity. The article also claims that Symantec will release an adaptive antivirus utility this summer."
The simple answer is NO it is NOT possible to build a virus defense program that is capable of recognizing all viral programs.
This would be the same as solving Turing's Halting problem.
That said, it is possible to build a program that would detect SOME viral programs. In the end, that might be all that we need.
Also of some interest is the fact that biological immune systems also don't recognize unknown agents at first either, for the same reason. If a new infection comes into the body, some damage needs to be done first before the immune system is alerted. Once that happens, anti-bodies that can recognize future infections are built.
If tits were wings it'd be flying around.
Unfortuantely what this means is that when you have a harddrive from someone elses computer and connect it to your own the system is bound to reject the foreign data.
Of course, what this means is there will be a lucritive market in anti-rejection software.
In fact I might start selling something along these lines myself. A program you run that stops the computer from automatically blanking new hard drives. Of course there are no guarantees. If the bits have been away from the computer for too long there is little chance of survival.
I think I'll go IPO in February.
-- That which does not kill us has made its last mistake.
You make it sound as though that's a trivial task. For a more in-depth discussion of what's involved in creating a computer "immune system", see, for instance:
-r
Your immune system destroys a significant percentage of your throat lining cells as it battles a common cold. That's why you have a sore throat. In fact, ALL the symptoms you feel are a result of your immune system, not the invading viruses.
Do you really want an anti-viral software which destroys half your files to just to get rid of the virus?
Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
The definition for both biological and computer viruses is a entity (program) which inserts itself into another entity in order to propigate itself.
Viruses can be good or bad... it all depends.
Any time when system performance or integrity drops because of the virus.
Humans are machines, so this is not a logical comparison.
But if you want to compare today's computers against a human's brain, then it's pretty easy.
The human brain is capable of analog operations, today's mainstream computers are not. There are a few chips coming out which are analog and not digital..
--
The world is neither black nor white nor good nor evil, only many shades of CowboyNeal.
> Now, the central database idea sounds very good and would solve a lot of problems. For once there would actually be a use for "push content"! :)
Until some clown cracks the site and adds, say, MS Office to the database of known viri. Then we have The Day The Earth Stood Still as 50,000,000 bureaucrats show up for work and find that they can't write their memos, issue their "of the week" organization charts and vision statements, file legal briefs...
On second thought, I retract my criticism.
Sheesh, evil *and* a jerk. -- Jade
I thought this sort of technology had already been looked at at rejected as it provided too many false negatives, which corporates hated. I read this some where recently (Computing Weekly -in the UK)????? when this whole thing of virus like behaviour was discussed in the aftermath of BO2K. Still, it was probably marketing speak for "oooo hadn't thought of that".
[from the article]
> Melissa was the first virus to e-mail itself
> around the globe
Didn't Robert T Morriss' virus do that ?
Now to find where I left my login...
Won't this wipe-out Windows?
So what should we do? One option is to dramatically improve security in computers. The Unix method of process ownership is a step in the right direction, but not far enough. Java's sandbox or Python's padded-cells are probably the closest thing to what we need.
Another option is to attempt to change people's behaviour. Microsoft shouldn't distribute software which allows a program to be launched straight out of an email with a double-click. And people should be made to realise the risk they are taking every time they download something from the web.
I should also stress that it is not just Windows lusers that are at fault here. How many people here have downloaded a RPM, or a tarball, done a su root and installed it?
--
So how does giving a remote box the ability
to execute code on your box qualify as an
improvement in security? How long before someone
writes a virus that impersonates the admin
server?
Whose pants are these?
K.
-
How come there's an "open source" entry in the
-- Proud descendant of semi-nomadic cattle-herders.
Oh, yeah. I was actually thinking Gatekeeper, but I guess I've been having too many "what kind of computer should I buy" discussions lately. People always ask me about Gateway. Anyway, I liked Gatekeeper and used it, along with Disinfectant for years. That was all the AV protection I needed on the Mac.
