What Shall We Do With The Rampant Virus? 20-May-91

The computer virus is no longer headline news, but that does not mean it has gone away. Far from slowly dying away, the virus is an entrenched and growing problem for sections of the computer community. It has been estimated that at the beginning of 1990 there were more than 50 , and probably more than 100 DOS viruses. New viruses are still appearing , but what is more worrying is the projected growth of infection from already existing viruses. Because of the 'natural' autonomous growth of infection, computer viruses are apparently going to be with us in rapidly increasing numbers for the predictable future.

There are now efforts to control the spread of viruses, by using anti viral software, and by stricter control of the installation of new software. However it seems that these are likely to be outweighed by the factors which are helping the spread of viruses. These are primarily the increased use of local and wide area networks, and the coming of open systems standards which allow the sharing of binary executable program files. It is somewhat ironic that both of these trends are ones which most computer and telecomms professionals welcome, but they both carry a sting in the tail.

If we compare the spread of computer viruses to the spread of human diseases, we can see that the increased use of wide area networks compares with the increase in human travel, which itself was often the cause for the introduction of new disease epidemics - and indeed it still causes the spread of the regular new varieties of influenza. The sharing of executable files has been a great boon to software developers, public domain and shareware distributors, and bulletin boards. But it has the down side of being, in human terms, unhygienic. Sharing water supplies, eating implements - or worse hypodermic needles, has also been the cause of spreading human viruses.

Unfortunately, if we gaze into our crystal ball for the future of computing and telecommunications, we can only see the likelihood that things are going to get even better for the virus. The increasing use of networks, ISDN, digital cellular, wireless LANs, shared file services, lower cost of mass storage and PCs - all these factors make for an increase in the number of places for viruses to propagate and more channels for them to travel in.

The nearer we get to the 'Global Computer', the better the viruses will like it.

There was a somewhat disturbing BBC2 'Horizon' recently which described several very nasty 'emerging' human viruses. The cheerful viral detectives were speculating on a possible virus which combined the deceptiveness of HIV with the infective and lethal capability of other viruses. If you are optimistic, you can believe that medical science would hold its own against such a nasty agent. If you are pessimistic - make your Will now.

Something that bothers me about computer viruses is that it has taken them almost no time at all to implement the delayed action 'time bomb' effect of HIV. Being able to lie low for an indefinite period so that many copies can be spread around before swinging into action is one of the main reasons that computer viruses are so potentially dangerous. This trait can also lead to the situation where one computer file is infected by several viruses. Of course, computer viruses have the benefit (if one can call it that) of human intelligence, which itself knows about human viruses. Now, if they can develop the time bomb effect so soon, how long will it be before a more 'lethal' virus develops?

So what else can we do to protect ourselves in the future against malicious computer viral agents? If we look at our efforts to deal with human viruses, we can think of improved hygiene, vaccination, and (now) the coming of anti viral drugs.

Anti viral computer software bears some similarity to anti viral drugs. They both recognize certain viruses, or more probably viral fragments, and take specific action to eliminate them. They are both local in action, requiring 'injection' into the possibly infected carrier. Further improvements in computer hygiene will be necessary to limit the spread of viruses, perhaps helped by changes in computer hardware. Restricted function computers (limited to a single task), better operator practices, training and management, will all help to keep down the viruses.

Unfortunately, any attempt to treat computers in isolation does not solve the problem, it just reduces the growth rate, and so delays an eventual rapid rise to epidemic proportions.

Vaccination is a form of treatment which has no analogy in the computer world. The snag is that computers do not have an immune system. This is hardly surprising, when one considers the complexities of the human immune system which has evolved in competition with an enormous range of antigens over the last few billion years. Now, I'm not suggesting that we can equip computers with T cells, B cells, Interleukins, Macrophages and all the other bits and pieces of the human system. But perhaps we should give serious consideration to the development of anti viral software agents that can at lease compete with viruses on their own terms. In other words, they should be able to be copied and propagated in a manner similar to the existing worms and viruses. Their sole purpose would be to search for and destroy known and future viruses. They could of course announce their presence in passing, as opposed to the nasty virus. I have in mind something like 'Agent 007 passing through in pursuit of Chinese virus'

(apologies to Ian Fleming and William Gibson). It has been estimated that networking can speed up the replication of a virus by one hundred fold, why should we ignore this potential ally, and let the virus enjoy it alone?

Now this is a tall order for the software community, I know it would not be easy to develop such anti viral agents. Perhaps some of the ideas in evolutionary computing could be used so that the agents could evolve along with the viruses, though frankly I don't see how. Maybe the destruction of viruses should be left to the computer operators, with the agents restricted to locating them - I can see that it could be embarrassing for an aberrant agent to run amok and wipe out the contents of several computers before being humanely put down.

Any such development would require a degree of cooperation from the software industry. It could be that intimate knowledge of operating systems would be needed, or indeed that systems software should have some means of cooperating with friendly agents, or of providing them with enabling technology. This itself could be a dangerous move, since such facilities could be utilised by 'double agent' viruses. Perhaps they should be protected by encryption, but then who would keep the keys?

Even if friendly agents were created, they would need a leg up so that they could catch up with the growth curve of extant viruses. This could be provided by major software distributors including them on their distribution disks. I realise that such a move seems unlikely, but computer viruses are a novel problem - and novel problems require novel solutions.

Next Essay

Back to List of Essays

Back to Home Page