Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Science

Virtual Immune Systems Headed for Market 83

Posted by Roblimo from the biology-is-destiny-even-for-computers dept.
bughunter writes "This week's Science News cover story reports on the effort to model biological immune systems as a tool against computer viruses and other security threats. Although Science News is written for laypersons and secondary students, the article has several interesting quotes and clearly illustrates the principles behind adaptive immunity. The article also claims that Symantec will release an adaptive antivirus utility this summer."
This discussion has been archived. No new comments can be posted.

Virtual Immune Systems Headed for Market More

Virtual Immune Systems Headed for Market

Comments Filter:
  • The simple answer is NO it is NOT possible to build a virus defense program that is capable of recognizing all viral programs.

    This would be the same as solving Turing's Halting problem.

    That said, it is possible to build a program that would detect SOME viral programs. In the end, that might be all that we need.

    Also of some interest is the fact that biological immune systems also don't recognize unknown agents at first either, for the same reason. If a new infection comes into the body, some damage needs to be done first before the immune system is alerted. Once that happens, anti-bodies that can recognize future infections are built.
  • Unfortuantely what this means is that when you have a harddrive from someone elses computer and connect it to your own the system is bound to reject the foreign data.

    Of course, what this means is there will be a lucritive market in anti-rejection software.

    In fact I might start selling something along these lines myself. A program you run that stops the computer from automatically blanking new hard drives. Of course there are no guarantees. If the bits have been away from the computer for too long there is little chance of survival.

    I think I'll go IPO in February.


  • I admit that I didn't read the article in depth, but from what I gathered skimming over it, this sounds like someone has just gotten a bunch of big computers to do what, up until now, has been primarily done by hackers.

    You make it sound as though that's a trivial task. For a more in-depth discussion of what's involved in creating a computer "immune system", see, for instance:
  • Your immune system destroys a significant percentage of your throat lining cells as it battles a common cold. That's why you have a sore throat. In fact, ALL the symptoms you feel are a result of your immune system, not the invading viruses.

    Do you really want an anti-viral software which destroys half your files to just to get rid of the virus?
  • Define a virus' behavior for me.


    The definition for both biological and computer viruses is a entity (program) which inserts itself into another entity in order to propigate itself.

    Viruses can be good or bad... it all depends.

    define behavior that is considered "harmful" to a computer user


    Any time when system performance or integrity drops because of the virus.

    Name one thing that a human can do that a machine cannot.


    Humans are machines, so this is not a logical comparison.

    But if you want to compare today's computers against a human's brain, then it's pretty easy.
    The human brain is capable of analog operations, today's mainstream computers are not. There are a few chips coming out which are analog and not digital..

    --
  • > Now, the central database idea sounds very good and would solve a lot of problems. For once there would actually be a use for "push content"! :)

    Until some clown cracks the site and adds, say, MS Office to the database of known viri. Then we have The Day The Earth Stood Still as 50,000,000 bureaucrats show up for work and find that they can't write their memos, issue their "of the week" organization charts and vision statements, file legal briefs...

    On second thought, I retract my criticism.



  • I thought this sort of technology had already been looked at at rejected as it provided too many false negatives, which corporates hated. I read this some where recently (Computing Weekly -in the UK)????? when this whole thing of virus like behaviour was discussed in the aftermath of BO2K. Still, it was probably marketing speak for "oooo hadn't thought of that".

  • Won't this wipe-out Windows?
  • ...is that it is possible for people to run software downloaded from the Internet, which (especially on Win machines) then have a free reign over the computer. People should be made to realise that running a computer program created by someone else is the same as inviting them to sit down at your computer for as long as they like, and turning your back while they do whatever they want. But it is worse than this, you are also extending this invitation to EVERYONE who may have had similar access to this person's computer!
    So what should we do? One option is to dramatically improve security in computers. The Unix method of process ownership is a step in the right direction, but not far enough. Java's sandbox or Python's padded-cells are probably the closest thing to what we need.
    Another option is to attempt to change people's behaviour. Microsoft shouldn't distribute software which allows a program to be launched straight out of an email with a double-click. And people should be made to realise the risk they are taking every time they download something from the web.
    I should also stress that it is not just Windows lusers that are at fault here. How many people here have downloaded a RPM, or a tarball, done a su root and installed it?