Logic ... merely enables one to be wrong with authority. -- Doctor Who
Sorry friend...you do not know how the immune system works. I wish peoiple would only talk about what they know and not what the heard form their sisters roomates former cousin!!!!!!! It is true the immune system has the ability to respond to 'almost' any antigan, however, this does not mean that the system has a B-cell for every antigan. THat would make a static system which would not work. Instead, when a T-cell detects an atigan it hands it off to a b-cell which litterally cuts and pastes it's DNA trying to find a combination that works for binding to this antigan. When it finds one, it starts pouring out antibodies.. The dynamic rearangement of the b-cells (and other immune cells) DNA is the main reason Lukemia is soooo common.
I should imagine that this is pure vapour. besides the fact that unix systems are immune to virii in general, its impossible for a windoze program to check for "virus-like" patterns. the best you can do is heuristics. i.e. consider typical virus behaviour : a virus waits for a file to be opened, copies code into it, and allows the file to be closed. consider typical applciation behaviour : word opens a word file, writes data into it and closes the file. how dyou tell the difference ?
I know this is a little far fetched, and probably beyond what could happen with the described system, but imagine a virus that could use the adaptive nature of the "immune system" itself. By reacting in certain ways, a virus could controll the "evolution" of such a system, eventually using it as a tool for destruction.
Dionysus vs, Socrates! The greatest battle of all time!
Yah, then your boss would say, "What the hell we paying your ass for? All you do is write buggy code, we'll let the machine do it instead! Mass unemployment for programmers. Welcome to your inevidable obsolesence!
You are presuming that people can detect patterns!
Humans cannot detect all patterns. Humans can detect SOME patterns and that's all that machines can do too.
If tits were wings it'd be flying around.
Neural nets are quite adept at detecting patterns, given the proper training. I myself wrote a quite simple little nnet proggie to recognise whether it was looking at a face or not. It had a decent success rate. A little tweaking, and it became able differentiate between multiple faces.
however, asking it to complete patterns is a different story...
------- Driver carries less than 64K of cache.
Or, implementing a strong sandbox-like environment. On a multi-user system, this means running untested software as a non-privileged account, so that you can't hose your system.
Human immune systems can, for the most part, function adaptively because of the vast number of cells. Detection does not have to be immediate, as long as it occurs fast enough for the infection to be contained, and the damaged cells eventually replaced. Then, the newly noticed antigens will result in cells with receptors for such, and the next wave will be detected faster *if* it hasn't mutated enough to alter such.
That's not acceptable for a critical computer system's data; ergo, something stronger such as a sandbox or other mechanism to prevent unauthorized access would be desireable.
Only the dead have seen the end of war.
If memory serves, there's something called the "Mutation Engine" (MtE) that attempts to modify itself in such a way as to get past plain signature-based scanners. I've never bothered to look at its code, so can't give more details than that -- even about its efficacy or whatever. I don't believe it was aimed at actually detecting specific scanners, either.
'tho, actually, it might be possible to patch the most popular scanners to never report a positive hit.
You'd probably be able to find information 'bout MtE on comp.virus, or from the more reputable anti-virus researchers, 'tho.
Only the dead have seen the end of war.
Well, if self-mutation requires intelligence, isn't the immune system idea ifself currently impossible? With new viruses being created so quickly, it would take a whole lot of people manning those analysis centers to respond to the viruses. Apologies for the inexact phrasing, from now I'll say detect instead of see. Here's a scenario for detection of scanning: Virus A has a list of major "immune system" analysis centers. It monitors the system it has infected, and if it detects data headed for one of these centers, it changes. I'm not sure why it has to grow to change (as you seem to imply by saying this virus would have to be bigger than the checker), but I'll concede that point. Anyway, better safe than sorry (for a virus), so it would even unnecessary changes would be a big detriment. At worst, this would seem to reduce the immunity scheme to a situation similiar to the current antivirus one: antivirus vendors strive to setup analysis centers (or change them) as quickly as possible and virus makers strive to update their viruses.
You're right about the worm not changing after a bird eats it. But most birds know whether this is a poisonous worm or not already (or if they don't Darwin makes sure their descendants will), and don't have to fly away to check some bird worm center. If it did (and if the worm could make instant copies of itself) then worms would have much better chances.
