COMMENT The fight against viruses, worms, Trojan horses and other digital pests may seem futile. But Peter Cochrane has a plan for eradicating the latest computer security threat.
The computer virus is, it seems, as unstoppable as its biological forebears - and possesses the same appetite for evolution.
As the internet grows and our computers become more powerful, so do the viral attacks. It seems like only yesterday I surmised that the most successful form of artificial life we had yet encountered was indeed the computer virus, because of its ability to propagate, mutate and survive. But even more sophistication has quickly arrived in the worm, Trojan horse, spyware and spam - and there seems no end to the evolution of this modern curse to IT.
The bad news is: The next-generation threat is already here. It's a 'bot', or virus-like infection under the remote control of a distant computer, network or individual. This new threat exploits vulnerabilities in security subsystems and in some modes makes use of normally unused ports and channels, and can therefore move about on the net unnoticed and undetected. Yes, we now have thousands of bots trolling the internet, connected in a so-called 'botnet'. In an interesting twist, the latest evidence suggests that these new systems are gaining in intelligence and sophistication, and becoming evermore lifelike.
Unlike conventional viruses or worms, bots don't blindly roam the internet looking for victims. Instead they target and invade the most vulnerable hosts on a pre-organised hit list. Biological or what! Of course, such a wonderful technology has been picked up by spammers, who recruit botnets to send bulk email and create even more misery for millions of internet users.
Is there no end to this? It would appear not. As soon as we find a solution to defend ourselves against existing threats, they evolve like some nightmarish biological disease to rise again as a different variant to wreak even more havoc.
In the near future, we are most likely going to see denial-of-service attacks and other forms of disruption organised on a massive scale by robotic networks working in alliances to overcome individual websites and giant corporate networks alike.
Probably the worst feature of the new bots is the ability of the perpetuators to remotely modify and adapt their creation as it becomes less effective in the face of smarter defences. It is almost like having the hand of God remotely tweaking the genetic pool of a life form to speed up evolution. Rather than waiting for trial and error to show the route to even greater success or disruption, a combination of machine and human intelligence is being applied.
The good news, if you can call it that, is that bot technology is in its infancy and the number of reported infections to date is in the hundreds of thousands and not the hundreds of millions. This means we have a little time in hand to get protection measures in place. But my impression is that the industry is behind the game and we are currently very badly exposed. Given that any two computers on the net are separated by between four and five intermediary machines, it would only take a few hours for a major pandemic to build up in those machines and networks lacking adequate protection.
On my home and office networks I have firewalls and on each computer I have virus protection software. To date I have not had any serious problems, but I can always find at least six viral infections lurking in some corner of any one machine. In principal every email is scanned and any viral infection is dealt with immediately, but there is always a chance something will slip through. Using a non-standard operating system helps a lot, and certainly those machines that use standard systems are at considerably more risk and do suffer noticeably more contamination. All I can say is: Be careful, keep all your protection programs up-to-date, scan regularly, isolate and delete anything that looks suspicious and don't open any attachment from an unknown source or of an unrecognised designation.
In view of the billions of pounds being lost by commerce due to these mounting viral attacks, in all their varied and evolving forms, it seems to me that it's time to do something fairly drastic. In recent weeks, airline booking and check-in desks, hospitals, schools and companies have been IT-disabled for days by a single, badly written virus. To my mind it is time to derive and define a 'killer bot' capable of sniffing out and neutralising offending bots, viruses, worms, Trojan horses, spyware and spam programs.
How hard could it be? Not very for sure, and if done in league with the network, equipment and software suppliers, the global communications reaction would be near instantaneous. It is probably the only way we are going to see a viable internet in future, and given the huge resources of industry compared to the evildoers, it should present an insignificant problem. Doing nothing really is no longer an option - the longer we wait the worse it will get, and the bigger the risk involved.
To check out the efficacy of such an approach, I recently took action against a persistent nuisance that was causing me and my network some grief. Ultimately I resorted to mirroring this nuisance, and magically it went away. It appears it didn't like its own medicine!
Drafted at my home late one evening after a routine scan of my machines and the surprise discovery of five unknown, but isolated, virus attachments in deleted emails. Dispatched to silicon.com from the Ipswich to London train via a 9.6Kbps GSM connection.
Comments
There are 12 comments. Join the discussion
1. jfb3
You're attributing evolution to the bots and virii. Actually it's the creativity and willingness of the creators to devote time and effort to their maintenance that makes them evolve. There is a ~big~ difference between the two arguments. The bots don't learn, the virii don't evolve. The creators do.
2. Knut Boehnert
Stopping someone from breaking the law by breaking the law?
Wild West scenario: If you shoot my friend, I shoot you?
With laws governing the cyberspace more and more how long will self defense be an argument to bail yourself out?
There are lot of moral and legal questions about this approach. If I do like the one attacking me - am I not just as bad and rotten? My actions are just as bad and legally unjustified then.
The only solution is really a global defense organisation working like a defense ministry an that is supported by all governments and funded by companies and run by staff from software companies.
Realistic? Maybe when the world is united.
3. dotbob
Have you seen Terminator 3?
The AI responsible for the final all out missle attack initially forced its creators to release it into the wild to deal with seriously nasty viri which it, itself had created. Once released, BOOM!!!
Todays events are spookily following the course of that story.
Beware, Judgement Day is at hand <GULP> ;o)
4. mc
Totally agree with jfb3.. there is nothing intelligent about the bots themselves, they are simply being programmed with more features. A bilogical virus would mutate and adapt. Computer viruses are just re-released with countermeasures..