    --

  • So how does giving a remote box the ability
    to execute code on your box qualify as an
    improvement in security? How long before someone
    writes a virus that impersonates the admin
    server?

    Whose pants are these?

    K.
    -
    How come there's an "open source" entry in the
  • Oh, yeah. I was actually thinking Gatekeeper, but I guess I've been having too many "what kind of computer should I buy" discussions lately. People always ask me about Gateway. Anyway, I liked Gatekeeper and used it, along with Disinfectant for years. That was all the AV protection I needed on the Mac.
  • I know this is a little far fetched, and probably beyond what could happen with the described system, but imagine a virus that could use the adaptive nature of the "immune system" itself. By reacting in certain ways, a virus could controll the "evolution" of such a system, eventually using it as a tool for destruction.
  • You are presuming that people can detect patterns!

    Humans cannot detect all patterns. Humans can detect SOME patterns and that's all that machines can do too.

  • Neural nets are quite adept at detecting patterns, given the proper training. I myself wrote a quite simple little nnet proggie to recognise whether it was looking at a face or not. It had a decent success rate. A little tweaking, and it became able differentiate between multiple faces.

    however, asking it to complete patterns is a different story...
  • Or, implementing a strong sandbox-like environment. On a multi-user system, this means running untested software as a non-privileged account, so that you can't hose your system.

    Human immune systems can, for the most part, function adaptively because of the vast number of cells. Detection does not have to be immediate, as long as it occurs fast enough for the infection to be contained, and the damaged cells eventually replaced. Then, the newly noticed antigens will result in cells with receptors for such, and the next wave will be detected faster *if* it hasn't mutated enough to alter such.

    That's not acceptable for a critical computer system's data; ergo, something stronger such as a sandbox or other mechanism to prevent unauthorized access would be desireable.
  • If memory serves, there's something called the "Mutation Engine" (MtE) that attempts to modify itself in such a way as to get past plain signature-based scanners. I've never bothered to look at its code, so can't give more details than that -- even about its efficacy or whatever. I don't believe it was aimed at actually detecting specific scanners, either.

    'tho, actually, it might be possible to patch the most popular scanners to never report a positive hit.

    You'd probably be able to find information 'bout MtE on comp.virus, or from the more reputable anti-virus researchers, 'tho.
  • Well, if self-mutation requires intelligence, isn't the immune system idea ifself currently impossible? With new viruses being created so quickly, it would take a whole lot of people manning those analysis centers to respond to the viruses. Apologies for the inexact phrasing, from now I'll say detect instead of see. Here's a scenario for detection of scanning: Virus A has a list of major "immune system" analysis centers. It monitors the system it has infected, and if it detects data headed for one of these centers, it changes. I'm not sure why it has to grow to change (as you seem to imply by saying this virus would have to be bigger than the checker), but I'll concede that point. Anyway, better safe than sorry (for a virus), so it would even unnecessary changes would be a big detriment. At worst, this would seem to reduce the immunity scheme to a situation similiar to the current antivirus one: antivirus vendors strive to setup analysis centers (or change them) as quickly as possible and virus makers strive to update their viruses.
    You're right about the worm not changing after a bird eats it. But most birds know whether this is a poisonous worm or not already (or if they don't Darwin makes sure their descendants will), and don't have to fly away to check some bird worm center. If it did (and if the worm could make instant copies of itself) then worms would have much better chances.
  • As to the automatic virus detection, that's obviously just marketing hype. Bioligical immune systems work because virii only take a limited set of forms. They are not engineered. They evolve through natural processes. Until very recently, man did not have the power to engineer a biological virus.

