<nettime> virus researchers: Internet needs new immune system

[Ana Viseu <ana.viseu {AT} utoronto.ca>]

[This article is about viruses, the Internet and the best way to describe 
their evolution: should we use a biological approach? is the biological 
metaphor an accurate one? Well, surprise, surprise, the answer is 'no'. 
This is not a surprise, many of us have by now given up on the idea of the 
Internet as a super-organism and see it as a 'no-nature' artifact, but what 
this article shows is that it is still a prevailing idea in many fields, 
companies, etc. Perhaps what we need in order to get a better understanding 
of the networks in general, and Internet in particular, is a new vocabulary 
that allows us to go further than old biology metaphors. Best. Ana Viseu]



Virus researchers: Internet needs immune system

By Elizabeth Weise, USA TODAY; 02/27/2001

Computer viruses and the flu have a lot in common:
they're annoying and easy to catch, and they cost companies billions of 
dollars in lost work productivity.

But contrary to the long-held notion that biological models can be used to 
predict how cyberviruses proliferate, two European physicists have found 
that they actually spread differently  a finding that could lead to better 
and faster ways to protect against this PC threat.

The scientists analyzed the statistical incidence of more than 800 computer 
viruses and found that they lived much longer than current theories 
predicted  in some cases up to three years. Because "vaccines" for most 
viruses are usually available within hours or days, the network 
theoretically should be totally protected within weeks, says researcher 
Alessandro Vespignani of the International Center for Theoretical Physics 
in Trieste, Italy.

But that's not what actually happens. PC viruses continue to infect a small 
but persistent percentage of computers.
In biological viruses, there is an "epidemic threshold"
below which viruses cannot produce a major outbreak, but one infected 
machine is like Typhoid Mary, infecting thousands of others, says study 
co-author Romualdo Pastor-Satorras of the Polytechnic University of 
Catalonia in Barcelona.

An infected computer is likely connected to so many other computers on the 
Net that it will eventually find one without virus protection to infect. 
Because of this, computer viruses seldom reach epidemic proportions but 
tend to maintain a low but steady level of infection over long periods.

"On the Net we don't have any epidemic threshold. So what we have 
discovered is the Internet is really weak in the face of infection," says 
Vespignani.

"One of the interesting things about this paper is it does tell us that 
relying on biological properties is not too wise.
The Net actually has a very different response method than biological 
entities," says Tim Shimeall of the CERT Coordination Center, a federally 
funded computer security research center operated by Carnegie Mellon 
University.

Using complex computer programs to model the Internet, Vespignani and 
Pastor-Satorras created a numerical model of viral infection that took into 
account the complex structure of the Net, simulating the evolution of 
epidemic outbreaks online. They found that Internet viruses do indeed lack 
the "epidemic threshold" of biological viruses, which means the Net is 
prone to persistent infections of even easily cured viruses.

It takes just a few machines to keep a virus alive.
"Computer viruses live on because, while individual computers may be 
protected by anti-virus software, 100% of the computers online are never 
immune," says Pastor-Satorras.

Although it might seem odd that two physicists would be looking at online 
viruses, it's really just an extension of current research in the field. 
Because of their expertise in looking at the massively complex collective 
behavior of atoms, physicists are beginning to apply their methods of 
analysis to other complex systems.

Steve White, who heads IBM's anti-virus research group at the company's 
T.J. Watson Research Center in Hawthorne, N.Y., says past models of how 
computer viruses spread couldn't account for what happened when viruses 
spread online. He calls Pastor-Satorras' and Vespignani's model "clever" 
and a good explanation for the way viruses work.

In their article, the researchers note the only way to effectively wipe out 
such viruses from the open network would be to build a kind of "digital 
immune system" for the entire Internet. "We're pointing out that anti-virus 
software is not the ultimate medicine to protect against infection," says 
Vespignani.

In fact, scientists at IBM have been working on such an immunological 
system for almost a decade, White says.
"What we see is increasingly faster (and) wider spread of (computer) 
viruses. You need something that will take care of the problem before they 
burn down the world."

Some of the fruits of that research are now available in Symantec's Norton 
anti-virus software, which automatically finds and creates cures for 
viruses and then automatically immunizes infected machines.

The program, which Symantec calls "Scan and Deliver," has been deployed in 
Norton anti-virus software since 1998, though the most advanced version is 
available only to corporate customers. The software automatically detects, 
captures and submits viruses to Symantec's labs, which then create cures 
that are automatically deployed to all the computers on the system.

Depending on how complex the original virus is, the cure might be 
automatically generated by Symantec's computers or might require anti-virus 
engineers to work on it before it's released. The idea is to inoculate the 
network faster than the virus can spread.

But while the IBM/Symantec design is a help for large corporate customers, 
it still doesn't protect the network as a whole. "What we need is a global 
immunization organization," says CERT's Shimeall. "The problem is, no one 
has yet come up with a description of how such an organization would operate."

----++++----++++----
Tudo vale a pena se a alma não é pequena.
http://fcis.oise.utoronto.ca/~aviseu

#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo {AT} bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime {AT} bbs.thing.net