I recently installed norton antivirus (on my VMWARE windows in a box) and noticed that under the list of programs that norton expects to act like a virus is every single program in the office suite!! I always get a good laugh at that :-)
As to the automatic virus detection, that's obviously just marketing hype. Bioligical immune systems work because virii only take a limited set of forms. They are not engineered. They evolve through natural processes. Until very recently, man did not have the power to engineer a biological virus.
:) The databases would have to broadcast to the computers every time a virus alert goes out. The broadcasting system would have to be more efficient than most Internet protocols. It would be really cool (and very, very fast) if the alerts could be broadcast through radio waves. Have a periodic "test of the emergency broadcast system"...
A computer virus is much more insidious because it can take a greater variety of forms. It can be engineered to circumvent any "immune system" as described in the article.
Of course, as man gains the power to manipulate a biological virus, a new threat arises. Man may create a virus that kills and spreads as well as a computer virus.
Now, the central database idea sounds very good and would solve a lot of problems. For once there would actually be a use for "push content"!
You know this sounds alot like a virtual entity that is basically living inside your machine. It will have the ability to think, learn, adapt, and react. I have enough fun trying to fix my own mistakes. The last thing I would ever want is some smart-ass AI program running on my box possibly screwing stuff up even more. I can screw stuff up on my own, but at least I know how to fix it. Can they make the same claim about this program.
If you do take the analogy serious, it actually doesn't look so good for computer security. Biological immune systems protect populations, not individuals. A species can afford to have a few percent of the population die from immune system related diseases (oops--misrecognized the Linux kernel as a virus) or to have a quarter of the population be susceptible to a particular virus.
To deal with those issues, the "computer immune" system does something no biological system does: it uses a global repository for virus data.
Finally, most organisms on this planet live perfectly happily without immune systems; it's far from clear that that's a good design point. They just have good, strong biochemical defenses built-in; perhaps that's the best analogy for computers after all.
You miss part of the point. First, security is never going to be perfect. All we can do is raise the bar. Making the attack more difficult or time consuming is important. Script kiddies might get much more bored if their favorite root exploit took 3 hours to succeed.
2nd missed point: You changing the config files is not a problem since, sendmail isn't doing it! i.e., their work implicitly handles this because they look per subsystem for patterns, not the whole system.
3rd: Ramping up an attack here isn't such a problem unless your system is adaptive. Frankly, I don't want my system for checking Sendmail for instance to be adaptive. It should stay the same until a new version of the package comes out, then the patterns can be regenerated. (BTW, this is more or less automatic.)
There is a great deal of literature on the problem you present. (I've done research and journal publication in the area.)
s it because the energy, nutrients, and cells required to perform these functions (with such a small immune system) would detract from the overall health of the individual and it's ability to overcome the obstacle?
Mainly because with a smaller number of cells there will be a certain percentage of antigens that can not be recognized at all. This means that the organism will not gain an immunity to them at all. Coupled with the energetic costs required to mantain the immunological functions, the costs outwiegh the benefits.
"When you sit with a nice girl for two hours, it seems like two minutes. When you sit on a hot stove for two minutes, it
Me: Computer, time for yer shots!
Computer: Nooooooo I don't wanna get my shots
S.t.e.v.e.
I'm tired of all of the Y2k panic. I hope no local media gets wind of this or we'll never hear the end of it.
-
-
It is possible for your mind to be so open that your brain falls out.
Northern Hemisphere or Southern Hemisphere?
African Swallow or European Swallow?
I need sleep
I admit that I didn't read the article in depth, but from what I gathered skimming over it, this sounds like someone has just gotten a bunch of big computers to do what, up until now, has been primarily done by hackers. Granted, finding a way to have a computer do the necessary complex pattern recognition that was previously the domain of hackers is a big and important step in many directions, not the least of which is virus protection, but when it comes down to it, this is the automation of a long standing technique, not a new technique.
The pattern recognition skills, however, have near infinite applications. A system that can detect when a virus has deployed itself, and find the code that is responsible, could serve many purposes. For example, it could help find very deeply buried bugs in program. If the system is capable of finding some idea of how one prevents or cleans the virus, then it would be even more useful. Imagine a compiler/debugger suite that not only told you where your code had problems, but even told you what you probably had to do to fix it!