    A computer virus is much more insidious because it can take a greater variety of forms. It can be engineered to circumvent any "immune system" as described in the article.

    Of course, as man gains the power to manipulate a biological virus, a new threat arises. Man may create a virus that kills and spreads as well as a computer virus.

    Now, the central database idea sounds very good and would solve a lot of problems. For once there would actually be a use for "push content"! :) The databases would have to broadcast to the computers every time a virus alert goes out. The broadcasting system would have to be more efficient than most Internet protocols. It would be really cool (and very, very fast) if the alerts could be broadcast through radio waves. Have a periodic "test of the emergency broadcast system"...
  • Machine learning, pattern recognition, agents, and artificial intelligence are likely to become very important in security. But while the analogy to biology sounds nice, and people may even derive some useful inspiration from it, but it is pretty weak on the whole.

    If you do take the analogy serious, it actually doesn't look so good for computer security. Biological immune systems protect populations, not individuals. A species can afford to have a few percent of the population die from immune system related diseases (oops--misrecognized the Linux kernel as a virus) or to have a quarter of the population be susceptible to a particular virus.

    To deal with those issues, the "computer immune" system does something no biological system does: it uses a global repository for virus data.

    Finally, most organisms on this planet live perfectly happily without immune systems; it's far from clear that that's a good design point. They just have good, strong biochemical defenses built-in; perhaps that's the best analogy for computers after all.

  • You miss part of the point. First, security is never going to be perfect. All we can do is raise the bar. Making the attack more difficult or time consuming is important. Script kiddies might get much more bored if their favorite root exploit took 3 hours to succeed.

    2nd missed point: You changing the config files is not a problem since, sendmail isn't doing it! i.e., their work implicitly handles this because they look per subsystem for patterns, not the whole system.

    3rd: Ramping up an attack here isn't such a problem unless your system is adaptive. Frankly, I don't want my system for checking Sendmail for instance to be adaptive. It should stay the same until a new version of the package comes out, then the patterns can be regenerated. (BTW, this is more or less automatic.)

    There is a great deal of literature on the problem you present. (I've done research and journal publication in the area.)
  • Actually, this could work.
    Make a virus that simply does "normal" things...
    and then you increase the complexity of the problem, while perhaps making it increasingly more difficult to do "standard" work without setting off the behaviour-alarm.

    I can see it now... the immune system killing the TCP/IP stack because a virus pretended it was it..
    '
    Hmm.. vital organ rejection anyone?

    Furthermore, the closer the virus parallels to the user's behaviour, the more processing time the "immune system" has to do, possibly breaking it because of computational restrictions..

    Fun stuff.
  • s it because the energy, nutrients, and cells required to perform these functions (with such a small immune system) would detract from the overall health of the individual and it's ability to overcome the obstacle?

    Mainly because with a smaller number of cells there will be a certain percentage of antigens that can not be recognized at all. This means that the organism will not gain an immunity to them at all. Coupled with the energetic costs required to mantain the immunological functions, the costs outwiegh the benefits.
  • Me: Computer, time for yer shots!
    Computer: Nooooooo I don't wanna get my shots
  • Northern Hemisphere or Southern Hemisphere?


    African Swallow or European Swallow?




    I need sleep
  • I admit that I didn't read the article in depth, but from what I gathered skimming over it, this sounds like someone has just gotten a bunch of big computers to do what, up until now, has been primarily done by hackers. Granted, finding a way to have a computer do the necessary complex pattern recognition that was previously the domain of hackers is a big and important step in many directions, not the least of which is virus protection, but when it comes down to it, this is the automation of a long standing technique, not a new technique.

    The pattern recognition skills, however, have near infinite applications. A system that can detect when a virus has deployed itself, and find the code that is responsible, could serve many purposes. For example, it could help find very deeply buried bugs in program. If the system is capable of finding some idea of how one prevents or cleans the virus, then it would be even more useful. Imagine a compiler/debugger suite that not only told you where your code had problems, but even told you what you probably had to do to fix it!

