Viruses and Worms


Today I ran across three good articles related to viruses and worms. I can't imagine why the sudden interest! Here they are:

In San Francisco Chronicle, Mark Graff, chief cyber-security officer at Lawrence Livermore National Laboratory and author of a number of security books, says:

The attacks are going to come faster and faster, closer together. Eventually, as far as we're concerned, it will be one constant attack

This is, of course, partly a response to the general difficulty of creating secure systems. There's much to worry about and companies would rather devote resources to core missions than they would to protection from threats. Still, Graff see a cataclysmic future where we eventually get so sick of the situation that we're willing to put the resources in place to solve the problem.

This assume that the problem has a solution. Some problems do not. In the late 80s, there was big news when it was proven (wish I could remember who did it) that general detection of a virus is equivalent to solving the halting problem, which is unsolvable. Now, the proof is part of every undergraduate Theory of Computation class. An article in New Scientist discusses the crisis in virus detection. Because you can't detect a virus in general, modern anti-virus technologies are based on signature detection of known viruses---pattern matching. This leads to a constant game of signature file updates, which in some cases might be worse than many of the viruses themselves.

Now for the bad news: in this article, Hewlett-Packard researcher Matthew Williamson reports that "even if a signature is available from the moment a virus is released, it cannot stop the virus spreading if it propagates fast enough." This, combined with Graff's predictions in the last article are not good news. William's answer is more adaptive software, but the price there is false positives. This is the same problem that we face on the SPAM front where people don't like false positives.

Finally, this article from Wired Magazine reports some of the draconian steps college networks are taking to protect themselves from viruses and worms. To appreciate the job of being a CIO at a major university, imagine running a network for an organization that has 50,000 user IDs, 20% of which turn over every years, provides networking, file, print, and messaging services to those same users, many of whom bring on their own machines with every conceivable OS make and version to your network and expect it to work. Your network also has to support thousands of different applications in support of projects which change every 4 months. You can't firewall your users or their machines off from the Internet, you can't turn them away, and your job is to support them in pursuit of their real goal: getting an education. Add to that mix 1000 or so CS students who are trying to break things on purpose as part of the educational process and it makes for an interesting place. As your bonus, you get weekly, maybe daily calls, from RIAA lawyers and others complaining about copyright violations, which by law, you have to respond to. Amazingly enough, the ones I know still manage to keep smiling.