The next, and truly awesome step would be one that can figure enough out that it can fix the code for you! That would rock! Imagine, the debug button on your ide would no longer launch a program to step through code. It would actually debug the software! Now that would be (c/dr)ool.
-Cheetah
...but a whole lot of infections could be
prevented by coding OSes and applications in
a security conscious fashion. Most viruses just
take advantage of sloppy software design.
Sounds like they have come up with some
interesting ideas but it's also the long way
around to solve the problem for about 90% of
the viruses that I've seen.
This is an interesting development, but it is a bit troublesome. The idea of any program on my computer communicating with a "home base" like that is a bit troubling to me. I used to use a program called Gateway for the Macintosh years ago. It would monitor the computer for suspicious behavior, which you could then permit (and it could memorize permissions) or deny. I liked that method of dealing with unknown virusses better than this digital immune system thing.
Logic ... merely enables one to be wrong with authority. -- Doctor Who
Microsoft® products are pale, thin, sickly, fragile and are born w/ AIDS - there is no cure.
The most humane thing to do is administer euthenasia and install a healthy, robust OS.
Send NT to Dr. Kovorkian.
Chuck
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Hmm, so IBM can basically grab any file off your computer... A note about the biological immunity model...According to clonal selection theory, our bodies can react to every conceived and nonconceived antigen. Now this makes for alot of B cells (the cells that produce the antibodies), making our immune systems the largest organ of our bodies, based on cell count. Also, our immune systems are only good at protecting against a second attack, as it takes the body some time to recognize the first attack and respond to it. So what does this mean for the mentioned anti-viral software? Bloatware that reacts too late. Or you could just stop using Windows and Office.
But isn't the purpose of the Doomsday machine lost if you keep it a secret!
Here's the Link to Forest's research group.
They have a bunch of papers online. The ones I read a while back were mostly theortical.
This has never happened to me before... :)
-
-
It is possible for your mind to be so open that your brain falls out.
Remember all of the problems that will come along with any implementation that's sufficiently similar to a real immune system -- allergic reactions, arthritis, etc.
There's no perfect immune system in nature, and there won't be one online either.
AFAIK most virus checkers already scan for viruses based on hashes of key parts of the virus. This doesn't stop someon from creating a completely new virus or from making minor changes to the part of the virus which is being scanned for.
Is is even possible to create a virus checker that would adaptively search for "virus like" code without severly impeding the normal operation of the computer?
I can imagine that there might be some sort of distributed database which would allow the first person who noticed an infection to notify everyone else quickly. After that the fix could be automatically sent out to innoculate/cure all the systems in the group.
Maybe if all programs used some sort of cryptographic certification you could identify viruses based on their lack of certification.
Don't worry about the Y2K media blitz, but worry about all those viruses running freely and mutating in a playground of consumer petri dishes. They will infest every popular consumer computer given time. Just sit back and wait. Coming soon to a computer near you. Have you been asked to reinstall a certain evil operating system lately? Damn glad I have user accounts on my computer for different installs!
Great, now everyone's computer can automatically reject the Windows virus just as it would any foreign, potentially harmful body :-) but seriously, what happens when there's inadvertent 'rejection' like can happen when your real immune system screws up?
Seems to me that this same technology (if it works at all) could be used to write even deadlier viruses. Imagine viruses that behave as if the antivirus program is the intruding agent, and use measures such as these to defend against them. For example, how about a virus that detects what key parts of itself a scanner was looking for. Once it did that, it could mutate itself, and additionally, strip e-mail addresses from address books and send a description of the changes out to other computers. This probably wouldn't even have to be an executable, just a text file saying something like "Hi. How's the weather?" with the scanner description hidden in it. If a person wasn't infected, nothing would happen (hence no need to send suspicious executables). If a person was infected, the virus would read the description, and modify itself accordingly. Eventually, all surviving copies of the virus would be immune to all the scanners. If it propagated as fast as Melissa, and was a bit stealthier (more stealthy?), it could infect a whole lot of computers, sitting right under the nose of scanners that thought their systems were clean. Disclaimer: I don't write viruses, so I don't know if what I propose is possible or even has been done already.