    The next, and truly awesome step would be one that can figure enough out that it can fix the code for you! That would rock! Imagine, the debug button on your ide would no longer launch a program to step through code. It would actually debug the software! Now that would be (c/dr)ool.
  • ...but a whole lot of infections could be
    prevented by coding OSes and applications in
    a security conscious fashion. Most viruses just
    take advantage of sloppy software design.
    Sounds like they have come up with some
    interesting ideas but it's also the long way
    around to solve the problem for about 90% of
    the viruses that I've seen.
  • This is an interesting development, but it is a bit troublesome. The idea of any program on my computer communicating with a "home base" like that is a bit troubling to me. I used to use a program called Gateway for the Macintosh years ago. It would monitor the computer for suspicious behavior, which you could then permit (and it could memorize permissions) or deny. I liked that method of dealing with unknown virusses better than this digital immune system thing.
  • Microsoft® products are pale, thin, sickly, fragile and are born w/ AIDS - there is no cure.
    The most humane thing to do is administer euthenasia and install a healthy, robust OS.
    Send NT to Dr. Kovorkian.

    Chuck
  • Hmm, so IBM can basically grab any file off your computer... A note about the biological immunity model...According to clonal selection theory, our bodies can react to every conceived and nonconceived antigen. Now this makes for alot of B cells (the cells that produce the antibodies), making our immune systems the largest organ of our bodies, based on cell count. Also, our immune systems are only good at protecting against a second attack, as it takes the body some time to recognize the first attack and respond to it. So what does this mean for the mentioned anti-viral software? Bloatware that reacts too late. Or you could just stop using Windows and Office.
  • Here's the Link to Forest's research group [unm.edu].
    They have a bunch of papers online. The ones I read a while back were mostly theortical.
  • This has never happened to me before... :)

    -
  • Remember all of the problems that will come along with any implementation that's sufficiently similar to a real immune system -- allergic reactions, arthritis, etc.

    There's no perfect immune system in nature, and there won't be one online either.

  • AFAIK most virus checkers already scan for viruses based on hashes of key parts of the virus. This doesn't stop someon from creating a completely new virus or from making minor changes to the part of the virus which is being scanned for.
    Is is even possible to create a virus checker that would adaptively search for "virus like" code without severly impeding the normal operation of the computer?
    I can imagine that there might be some sort of distributed database which would allow the first person who noticed an infection to notify everyone else quickly. After that the fix could be automatically sent out to innoculate/cure all the systems in the group.
    Maybe if all programs used some sort of cryptographic certification you could identify viruses based on their lack of certification.
  • Sure, last time I looked at virus checkers (fprot for DOS), they had a "heuristic" mode that checked for virus like activity. This was faster and was supposed to be able to catch "virus like activity" such as writing to the boot sector of the disk and code with lots of unnecessary jmps (designed to fool virus checkers). Unfortunatly these techniques are not 100% foolproof and a carefully written virus can get around them. I never noticed any slowdown from using fprot, but I was running cheezy DOS programs on a P75, so speed wasn't an issue.

    Fortunatly, virus checking got infinitely easier when I switched to Unix. :)
  • Don't worry about the Y2K media blitz, but worry about all those viruses running freely and mutating in a playground of consumer petri dishes. They will infest every popular consumer computer given time. Just sit back and wait. Coming soon to a computer near you. Have you been asked to reinstall a certain evil operating system lately? Damn glad I have user accounts on my computer for different installs!
  • Seems to me that this same technology (if it works at all) could be used to write even deadlier viruses. Imagine viruses that behave as if the antivirus program is the intruding agent, and use measures such as these to defend against them. For example, how about a virus that detects what key parts of itself a scanner was looking for. Once it did that, it could mutate itself, and additionally, strip e-mail addresses from address books and send a description of the changes out to other computers. This probably wouldn't even have to be an executable, just a text file saying something like "Hi. How's the weather?" with the scanner description hidden in it. If a person wasn't infected, nothing would happen (hence no need to send suspicious executables). If a person was infected, the virus would read the description, and modify itself accordingly. Eventually, all surviving copies of the virus would be immune to all the scanners. If it propagated as fast as Melissa, and was a bit stealthier (more stealthy?), it could infect a whole lot of computers, sitting right under the nose of scanners that thought their systems were clean. Disclaimer: I don't write viruses, so I don't know if what I propose is possible or even has been done already.
  • What is needed is a more biological like approach where those computers that become infected die and remove their operating system from the code gene pool.

