Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Security Biotech Bug IT

Peter Tippett on Biomedicine and Security 81

gManZboy writes "IT security borrows some of its most basic terminology (e.g., virus) from biomedicine. It's therefore no surprise then that some of the top minds in the field have backgrounds in biomedicine. Two such figure are Peter Tippett, CTO of Cybertrust, who earned a medical degree and went on to develop what later became Norton Antivirus; and Steve Hofmeyr, who studied the marriage of biology and computation at MIT and later founded Sana Security. In this roundtable discussion, the two discuss how biomedicine informs their thinking about security and when and when not to apply the metaphor. Of particular note is their discussion of the pros and cons of using both signature and non signature-based methods of intrusion detection."
This discussion has been archived. No new comments can be posted.

Peter Tippett on Biomedicine and Security

Comments Filter:
  • It doesn't seem to matter what they discuss. The media just grab on to words like virus and have themselves a field day, trying to scare people and sound educated.

    Leaves those of us who are english geeks frustrated with word misuse, but for the average person, it's irrelivent it seems.

    Luke
    ----
    Have a webpage that teaches computer basics [christiannerds.com] too? Contact me. Maybe we can swap links.
    • Not irrelevant. Incomprehensible.

      It's the same with bioengineered food, nuclear energy and a lot of other things. People don't understand it, the press exploits that and professional protesters use it to justify their beliefs.
  • A good article/interview. It makes sense that the biomedical field can contribute to the study of computer viruses considering that the bio and computer type seem to at least "infect" in the same manner. And, in both cases, there are "vectors" for how viruses invade a host. Perhaps there is cross-over from other fields as well. It would be interesting to do a little digging to see what other fields can or do provide the same sort of effect.
    • I'm not sure I buy into the biovirus = computer virus logic. I mean maybe there are some ideas from bio viruses that could be integrated into computer viruses, but I feel like a degree in biology is no substitute for a strong background in low level programming. I mean, what good does broad knowledge about organisms do if you can't understand how computer viruses work at the machine code level. For creating or even protecting yourself from viruses, that kind of knowledge is indispensible.
      • Making a living in biochemistry for 15 years and a combo of software/life science (bioinformatics) for the last 5-6 years, I can tell you that going from biochemistry to software engineering is much easier than going from software engineering to biochemistry. I have seen at least a dozen transitions both ways and bar none, the former always goes better than the latter. Life science is not just a matter of understanding organisms, it is a matter of serious critical thinking. That ability can be applied ac
        • As a molecular biologist who has managed a bioinformatics project, I agree that it much harder to teach a software engineer biology than to teach a biologist software engineering.

          I think that the reason for this is the huge amount of arbitrary knowledge required to be a functioning molecular biologist. You can't just cram this in over a weekend no matter how smart you are.

    • Whenever someone makes an analogy for computer security, and seems to think the analogy is anything more than a simplified way of explaining, my bogometer goes high. I'm not saying a biologist can't be a computer security expert too. Critical and scientific thinking, as well as intelligence in general sure helps. But claiming computer security is just like some other thing, be it biology or physical security, is just market speech.
  • There must be a wacky ass doctor who came up with Worm and Trojan. Sounds more like a gnarly pron
    • Actually, that 'wacky ass doctor' is an old acqaintence of mine - back when I was a teenager, he was the president of the Cleveland Osborne Group, and I used to go to his home to help print out the postcards to remind people about the next meeting. My mother used to say "are you going to Dr. Doctor's house again?" (he's got a PhD and MD). His bio at Cybertrust doesn't do him justice.
      • hehe that's cool. I didn't mean anything derogatory about the comment. hope you didn't take offense to it :) I just thought it was funny they had a couple names which could be misconstrued to be sexual in nature lol.

        take it easy

        • No offense taken - none at all... I just wanted to relate a little story and explain that he's actually pretty cool. Plus, it was my first ever post on /. I was just looking for something to say, I guess.
  • Asian Anti-Virus product for win3.1 and 95/98 was Dr. Ahns Anti-virus. Just like whith these gentlemen it got its start due to its founder being a medical doctor. Since he was the only person in his lab (IIRC he was a pathologist.) who knew anything about computers when they got an infection he was "nominated" to disinfect the computer. He said he was fascinated by how much computer viri actually resembled biological viri in the way they worked and spread. The end result became Dr. Ahns Anti-Virus, whic
  • I think the layering notion, i.e. combining several different methods of AV protection operating at different levels of system granularity and with different detection methodologies is certainly an interesting one. I'm not sure if I buy the idea that the market is somehow adverse to this, unable to implement it, or stuck in a rut. It seems very easy to toss out the argument that people didn't want a heuristic detection method from norton, because they had become accustomed to McAffee's signature based appr
  • by steelfood ( 895457 ) on Tuesday August 02, 2005 @12:26AM (#13219600)
    ...has anyone else felt that the interview ended rather abruptly? I mean, just as they were starting to debate over the issues of technological improvement versus stability, there was nothing left. Was the ensuing conversation too embarassing to be recorded, or did the interviewer get too engrossed in listening to the arguments to write the rest of the interview down? Usually, the interviewer gets the last word (whether it's a brief "thank you for your time" or a quick summary/conclusion). What happened this time?