This is crap, a computer ain't a human body. I'm tired of virus/y2k/security/hacking crap/macro virus. It's been ages since I got a virus and I got a hell lot of stuff from "untrusted" source.
What is needed is a more biological like approach where those computers that become infected die and remove their operating system from the code gene pool.
I am suprised that this approach, of dropping an OS that becomes infected and switching to a new variant that was not infected, was not mentioned in the article. It would certainly be a lot simpler that an all that processing and message passing.
My favorite quote from the article was the part talking about "viruslike behavior" such as "making a file bigger without adding new data". HUH? How do you do that? Heat it up?
You know, before I even hit submit for that post, I already knew some clueless fool was going to say the obvious... well then, without further ado...
The definition for both biological and computer viruses is a entity (program) which inserts itself into another entity in order to propigate itself.
I guess this means when I get a plugin for netscape, that's a virus? Or how about when I upgrade my system from windows 95 to windows 98? My my, by your definition, that would be a virus too. What about the "melissa virus" I described above. That was only an e-mail attachment. It didn't insert itself into anything.
Any time when system performance or integrity drops because of the virus.
So I should immediately upgrade to Linux, dispite corporate policy saying that I'll be fired if I do so? Afterall, running Windows *does* lower both system performance and integrity. Whups. Try coding something (anything), that can detect "system performance or integrity drops" - and determine that it's a virus, and not somebody playing solitare.
Humans are machines, so this is not a logical comparison.
Gosh, last time I took a shower, I didn't start rusting. Funny, maybe I missed something? And I guess when my HDD dies I should be sued for "wrongful death"? Sorry, but the distinction is obvious. If you can't tell the difference between a human and a machine, you've been spending too much time on hold.
You know, the whole point of my post was that you can't code away stupidity. People need to use their computers responsibly. That means regular maintenance, an understanding of what to do when it breaks, and practicing safe hex. If you can't do that, return your computer, and stay the #$@! away from mine!
--
I have to agree with an earlier AC posting to this article. The approach is fundamentally flawed because it uses the past to predict what is happening in the present as it's guidepost. Such a system could easily be subverted by simply doing such operations at a very low frequency, and ramping it up until the system believes it is "normal". Such tactics can even fool people - as any sysadmin will tell you.
Besides, how would you be able to tell the difference between a system administrator modifying sendmail's configuration files, and a systems' cracker trying to bypass security? They both look the same in my version of syslog.
--
Given that human beings started as a bunch of random chemical reactions in the sludge, what're the chances of artificial life being created in a similar way?
Say hypothetically theres a script which generates thousands of files of random bytes of random length which are then run as if they were executables, anything which actually runs is "mated" with other files to produce offspring. Could it be possible to create artificial life in this way?
Deleted
if the system gets below a certain size the gaps are big enough that immunological functions are a net minus to the organism.
Why would immunological functions be a net minus to the organism in such a situation?
Is it because the energy, nutrients, and cells required to perform these functions (with such a small immune system) would detract from the overall health of the individual and it's ability to overcome the obstacle?
Insert mind here.
The program was called "gatekeeper". "Gateway" is a computer manufacturer with the customer-service record of your average virus.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Can't wait until some antiviral/immunity heuristic recognizes that things like Windows Update are inherently viral or wormlike in nature...
"My God...It's full of ads!" -Fry, about the Internet, Futurama
that is a definite problem...but not the exact problem. Autoimmune diseases that attack healthy cells and such would be disaterous to a computer. imagine it! "Look...this file...io.sys...looks sick to me...wipe it out!!" "ummm...its not booting up...ummmm" The prospect of losing control of what and how my computer deals with virii scares me. Isnt the entire idea of a computer to have an scintila of control over what it does?
Two words: Use Linux! Instead of trying to recognize thousands of existing strains, just plug the security holes that viruses rely on. That's how Bliss, the only Linux virus, was squashed.
AV compaines' solutions are not reliable, not because their products don't work, but because conflict of interests involved (fix kernel -> no virus -> out of business). It is doubtful that any AV company will even try to support the permanent solution at all if that means the OS will be immune to present and future viral attacks.