5. Simon Heywood
Sounds like a phagocytic cell. That is a cell, such as a white blood cell, that engulfs and absorbs waste material, harmful microorganisms, or other foreign bodies in the bloodstream and tissues.
Good idea, but who do you put in charge of it?
6. anonymous
Pah! Orthodoxy and ignorance - heresy here.
Computer viruses don't mutate and evolve. Programmers change viruses. It's intentional and directed.
+ the vast bulk of viruses and worms attack MS Windows systems (whether you count by number of machines infected or number of different pieces of malware).
+ the attacks succeed because of poor design of protocols (authentication, encryption), API's and coding (buffer/stack overruns for the most part). There are no other significant classes of problems.
+ make Microsoft responsible for fixing the problems, not the user (or a third party AV and spybot remover licensed by the user).
The design choices that cause these problems are made by Microsoft, behind closed doors.
I don't see why I have to pay Microsoft for an OS and then pay a third party for patches to make it run halfway right. I expect *tested* and *integrated* fixes to make the product I bought, work properly. Not patches that have to be tested in countless combinations to see what other patches or installed software will be broken.
If this was hardware, I could return it as "not fit for purpose" but for some reason we let people get away with saying "oh, it's hard to do this well, so live with it; oh and here's a bill for the next version which fixes it, wink, nudge, nudge". I've heard "more reliable" from Bill's lips since the PC World Keynote when he launched Windows 3. It was a lie then and it is still a lie.
Require that Microsoft proprietary protocols be openly inspected, and only when approved by the IETF, CERT, FIRST, Bugtraq/SecurityFocus groups, are they allowed out of the lab. Force all code to be written in languages that resist attack (e.g. stuff without explicit pointers, things that don't execute off the stack, etc).
Microsoft is the greatest threat to any company at the moment. All your work across your entire company could be destroyed because Microsoft ship crap and charge you for it and then get pissy if you haven't installed the exact set of unspecified patches that let you navigate to a system that works and is moderately safe against a known set of attacks.
That's the problem. Not the virus, not the worm, but shoddy, uninspected code written by arrogant programmers divorced from the daily misery they cause.
Yes - I don't run Windows on any critical systems any more and it saves me at least one and perhaps two days of meaningless administration per month. That's about 10% productivity penalty from using MS and having to keep up with all the changes in AV and firewall and patches and responding to users with AV quarantine messages and so on. If I could get rid of the MS Windows spawned spam, I'd save another half day or more per month.
7. anonymous
Reading the comment about breaking the law, it seems that the point has been missed.
If the defender-bots are running on machines that have authorised their use and are zapping the bad bots, where is the illegality in that ? Denying access to your own resources by unauthorised code surely cannot be seen as illegal. It may fly against the established convention of information wanting to be free, but the corruption or coersion of this could be argued as one of the reasons that we have this problem.
Isn't this advocating a network of machines along the lines of the grid computing efforts, to crack the human genome, find cures for various ailments and download potentially illegally copied copyrighted material, in a bid to reduce the amount of malware ?
8. anonymous
Wasn't Netsky supposed to be a killer-bot for Mydoom? Look where that got us.
Peter, I don't suppose that is what you were referring to in the last paragraph, was it?
(Just playing devil's advocate. ;^) Enough said.)
9. anonymous
Microsoft or a government has probably created a "black" (in the military sense--secret and hidden) team to propagate viruses that kill other viruses. While disturbing, it's probably a good idea.
10. royston
computers are only as good as the operators that program them and use them.full stop.but as for the liveing virus issue, your brain is a sophisticated bio electrical computer.give you a bad enough virus that effects the brain only and bingo,DEAD! computers are simple(very simple) brains.not alive in our sense of it but still simple brains.they are not alive because they are too simple to be so.the time will come when that sophistication will come about though and neural networks will come into existance.a human or a group of humans will be its creator.it will learn and it will think it is alivemuch like we think and know that we are alive.there is a chip in existence (an experiment )that uses a simple virus on a silicon wafer that when a voltage is suplied it forms right angles etc.....this is the basis for a LIVEING CHIP.SO DONT TELL ME THAT COMPUTERS WILL NEVER BE ALIVE. a virus based on this technology can and will in the future be ALIVE and moveing around like you or me except it may be in the law or police dept to weed out crooks, effectively being the first human virus policemen(if you understand me) the mind boggles.
11. anonymous
I'm in agreement with Anonymous of Bedford and I have indeed returned software as unfit for purpose on more than one occaision. Of course, it's a bit of a problem when it's a shoddy operating system, we're kind of limited for choice, arn't we.
I'd suggest introduction of regulatory standards from the E.C. Such standards would be a bit more worthwhile than those specifying the acceptable bend in your banana, the length of your cucumber and the contents of your sausage!
Of course it would require a great deal of resources and time. However, industry has often demanded or had imposed standards which prevent the manufacture and sale of shoddy goods and provision of services. I don't think software vendors should be free from similar requirements.
As for software patches, why are they not given for free in all cases. After all, if a bit fell off your new car while it was still under warranty would you expect to pay for its repair. Of course not!
Oh yes, and bots to kill bots. Only if you really have to, and it's got to be done by some body we all trust.
12. Deakster
Firewalls people? A firewall will stop most of these problems. Viruses generally don't use ports but ddos bots do, sasser does. Everyone should get a firewall.