    I am suprised that this approach, of dropping an OS that becomes infected and switching to a new variant that was not infected, was not mentioned in the article. It would certainly be a lot simpler that an all that processing and message passing.

  • According to clonal selection theory, our bodies can react to every conceived and nonconceived antigen.

    I think in reality there are epitopes that the immune system will not recognize. Some people have advanced the theory that this is why there is a lower limit to the size of the immune system, if the system gets below a certain size the gaps are big enough that immunological functions are a net minus to the organism. Rev. Modern Physics that an interesting article on this a while back.
  • You know, before I even hit submit for that post, I already knew some clueless fool was going to say the obvious... well then, without further ado...

    The definition for both biological and computer viruses is a entity (program) which inserts itself into another entity in order to propigate itself.
    I guess this means when I get a plugin for netscape, that's a virus? Or how about when I upgrade my system from windows 95 to windows 98? My my, by your definition, that would be a virus too. What about the "melissa virus" I described above. That was only an e-mail attachment. It didn't insert itself into anything.

    Any time when system performance or integrity drops because of the virus.
    So I should immediately upgrade to Linux, dispite corporate policy saying that I'll be fired if I do so? Afterall, running Windows *does* lower both system performance and integrity. Whups. Try coding something (anything), that can detect "system performance or integrity drops" - and determine that it's a virus, and not somebody playing solitare.

    Humans are machines, so this is not a logical comparison.
    Gosh, last time I took a shower, I didn't start rusting. Funny, maybe I missed something? And I guess when my HDD dies I should be sued for "wrongful death"? Sorry, but the distinction is obvious. If you can't tell the difference between a human and a machine, you've been spending too much time on hold.

    You know, the whole point of my post was that you can't code away stupidity. People need to use their computers responsibly. That means regular maintenance, an understanding of what to do when it breaks, and practicing safe hex. If you can't do that, return your computer, and stay the #$@! away from mine!

    --
  • I have to agree with an earlier AC posting to this article. The approach is fundamentally flawed because it uses the past to predict what is happening in the present as it's guidepost. Such a system could easily be subverted by simply doing such operations at a very low frequency, and ramping it up until the system believes it is "normal". Such tactics can even fool people - as any sysadmin will tell you.

    Besides, how would you be able to tell the difference between a system administrator modifying sendmail's configuration files, and a systems' cracker trying to bypass security? They both look the same in my version of syslog.

    --
  • Sure, no problem. Just solve the Halting Problem
  • Given that human beings started as a bunch of random chemical reactions in the sludge, what're the chances of artificial life being created in a similar way?
    Say hypothetically theres a script which generates thousands of files of random bytes of random length which are then run as if they were executables, anything which actually runs is "mated" with other files to produce offspring. Could it be possible to create artificial life in this way?
  • if the system gets below a certain size the gaps are big enough that immunological functions are a net minus to the organism.
    Why would immunological functions be a net minus to the organism in such a situation?

    Is it because the energy, nutrients, and cells required to perform these functions (with such a small immune system) would detract from the overall health of the individual and it's ability to overcome the obstacle?
  • The program was called "gatekeeper". "Gateway" is a computer manufacturer with the customer-service record of your average virus.
  • Can't wait until some antiviral/immunity heuristic recognizes that things like Windows Update are inherently viral or wormlike in nature...