Ooookay. I'm suprised nobody has posted this yet. Name one thing that a human can do that a machine cannot. Detect patterns. People have a remarkable ability to see patterns in data. Sometimes they are somewhat overzealous and see patterns where none exist. Computers are incapable of that. If they could, we would have the beginnings of *real* artificial intelligence. So what is this article about really? Symantec, Mcafee, and company just created a new buzzword. It's like "MMX" or "ActiveX" - mean-nothing phrases designed to lure people in.
Now, let's assume that they really *did* have technology to "detect" viruses... Define a virus' behavior for me. Ummmm.... okay. That was a tough question. Let me give you another one - define behavior that is considered "harmful" to a computer user. Yes, installing windows 98, but I need more than that. Oh. Can't come up with anything their either? Bummer. Now you see the problem. If you can't even define a virus' behavior, how are you supposed to tell the computer how, short of creating real artificial intelligence?
--
Forrest (and her grad students, one of whom I've met) have discovered that relatively short patterns of self-like behavior are easy to spot and cover most normal behavior of a system.
For instance, system calls in Sendmail. You might find 20 some patterns of system calls that correspond to almost all of legitimate behavior. But, when someone hacks or tries to hack Sendmail, the known patterns don't match anymore. After this happens for a bit, the system can sound an alarm.
This works very well in several different areas and they have published many papers on the topic.
Now, getting this to work for viruses might be a bit more difficult. But for misuse detection, it may be just what the doctor ordered.
Also, I wish that more posters would read the article closely. Some of the responses are way off base.
And how then will this Antivirus tell the OS from the viruses in Windows case?
-><- no
No, grep does not qualify. I said *detect*, as in see a pattern without you telling it where to look. Take this example:
Red. green. red. green.
What's the next color?
How about this: 2 3 5 6 7 9 10 11
What's the next number?
Get a computer to do that, and you'll be world-famous.
--
This is probably actually the largest problem.
Everyone's heard about that story when the guy's antivirus software "detected" a virus, but it was actually Win95 being installed. Probably the major hurdle in an "adaptive" antivirus software will be that it will trigger all sorts of false alarms when software is installed.
We run our computers differently than we run our bodies - we're always installing software and such, some of which may run system-level commands. So the analogy is like getting biological implants all the time - our immune system frequently rejects implanted organs or some prosthetic devices. And there's really no way around it - the more vigorous the immune system, the more it's going to reject things which are not part of the "self," viral or not.
If the adaptive anti-virus software is really modeled after biological immune systems, I'll bet it our computers will be breaking out in rashes every time we install new DLLs or update the Registry. Well, where Windows is involved, anyhow.
Neural networks can detedt patterns for exactly the same reason that high-order splines can separate data. Indeed, RBF networks are nothing but high order splines with an incremental training algorithm. All general-purposes statistical pattern recognizers are roughly equivalent when viewed as tools for solving real problems. The hard part is always the feature detection.
"Because antivirus programs can only identify the viruses they already know, they aren't effective against the 10 to 15 new viruses created every day."
:-)
/%/)+Eddy
I mean, this is just so much bullshit. Heuristics have been around for a very long time, and it works reasonably well, assuming there can be interaction between an intelligent user (the famous oxymoron) and the AV so that any false positives can be detected and ignored. I wonder how many uninfected 'shareware.exe' the antivirus vendors with the most aggresive heuristics got a day because of users. That's probably why the suckiest vendors (can you say: McAfee?) doesn't use heuristics to any great extent (at all? Been a while) - they just can't be bothered. A copy sold is dollars made, anything more is just a pain in the butt.
"Because programs and operating systems are not usually designed with security in mind, antiviral programs will always be behind the curve"
This however is correct. The thing is; if these systems come to use and work reasonably well, a lot of effort will be spent by the virus writers 'catching up'. The AV community have _always_ been behind, and I don't see that changing anytime soon. That kind of security would require something like the java security model where every program must beg for every right. "May I please open a file?".
The overhead is just too large, it will never happen. (I will deny ever saying this if I'm proven wrong
Belief is the currency of delusion.
