Choose from over 20 free newsletters Compare prices on computing products

A Virus to fight viruses?


, IDG News Service\Boston Bureau
July 16, 2001, 18:05

ADVERTISEMENT

It flies in the face of most of the conventional wisdom about computer networks and viruses, but "virus writers can save the world," according to Cyrus Peikari. Peikari, a medical doctor and chief technology officer of VirusMD Corp., gave a speech to that effect at the Def Con hacker convention here Saturday.

"The unchecked proliferation of networks leaves society open to collapse," Peikari said. Drawing a medical analogy which ran throughout his speech, Peikari pointed to the Black Plague in Europe and small pox in Native American communities in the Americas. Both destroyed or severely set back civilizations and computer viruses are no different than other viruses, he said. Our society may face the same fate as those laid low by older viruses, he said.

That said, though, "viruses are need to stabilize global networks and to prevent the collapse of civilization," he said.

"It's no longer sufficient to immunize PCs - basically we need someone to immunize the Internet as a whole," he said. Current antivirus efforts are simply not good enough, he said, pointing to the continued success of viruses such as ILoveYou and Anna Kournikova, as well noting that most users likely do not update their antivirus software as frequently as they should.

Because of this, other methods of distributing antivirus protection must be found, he said. This method is the 'good virus.'

"Good computer viruses are not only possible but inevitable," he said, again pointing to the world of medicine where the vaccines for polio and small pox, among other diseases, are actually weakened forms of the viruses.

Though the idea of using one virus to fight another virus is likely to encounter a great deal of opposition, so too did the initial small pox and polio vaccines, he said. Initially, the small pox vaccine was dangerous and not completely effective, but as its use and research increased, it became safer, more widely-used and more effective, he said.

An antivirus virus would have to be open source, international and attenuated in Peikari's view. The 'good virus' would have to be open source for quality control purposes. The virus would have to be international because "you can't have individual governments releasing vaccines" that other countries might not have access to or want. Lastly, the virus would have to be attenuated, or weakened, so as to allow it to spread and be effective, yet not destructive.

Such a virus would have to be released by a cooperative of world governments or by a body like the World Health Organization.

"You need someone who knows how to track vaccines," he said.

Though Peikari does not yet have a working model for the 'good virus,' he hopes to have one up and running by next year.

During the question and answer portion of the talk, Peikari encountered a strongly skeptical audience resistant to the notion that such a virus would be safe and effective, or that a government could be trusted to work quickly of efficiently enough to be useful.

One audience member suggested that such a model for antivirus work is akin to sneaking a bomb onto a plane, blowing the plane up and arguing that such an act is beneficial as it will likely increase airport security. Peikari conceded that this was a good point.

Another audience member who took a less-than-favorable view of Peikari's theories was Sarah Gordon, a senior research fellow at Symantec Corp. Gordon, who worked on a digital immune system program at IBM Corp. before coming to Symantec, said that an antivirus virus is not stable or effective enough to be workable.

"There are more stable ways to do fixes," she said in an interview after the speech. Current antivirus programs offer automatic updates of new virus definitions and are more controlled, she said. Peikari's model would "(tend) to introduce a lot of instability."

Gordon also questioned whether Peikari's analogy with medical viruses was in fact accurate.

"Medical analogy only goes so far," she said. "It's admirable that someone is looking to a multi-disciplinary approach to solve the problem, but this analogy breaks down."

Humans are not computers, so what works for one will not necessarily work for the other, she said.

"Just because we use the word 'virus' doesn't mean we need a medical approach," she said. "This model is not something we're going to see in the near future. We have superior solutions to this already in place."

Peikari is not the first to advance the idea that a virus is the best way to fight other viruses. In May, a worm circulated on the Internet that attempted to fix a backdoor in a number of Linux servers left by the Lion worm. Antivirus and computer security experts took as dim a view of that attempt as Symantec's Gordon did of Peikari's theory.

Despite the skepticism of the audience, Peikari remained optimistic.

"Antivirus (companies) will be violently opposed to (the idea), they may never accept it."

Judging by the response of the audience and the computer security community, he may be right.

Def Con, in Las Vegas, runs from July 13 to 15.

VirusMD can be reached online at http://www.virusmd.com.

About us | Feedback | Map | Privacy statement

Copyright 2001 IDG.net