    Otherwise, I found this a very interesting read. I've always wondered why people prefer signature-based active detection over the passive method of hashing (and checksumming) all the critical system files. I use the freeware Tiny Personal Firewall 2 (subsequent versions suck), which happens to include a feature that informs me if an application trying to connect out or listen for connections has had its MD5 changed. While it is particularly painful when a system file gets tampered with (a message pops up every time the modified executable tries to interface with the network and the messages won't stop appearing until the change is accepted), it was crucial in my finding that my Firefox executable had been modified without my knowledge.

    The other thing I found interesting is the remark that the internet has lost its innocence. Back even ten years ago, so-called hackers were either kids too smart for their own good, or script kiddies wanting to impress their friends by opening CD trays. Those who exploited security holes for money were a minority. These figures have flipped over the past seven or eight years; today's equivalents are largely in it for the financial gains, with the ones feeling adventurous being in the minority now. When they were talking about worms being less prevelant these days and how it's possible we've seen the end of virii like Sasser and Code Red, I find myself wondering if the internet has left (or is in the process of leaving) its adolescence phase and has fully matured.
  • I never really realized exactly that so many medical persons were really actually applying their knowledge to computers. Now it's time for Steve Jobs to give me new kidneys.
    • Now it's time for Steve Jobs to give me new kidneys.

      You think you've got problems. I was an Access developer. Bill Gates owes me a new liver.
  • What, exactly, is "biomedicine?" Isn't that kind of like "technocomputers" or "kleptorepublicans?"

    Or is it just a way for plain ol' medicine to sound cooler and get more research grants?
    • What, exactly, is "biomedicine?"

      Biomedical research is the juncture between clinical research (say human trials of a drug) and more basic research (say an animal model of a disease). For example, a promising compound that slows tumor growth in an animal model of cancer might be applied to human cells of the same type of cancer grown in culture (as opposed to actually giving the compound to living patients.)
      • Also, almost all biomedical research is carried out by either people with an MD/PhD or as a collaboration between MDs and PhDs or some combo of the two. It is most often a case of bench science meeting the clinic.
      • It's a generic term that tries to define the reality that there's not a clear cut line - when you look at the methods and problems from a "basic research" (as opposed to "clinical research") perspective - between "biological" and "medical" phenomena. It also refers to that kind of research, as opposed to medical-only research (for instance, a clinical trial of a new drug for the heart).
  • If you believe in evolution, at least in survival of the fittest, you'll quickly understand that in the fight for survival, pretty much any mechanism that can be used will be tried. That's why you get parasites with parasites, why you get half alive creatures like virii, and, why you get infections - if there's a way to get yourself a bit further ahead, you use it.

    In any case, there's no surprise in my mind that people chose biology analogies when confronted with novel concepts - you can always find an ana
  • As far as I know, Peter Norton wrote Norton Anti-Virus.
    • I worked for a small company he was President of a while back, NCSA (another confusing name as it was National Computer Security Association, not the other well known NCSA). It was the forerunner of Cybertrust. It was well known within the company that Peter Tippett was the primary developer of the early versions of Norton Anti-Virus. I never got around to asking him if he was the ONLY developer of the software at that time, but I'm pretty sure he was.

      • Ahhh... gotta reply to my own posting to clear something up.

        I don't believe Peter Tippett was working for Symantec at the time while developing his first AV software. The software was aquired by Symantec.

  • I guess inserting a few words that sound like your're a real genius, like "immunological system" will promote their anti-virus software, won't it? Even though it doesn't resemble it in the least.

    Who are these guys kidding? They're part of the problem. They make obscene ammounts of money on a diseased platform (now there's a good biological metaphor).

