biological model of computer security?

[Miki Kocic]

If someone has already posted this, my apologies, but I haven't seen it.

There's an interview in an IS trade tabloid with a fellow who works for
HP labs in Britain. In it, he talks about the biological model of
computer security.

The idea is that computers are by nature binary - on or off, infected or
free of infection. But the human body is constantly somewhere in the
middle, constantly infected with some virus or another and constantly
coping with often multiple infections. Treating the computer like a
living body can lead to new ways of thinking about security.

Practically, let's say there is a virus that infects a computer and then
sends infected emails to everyone in the address book. The traditional
approach is to use AV software to clean out the virus. The biological
approach would be to contain the infection so it has the least effect on
the computer's operations. This means: (1) limiting the number of
interactions with various ports so only a small number of emails gets
out; and (2) applying a solution that helps the computer identify which
are legitimate emails so they get priority. So even though the computer
remains infected, the impact is minimized.

I don't know what you would do with an old-style virus that causes
impaired operation and data loss, but I imagine you'd help the data bus
distinguish between legitimate and viral processes and block off the latter.

What are people's thoughts on this?

Miki

 

[Joep]

I think the guy is high on something.

Practically, let's say there is a virus that infects a computer and then
sends infected emails to everyone in the address book. The traditional
approach is to use AV software to clean out the virus.

Yes, indeed, problem solved. The virus described is actually a worm by the
way ...

The biological
approach would be to contain the infection so it has the least effect on
the computer's operations. This means: (1) limiting the number of
interactions with various ports so only a small number of emails gets
out; and (2) applying a solution that helps the computer identify which
are legitimate emails so they get priority. So even though the computer
remains infected, the impact is minimized.

And then? Leave it there? It *still* affects operations, also the software
that 'limits' the worm requires resources as well. And then wait for the
next one to join and limit that one as well? How will the PC eventually be
'cured'? The more worms there are, although being 'limited', the more
resources will be required to monitor and limit them. There will be a
constant 'fever'. The worm will not go away by itself because it 'detects'
it is limited, so worm authors will have to cooperate on this.

 

[null]

If someone has already posted this, my apologies, but I haven't seen it.

There's an interview in an IS trade tabloid with a fellow who works for
HP labs in Britain. In it, he talks about the biological model of
computer security.

The idea is that computers are by nature binary - on or off, infected or
free of infection. But the human body is constantly somewhere in the
middle, constantly infected with some virus or another and constantly
coping with often multiple infections. Treating the computer like a
living body can lead to new ways of thinking about security.

Practically, let's say there is a virus that infects a computer and then
sends infected emails to everyone in the address book. The traditional
approach is to use AV software to clean out the virus. The biological
approach would be to contain the infection so it has the least effect on
the computer's operations. This means: (1) limiting the number of
interactions with various ports so only a small number of emails gets
out; and (2) applying a solution that helps the computer identify which
are legitimate emails so they get priority. So even though the computer
remains infected, the impact is minimized.

I don't know what you would do with an old-style virus that causes
impaired operation and data loss, but I imagine you'd help the data bus
distinguish between legitimate and viral processes and block off the latter.

What are people's thoughts on this?

My thought (and experience) is that prevention works. Far better and
much simpler to not allow malicious code to run on your PC in the
first place. And prevention doesn't necessarily require any antivirus
software or firewall or "protection" software of any kind.


Art
http://www.epix.net/~artnpeg

 

[optikl]

And prevention doesn't necessarily require any antivirus

software or firewall or "protection" software of any kind.

Then there was no need to shroud my desktop in latex?

 

[Nick FitzGerald]

There's an interview in an IS trade tabloid with a fellow who works for
HP labs in Britain. In it, he talks about the biological model of
computer security.

Was it Matt Williamson? I chaired the session at VB2003 in which he
presented a paper on this... (Well, on the _epidemiological_ model of
computer virus spread, but as he's from HP Labs, Bristol I guess he is
probably who you mean.)

The idea is that computers are by nature binary - on or off, infected or
free of infection. But the human body is constantly somewhere in the
middle, constantly infected with some virus or another and constantly
coping with often multiple infections. Treating the computer like a
living body can lead to new ways of thinking about security.