  • that is a definite problem...but not the exact problem. Autoimmune diseases that attack healthy cells and such would be disaterous to a computer. imagine it! "Look...this file...io.sys...looks sick to me...wipe it out!!" "ummm...its not booting up...ummmm" The prospect of losing control of what and how my computer deals with virii scares me. Isnt the entire idea of a computer to have an scintila of control over what it does?
  • Why do you think that monoculture would be more robust? It doesn't normally work that way. Viruses *MuTatE*. They are much less picky about mutations than you normal body cell. So you end up with lots of different versions of the flu. If it's lucky, one of these will be the next SuperFlu! and will spread around the world quickly.

    (Lots of suggestions deleted: I don't think these ideas improve the world by being shared.)
  • I am suprised that this approach, of dropping an OS that becomes infected and switching to a new variant that was not infected, was not mentioned in the article. It would certainly be a lot simpler that an all that processing and message passing.

    Is this not what new kernel versions are? And why *nix is resitant to most Virii (sp?) because of the long, evolutionary process that has occurred over the last 30 years?

    The process already exists. It just takes time. And floppies.

    "I'm sorry. Humanity3.0 was wiped out unexpectedly, but a few had managed to upgrade to 3.1 in time."

    As an interesting aside, anyone read Pat Cadigan's "Synners" regarding the propogation of a computer virus in an unchecked environment?

  • Ooookay. I'm suprised nobody has posted this yet. Name one thing that a human can do that a machine cannot. Detect patterns. People have a remarkable ability to see patterns in data. Sometimes they are somewhat overzealous and see patterns where none exist. Computers are incapable of that. If they could, we would have the beginnings of *real* artificial intelligence. So what is this article about really? Symantec, Mcafee, and company just created a new buzzword. It's like "MMX" or "ActiveX" - mean-nothing phrases designed to lure people in.

    Now, let's assume that they really *did* have technology to "detect" viruses... Define a virus' behavior for me. Ummmm.... okay. That was a tough question. Let me give you another one - define behavior that is considered "harmful" to a computer user. Yes, installing windows 98, but I need more than that. Oh. Can't come up with anything their either? Bummer. Now you see the problem. If you can't even define a virus' behavior, how are you supposed to tell the computer how, short of creating real artificial intelligence?

    --
  • Forrest (and her grad students, one of whom I've met) have discovered that relatively short patterns of self-like behavior are easy to spot and cover most normal behavior of a system.
    For instance, system calls in Sendmail. You might find 20 some patterns of system calls that correspond to almost all of legitimate behavior. But, when someone hacks or tries to hack Sendmail, the known patterns don't match anymore. After this happens for a bit, the system can sound an alarm.

    This works very well in several different areas and they have published many papers on the topic.

    Now, getting this to work for viruses might be a bit more difficult. But for misuse detection, it may be just what the doctor ordered.

    Also, I wish that more posters would read the article closely. Some of the responses are way off base.
  • And how then will this Antivirus tell the OS from the viruses in Windows case?
  • Actually, I'm surprised there aren't more Linux viruses. Perhaps nobody has bothered to write them, or perhaps the people in Bulgaria (the single largest producer of virueses) are all still running DOS.

    Playing around on my friend's Linux system, on which I have a normal non-privilaged account, I've rooted it at least 6 or 7 times. A virus could do the same thing. Once it has root access, Linux isn't any safer than DOS is.
  • No, grep does not qualify. I said *detect*, as in see a pattern without you telling it where to look. Take this example:

    Red. green. red. green.
    What's the next color?

    How about this: 2 3 5 6 7 9 10 11
    What's the next number?

    Get a computer to do that, and you'll be world-famous.

    --
  • This is probably actually the largest problem.

    Everyone's heard about that story when the guy's antivirus software "detected" a virus, but it was actually Win95 being installed. Probably the major hurdle in an "adaptive" antivirus software will be that it will trigger all sorts of false alarms when software is installed.

    We run our computers differently than we run our bodies - we're always installing software and such, some of which may run system-level commands. So the analogy is like getting biological implants all the time - our immune system frequently rejects implanted organs or some prosthetic devices. And there's really no way around it - the more vigorous the immune system, the more it's going to reject things which are not part of the "self," viral or not.