Organisms have redundancy at the level where viruses don't exist -- virus works at the level below cell, all organism's functions are performed at the level above cell. Small number of infected cells can't affect the functionality of organism, and this allows immune system to detect virus before becoming incapacitated. Winning strategy for a virus is to multiply fast enough to cover the damage done by the immune system, and transfer to someone else in large quantities -- so enough cells at eny given moment will produce copies of the virus even if large percentage of those copies and cells are being destroyed. HIV can damage the immune system, however strategy that relies on that is very dangerous for a virus -- because other viruses are constantly around, its damage to the organism can cause death faster than virus can be transmitted to others, and if, say, HIV was transmitted over the air, it would cause huge epidemy and die out just because there will be no people around to carry it. HIV survived because it's carried without noticeable damage for a long time and has chance to be transmitted before seriously damaging the immune system.
Computers perform all their functionality at the same level as "viruses" -- single disruption of something important changes the behavior of computer as a whole. This means that relatively simple virus has a good chance to render any immune system useless. Also the damage to "immune system" can remain unnoticed for a long time -- it's not like everyone constantly runs infected binaries. This makes any actions that specifically target "immune system" very efficient -- damage the thing that transmits your signature anywhere, or the thing that fixes executables, and you are safe. However all kinds of "passive" defense (uid/ACL/chroot/sandbox/jail-like mechanisms), while nonexistent in biology (because there is nothing to make them from but cells, and virus attacks cells) can be easily made in computer system -- if system is designed well enough, one can be sure that virus can't touch anything outside some set of things, and those things can be limited to something more or less expendable.
Contrary to the popular belief, there indeed is no God.
Why was this moderated down??? This was very useful information.
it would be easier to upgrade your computer by pouring sand into it, then zapping it with lightning.
-Crutcher
-- Crutcher --
#include <disclaimer.h>
and with the biological model come...adaptive antivirus programs which incorrectly target the host? (arthritis, etc.)
Also, this won't really detect Trojan Horses will it? The majority of damage, I'd say, are from Trojan Horses...due to simple human stupidity...not the cleverness of the program. Will an adaptive immune system realize the human is defective and send it to security training?
It's 10 PM. Do you know if you're un-American?
Virii could also be written to mimic supposed benign elements of the operating system and applications while setting off the scanning system. Thus causing an autoimmune reaction wiping out the system.
This is exactly the sort of thing Douglas Hofstadter has been working on for the last N years, with some success. Check out:
Fluid Concepts & Creative Analogies: Computer Models of the Fundamental Mechanisms of Thought.
It's a paperback, gold & black cover with fancy cursive writing.
He uses puzzles of the exact sort you describe - continuing sequences, rearranging letters, etc - to tease out the fundamentals of intelligence. It's a fascinating book whether you are interested in the way the human mind works or in ways of analysing complex situations via computer.
-Mars
If it weren't for the "sickly, AIDS-infected" MS-DOS + Windows, the whole Antivirus industry would never exist!! Think all of the jobs that could be lost if people switched to alternate OS-es... Better not slap MS with a DOJ penalty, 'cause what's good for Microsoft is good for the country.
Side note: It's funny how every computer with Windows on it now includes an antivirus scanner too. I guess there's not much profit in it or else we'd have Microsoft Virus Explorer by now. (Oh wait, that's the VB Macro writing software)
Wah!
That method relies on comparison to a known "good" data set, namely, past logfiles and system call patterns, which might work for a dedicated server. But what if I'm on a development machine? What if I play games occassionally? What if I receive a large email attachment? I'll spend more time "teaching" this silly tool what I do than actually doing.
This is just another grad student project that's interesting as pure research, but useless in a practical sense.
Besides, my OS isn't susceptible to virii ;-)
This can't work. For one, the virus would have to be as big as teh virus checker, and likely bigger. How could a virus see how it was being detected? It is read, and the data is processed in a way that the virus can't see. Mutating viruses would have to be random--no other way works. Self mutation requires intelligence. Just think about evolution--a worm doesn't change itself after a bird eats it.
Anyway, I don't think this approach is at all feasible, and I suspect it would help if you didn't use the word see--viri can't see.