    If they were really up to it, they'd be working on cutting-edge stuff like capabilities. [eros-os.org] Even relatively simple measures [auug.org.au] like those taken by some UNIXes have s
    • I find it interesting that you dismiss Windows as a diseased, obsolete platform, and then in the next paragraph you say capabilities is a cutting edge technology. Windows NT has had capabilities since its inception, and most UNIXes are just getting around to introducing them.

      I'm not saying Windows is more secure -- I'm just saying that glomming capabilities onto *any* OS (Windows, Linux, or otherwise) doesn't make it secure.

      The OpenBSD exploit mitigation stuff is great -- way better than what Windows XP of
  • IT security borrows some of its most basic terminology (e.g., virus) from biomedicine. It's therefore no surprise then that some of the top minds in the field have backgrounds in biomedicine.

    What? IT security also borrows some of its basic terminology from construction ("firewall"). Shouldn't these people be architects?
  • Of particular note is their discussion of the pros and cons of using both signature and non signature-based methods of intrusion detection.

    signature based == $$$$ from signature updates

    non-signature based: Tight sandboxing around network priviledged apps, and new 'untrusted' content on the system. Behavioural monitoring, like an internal firewall - mime type priveledges - hang on '-rwxr-xr-x ana.kournivova.jpg' cannot access other executable files! It is not allowed to!

    -rwxr-xr-x gimp however is allowed to
  • What most people don't realize is that the field of biology, or more specifically, microbiology is incredibly dependant on computer technology.

    When you are talking about sequencing DNA, you are talking about building a massive database. With an insane number of cross-connections.

    The ability to DO microbiology at the level we are now able is pretty much codependant on the development of the computer technology needed to process this incredible quantity of information.

    It's been said that a single human DNA s
    • I think you mean molecular biology, the study of biomolecules (like DNA). Microbiology is the study of microorganisms.

      It's been said that a single human DNA sample contains about 20 GB of data.

      I work on the human genome and I've never heard anyone say that until your comment. The human genome is about 3 billion nucleotides long. You can store each nucleotide as an octet, but that's somewhat wasteful, since each nucleotide only contains two bits of information, not eight. So really, we're talking about 750 M

      • It's been said that a single human DNA sample contains about 20 GB of data.

        I work on the human genome and I've never heard anyone say that until your comment. The human genome is about 3 billion nucleotides long. You can store each nucleotide as an octet, but that's somewhat wasteful, since each nucleotide only contains two bits of information, not eight. So really, we're talking about 750 MB of highly compressible data.


        I got my "20 GB" information from a Carl Sagan book, I believe it was "The evolution of
  • Ecology has a concept called the "keystone predator". Predators often have a major influence on the ecology they hunt in. For example, sea otters that eat sea urchins. The sea urchins in turn eat kelp beds. If the sea otter population declines, the sea urchin population increases, and the kelp beds start getting overgrazed. When that happens, lots of other organisms that live in and on the kelp beds suffer.

    Introducing new predators into an existing ecosystem can increase the overall diversity as they become keystone predators. This effect is seen even if the predator doesn't preferentially hunt the former dominant species, though it can be amplified in that case. In extreme cases, the former dominant species is replaced by other species, though the former dominant species doesn't necessarily go extinct.

    What does this have to do with computers? The Internet has changed significantly in the last few years. Broadband connections are fundamentally different from dialup connections. First, obviously, they are much faster. Second, they are 'always on'. As broadband has spread, a new ecological niche has opened up - that of spyware/adware.

    Even if it were just malicious teenagers writing these things, they'd be a significant problem. But there's a business model now - (unethical) people can make money with this stuff. Ads, selling demographic info, redirecting referral clicks, spam, protection rackets, fraud and identity theft. Of course, these guys are preferentially hunting Windows boxes right now. They're the current dominant species, and tend to be easy to subvert.

    I think spyware is going to be the keystone predator of the operating system ecology. And I think we're going to see a lot more diversity in that area in the future.

  • Anyone who had much ME or EE would have refered to an out-of-control compounding of virii+worms+hacks as positive feedback and not "... It's almost the definitive negative feedback loop...."
  • Hello,

    This was a while ago, so I don't have exact dates but Peter Tippett founded a company named FoundationWare [securitydigest.org] around 1987-1989 nwhich made an integrity checking program called Vaccine. Vaccine was eventually renamed to Certus [victoria.tc.ca] and the company followed suit in the early 1990s, renaming itself after its flagship product.

    Certus was initially an integrity checker and behavior blocker. The integrity checker calculated a CRC or hash value on files and system areas, stored them in a database and compared t

The trouble with computers is that they do what you tell them, not what you want. -- D. Cohen

Working...