    If the adaptive anti-virus software is really modeled after biological immune systems, I'll bet it our computers will be breaking out in rashes every time we install new DLLs or update the Registry. Well, where Windows is involved, anyhow.
  • "Because antivirus programs can only identify the viruses they already know, they aren't effective against the 10 to 15 new viruses created every day."

    I mean, this is just so much bullshit. Heuristics have been around for a very long time, and it works reasonably well, assuming there can be interaction between an intelligent user (the famous oxymoron) and the AV so that any false positives can be detected and ignored. I wonder how many uninfected 'shareware.exe' the antivirus vendors with the most aggresive heuristics got a day because of users. That's probably why the suckiest vendors (can you say: McAfee?) doesn't use heuristics to any great extent (at all? Been a while) - they just can't be bothered. A copy sold is dollars made, anything more is just a pain in the butt.

    "Because programs and operating systems are not usually designed with security in mind, antiviral programs will always be behind the curve"

    This however is correct. The thing is; if these systems come to use and work reasonably well, a lot of effort will be spent by the virus writers 'catching up'. The AV community have _always_ been behind, and I don't see that changing anytime soon. That kind of security would require something like the java security model where every program must beg for every right. "May I please open a file?".

    The overhead is just too large, it will never happen. (I will deny ever saying this if I'm proven wrong :-)

    /%/)+Eddy

  • Organisms have redundancy at the level where viruses don't exist -- virus works at the level below cell, all organism's functions are performed at the level above cell. Small number of infected cells can't affect the functionality of organism, and this allows immune system to detect virus before becoming incapacitated. Winning strategy for a virus is to multiply fast enough to cover the damage done by the immune system, and transfer to someone else in large quantities -- so enough cells at eny given moment will produce copies of the virus even if large percentage of those copies and cells are being destroyed. HIV can damage the immune system, however strategy that relies on that is very dangerous for a virus -- because other viruses are constantly around, its damage to the organism can cause death faster than virus can be transmitted to others, and if, say, HIV was transmitted over the air, it would cause huge epidemy and die out just because there will be no people around to carry it. HIV survived because it's carried without noticeable damage for a long time and has chance to be transmitted before seriously damaging the immune system.

    Computers perform all their functionality at the same level as "viruses" -- single disruption of something important changes the behavior of computer as a whole. This means that relatively simple virus has a good chance to render any immune system useless. Also the damage to "immune system" can remain unnoticed for a long time -- it's not like everyone constantly runs infected binaries. This makes any actions that specifically target "immune system" very efficient -- damage the thing that transmits your signature anywhere, or the thing that fixes executables, and you are safe. However all kinds of "passive" defense (uid/ACL/chroot/sandbox/jail-like mechanisms), while nonexistent in biology (because there is nothing to make them from but cells, and virus attacks cells) can be easily made in computer system -- if system is designed well enough, one can be sure that virus can't touch anything outside some set of things, and those things can be limited to something more or less expendable.

  • it would be easier to upgrade your computer by pouring sand into it, then zapping it with lightning.
    -Crutcher
  • I would venture to say that there are a great many things that a human can do that a machine cannot do. Original thought and emotion are two things that leap immediately to mind. Another would be the design of the machine in the first place. Machines can certainly aid in such tasks, making a great many things easier, others possible, but they can't do a thing without humans controlling them. Much like a hammer can't pound in a nail all of its own ambition.

    Virus behavior, that is probably just about impossible to nail down, as in humans computer viruses vary so dramatically in their effects that it would be very difficult to neatly define their "behavior". That doesn't mean that it would be impossible to detect the presence of a previously unknown virus. Our body does it by noticing changes from normal operation in cells (different proteins on the surface, dna messed up, etc), and it (the immune system) isn't intelligent in the conscious sense (as I think you were referring to). A similar type of thing shouldn't be impossible to impliment on a computer either.
  • Organisms have redundancy at the level where viruses don't exist -- virus works at the level below cell, all organism's functions are performed at the level above cell.

