Home > Articles > Security > Network Security

  • Print
  • + Share This
From the author of

Defining the Virus Problem

Currently, no standard definition exists for a computer virus. In fact, the term has been debated for the 20 years since these viruses were first described. [1] For purposes of this article, let's just define a virus as "a self-replicating pathogen." A pathogen in this context is any agent designed to generate harm to a computing system or network. Self-replication means that the virus can copy itself (either locally or across a network) without user input. This broad definition of computer virus includes what some call computer worms.

Current antivirus solutions are inadequate. [2, 3, 4] Although software to protect against computer viruses is in widespread use, [5, 6] each year viruses cause $10–20 billion in damage worldwide. [7] The average business currently spends $81,000 to clean up after each virus outbreak. [8] The Code Red virus itself is estimated to have cost $2.5 billion worldwide. [9] In fact, Code Red still exists in the wild nearly two years after it was first released, and some researchers have shown that the Internet might remain infected with it indefinitely. [10]

The growing threat from wireless devices could amplify the danger. For example, viruses that infect wireless devices already exist. [11] Moreover, hundreds of millions of smartphones will soon be potential victims. For example, Microsoft Corporation reported that it's "only a matter of time" before their Windows Mobile Smartphone platform is attacked by viruses. [12]

The explosion of hundreds of millions of such "smart" handheld devices as personal data assistants (PDAs) and smartphones poses a double risk. On the one hand, these mobile devices generally lack antivirus software and have little or no security architecture. On the other hand, they often incorporate multiple communication protocols and methods for data transfer, which can increase the number of virus vectors. For example, a typical handheld device might allow data transfer via WiFi, GSM/GPRS, memory cards, infrared beaming, desktop synchronization, Bluetooth, and firmware upgrades. Each one of these data-transfer mechanisms can increase the opportunity for viruses to spread. [13]

Because current antivirus solutions are inadequate, there is a pressing demand for new techniques. [14] One controversial area of research involves using "good" viruses to counter pathogens. The concept of a "good" virus is not new. [15] Although some researchers have argued against using beneficial viruses, [16] others have extensively countered these arguments. [17, 18, 19]

In fact, such "antivirus viruses" already exist. For example, the Cheese worm [20] automatically seeks out and patches hosts (vulnerable computers) that have been exploited by the Lion worm. [21] Another example is the Nachi worm, [22] which searches for machines infected with the Blaster worm, and then repairs and patches the infected hosts. Similarly, CRClean [23] is a passively spreading worm designed to counter the Code Red worm. Instead of actively spreading, CRClean listens for incoming Code Red probes from infected hosts. CRClean then attaches itself to the infected host generating the incoming Code Red request and patches the infected host.

Antivirus viruses such as these already exist. Examples such as the Nachi worm [24] have been limited by their poor quality. [25] However, this problem can be addressed by introducing quality-control mechanisms. [26] One area of research involves self-replicating "vaccines" that use attenuated (weakened) strains of live pathogens in order to boost global immunity on the Internet. This type of computer vaccine is modeled after its biological vaccine counterpart. Such a vaccine would benefit from being open source for transparency. In addition, it should be developed under the umbrella of an international monitoring body, analogous to the World Health Organization for biological viruses. [27]

  • + Share This
  • 🔖 Save To Your Account