Practically, let's say there is a virus that infects a computer and then
sends infected emails to everyone in the address book. The traditional
approach is to use AV software to clean out the virus. The biological
approach would be to contain the infection so it has the least effect on
the computer's operations. This means: (1) limiting the number of
interactions with various ports so only a small number of emails gets
out; and (2) applying a solution that helps the computer identify which
are legitimate emails so they get priority. So even though the computer
remains infected, the impact is minimized.

I don't know what you would do with an old-style virus that causes
impaired operation and data loss, but I imagine you'd help the data bus
distinguish between legitimate and viral processes and block off the latter.

What are people's thoughts on this?

Such models work well under certain simplifying assumptions.

In the real woorld however, note that biological systems _very_ seldom
come close to "wiping out" a "pathogen" or "infector" as typically the
control mechanism is "symbitoic" (that is, the well-being of the
controlling organism, gene, "circumstance", etc depends (to some degree)
on the continued existence of some "background existence level" of the
infective (etc) agent.

Biological systems are also _way_ more complex so although very near
"perfect" systems for isolating yourself from computer virus and related
threats are actually (theoretically) fairly achievable, it is exceedingly
unlikely in bio-systems (making the usefulness of the analogy somewhat
moot, I feel...).

 

[Boyd Williston]

Was it Matt Williamson? I chaired the session at VB2003 in which he
presented a paper on this... (Well, on the _epidemiological_ model of
computer virus spread, but as he's from HP Labs, Bristol I guess he is
probably who you mean.)


Such models work well under certain simplifying assumptions.

In the real woorld however, note that biological systems _very_ seldom
come close to "wiping out" a "pathogen" or "infector" as typically the
control mechanism is "symbitoic" (that is, the well-being of the
controlling organism, gene, "circumstance", etc depends (to some
degree) on the continued existence of some "background existence level"
of the infective (etc) agent.

Biological systems are also _way_ more complex so although very near
"perfect" systems for isolating yourself from computer virus and
related threats are actually (theoretically) fairly achievable, it is
exceedingly unlikely in bio-systems (making the usefulness of the
analogy somewhat moot, I feel...).

Yes, moot. Like many arguments based on analogy, the proponent has
forgotten that there are often more differences than similarities. So the
conclusions, while perhaps interesting, are far from certain.

 

[Bart Bailey]

And prevention doesn't necessarily require any antivirus
software or firewall or "protection" software of any kind.

Just use the rhythm method when downloading stuff, huh? <g>

 

[null]

Just use the rhythm method when downloading stuff, huh? <g>

I've never found infestations of any software I've ever downloaded,
other than crap I've downloaded on purpose for testing. Sometimes I
wonder why I bother keeping my DOS scanners updated. They never find
anything. Neither do AdAware and Spybot. And I've tried tons of
freeware and utils. I can't imagine wasting resourses on useless
software "protection" when it's so easy to do it right.


Art
http://www.epix.net/~artnpeg

 

[kurt wismer]

If someone has already posted this, my apologies, but I haven't seen it.

There's an interview in an IS trade tabloid with a fellow who works for
HP labs in Britain. In it, he talks about the biological model of
computer security.

The idea is that computers are by nature binary - on or off, infected or
free of infection. But the human body is constantly somewhere in the
middle, constantly infected with some virus or another and constantly
coping with often multiple infections. Treating the computer like a
living body can lead to new ways of thinking about security.

perhaps, but i can see one critical difference between computers and
human bodies... that difference is huge numbers of human bodies aren't
constantly plugged into each other... human-human contact is discrete
and ephemeral, the way viruses and other pathogens are contained and
dealt with in such an environment does not translate well to networked
computers...

something else to consider, by the way, is that we can deal with
computer infections much *better* than we can with human infections..
if we could do to a human body what we do to a computer we would...

 

[Ka Khiong Kwok]

I've read about this too.
I think there was also some talk about applying that theory so that a
computer could be used to simulate the effect that a biological virus may
have on the human body. So basically, the computer would the test subject
and that a computer virus is written to replicate the effect.
It's interesting stuff in a way. Unfortunately, I'm so strung up on job
hunting these days I haven't read up more on it.

I wonder if there's a NG where guys like me could just go and bitch for a
while?

Regards,

Ka.

 

[Robin T Cox]

I wonder if there's a NG where guys like me could just go and bitch for a
while?

Try:

alt.depressed.as.****
alt.life.sucks
or alt.off-topic

Happy bitching!

 

[Ka Khiong Kwok]

Merci Beaucoup. :')

The joys of job hunting.

Have a great day Robin,

Ka.