Can Lessons from the Common Cold Help Us Defeat Computer Viruses?
David Perry, director of global education at security software supplier Trend Micro, thinks the analogy between biological and computer viruses breaks down. "A biological virus mutates by itself, but a computer virus does not have that ability," he told TechNewsWorld.
Through the years, some malicious computer programs have come to be known as viruses. Dr. Fred Cohen, a principal analyst with market research firm Burton Group, coined the term when he was working as a graduate student at the University of Southern California in the early 1980s. "There was a resemblance in how computer viruses and biological viruses reproduced," he told TechNewsWorld.
Given that similarity, a question has arisen recently: Can the study of human viruses be helpful to computer scientists, who are trying to prevent the next MyDoom from wreaking havoc? For Cohen, the answer is "yes," but for others, the answer is "no."
To understand why the industry has two different answers to this question, one first must become familiar with the nature of human viruses. Immunology is the scientific area that studies the complex, sophisticated human immune system.
This system consists of a network of cells and organs that work together to defend the body against attacks by foreign invaders, basically germs, which try to reproduce. Because it provides an excellent environment for germs to propagate, the body is constantly under attack.
Reproduction: The Key to Viral Success
One may quickly see similarities between biological and computer viruses. A computer virus acts like a foreign invader and has the goal of reproducing itself. Networks like the Internet are large and complex collections of systems that work together to exchange information. The way the exchanges are constructed provides an excellent environment in which viruses can spawn.
A biological virus can disable its host, and one irony is that if it reproduces too effectively, it can end up killing its host as well as itself. As they duplicate, computer viruses often knock a system offline for at least a few moments. Usually, the goal is to spread and not to destroy the system, but there have been viruses that delete files and wipe out a host system's data.
When germs do break into a body, the immune system's job is to seek out and destroy them, so there is a constant chess match between viruses and immune systems. As soon as the immune system develops an effective defense mechanism, a biological virus will mutate and attack in a new way.
A similar scenario occurs with computer viruses. In the past 20 years, antivirus vendors have produced antidotes for a wide variety of viruses, from Michelangelo to Melissa to SoBig. While those viruses no longer pose a threat to most systems, hackers have been busily working on new strains.
Delineating Virus Differences
David Perry, director of global education at security software supplier Trend Micro, thinks this process is one area in which the analogy between biological and computer viruses breaks down. "A biological virus mutates by itself, but a computer virus does not have that ability," he told TechNewsWorld. "Without a hacker changing code, it will quickly be rendered impotent."
While Trend Micro's Perry understands why the term "virus" has gained popularity, he feels a more appropriate phrase is "cellular automaton." That term refers to a machine whose output behavior is not a direct consequence of a current input, but instead of a past, preprogrammed input.
But more appropriate might not necessarily mean more effective. "Cellular automaton may be a more precise term for how computer viruses work, but it's not a term that most individuals understand," said Dan Geer, chief scientist at information security firm Verdasys.
And even cellular automata's precision is starting to come into question. Hackers have been making viruses more intelligent. A virus like Nimda has half a dozen or so ways to attack a system. After examining the computer, the virus will select the one that is the best for the particular situation. Security experts can envision a day when computer viruses mutate and reproduce in manner just like biological viruses.
One area in which computer viruses and biological viruses are different is the manner in which they can be removed. A computer can be shut off, unplugged from a network, then rebooted with antivirus software installed to remove the virus. An organism cannot rid itself of a virus as easily.
The Government Steps In
Yet there are so many similarities that the National Science Foundation (NSF) has begun awarding grants to individuals to study areas of overlap between the two fields. Mike Reiter of Carnegie Mellon University and Stephanie Forrest, a University of New Mexico biologist, have been at the forefront of gleaning lessons for computer security from living organisms, and they recently received a US$750,000 grant to continue their work.
One finding of such studies is that biological viruses can reproduce so fast and do so much damage that they can wipe out an entire species. This usually occurs when a species has a uniform set of characteristics -- a scenario defined as a monoculture. To prevent such problems, biologists have been advising farmers to diversify their plantings.
Some computer researchers believe software developers should be given tools to vary characteristics of the same program so that they all would not be hobbled by a virus written to target a specific product. Daniel DuVarney and R. Sekar of the State University of New York at Stony Brook have received grants to explore the area of "benign mutations" that would diversify software, preserving the functional portions of code but shaking up the nonfunctional portions that are often targeted by viruses.
So it looks like -- at the very least -- the term computer virus will stick, something that even Trend Micro's Perry admits. "I don't agree with the use of the term, but I understand that it has been used so widely that we are now stuck with it," he told TechNewsWorld. At the very most, the NSF research will lead to developments that will transform the emergence of the next MyDoom from a significant inconvenience, or worse, into an item of interest only to security software suppliers.