    Except for single-celled organisms.

    ...if, say, HIV was transmitted over the air, it would cause huge epidemy and die out just because there will be no people around to carry it.

    Well that's not exactly true, but I guess you know that, based on the next sentence:

    HIV survived because it's carried without noticeable damage for a long time and has chance to be transmitted before seriously damaging the immune system.

    Very true. And it would remain true even if HIV were aerosol-vectored. In this case the vector is less important than the long delay before onset of symptoms and death.

    Even quick-killing viruses can survive, provided there is another host organism around. If virus X kills every human it infects, instantly (before it has a chance to spread) it might still remain viable if there's another (non-human) organism that it kills slowly, or that it can infect without killing.

    I don't know if there's a parallel in computer viruses. Something that spreads slowly and is nearly undetectable in some systems, but renders others instantly inoperable?

    Maybe even code that confers some benefit on (some of) its hosts. One might consider useful applications viruses then. Once they get into your computer, and you see how useful they are, you promote them and/or make copies for others.

    It's survival of the fittest (code).
  • No, you upgrade to Office 2000.
  • and with the biological model come...adaptive antivirus programs which incorrectly target the host? (arthritis, etc.)

    Also, this won't really detect Trojan Horses will it? The majority of damage, I'd say, are from Trojan Horses...due to simple human stupidity...not the cleverness of the program. Will an adaptive immune system realize the human is defective and send it to security training?

  • This is exactly the sort of thing Douglas Hofstadter has been working on for the last N years, with some success. Check out:

    Fluid Concepts & Creative Analogies: Computer Models of the Fundamental Mechanisms of Thought.

    It's a paperback, gold & black cover with fancy cursive writing.

    He uses puzzles of the exact sort you describe - continuing sequences, rearranging letters, etc - to tease out the fundamentals of intelligence. It's a fascinating book whether you are interested in the way the human mind works or in ways of analysing complex situations via computer.

    -Mars
  • NEWS: Viruses are good for GDP, therefore good for the country:

    If it weren't for the "sickly, AIDS-infected" MS-DOS + Windows, the whole Antivirus industry would never exist!! Think all of the jobs that could be lost if people switched to alternate OS-es... Better not slap MS with a DOJ penalty, 'cause what's good for Microsoft is good for the country.

    Side note: It's funny how every computer with Windows on it now includes an antivirus scanner too. I guess there's not much profit in it or else we'd have Microsoft Virus Explorer by now. (Oh wait, that's the VB Macro writing software)

  • This isn't a new thing. The "competent" AV software providers have been doing this for at least 6 years under the name heuristics. It's just looking for new viruses that have similar characteristics to known ones.

    The analogy to the body is a poor one though. In nature you sacrifice species that can't compete against the viruses (not that I would be sad to see some companies selected out.) In computerland if the software says "restore from backup, you're dead" people aren't going to accept that. Computer users demand 100%, something that just doesn't happen in nature. We're also not constantly adding new organs and such to the body that need protection because they insist on keeping their hearts on the outside of their body for ease of surgery instead of inside where they are hard to get at.

    It is a nice idea to have "active update" capabilities to your system but you'd better be sure that it can't be compromised or you'll have one super way to put more viruses in the system.
  • This can't work. For one, the virus would have to be as big as teh virus checker, and likely bigger. How could a virus see how it was being detected? It is read, and the data is processed in a way that the virus can't see. Mutating viruses would have to be random--no other way works. Self mutation requires intelligence. Just think about evolution--a worm doesn't change itself after a bird eats it.
    Anyway, I don't think this approach is at all feasible, and I suspect it would help if you didn't use the word see--viri can't see.

Slashdot Top Deals

FORTRAN is not a flower but a weed -- it is hardy, occasionally blooms, and grows in every computer. -- A.J. Perlis

Close