ZDNet UK

• CNET NETWORKS UK BUSINESS SITES:
• atlarge.com
• BNET UK
• silicon.com
• SmartPlanet.com
• ZDNet.co.uk

Viruses mimic 'worse-case disease'

• Tags:
• Virus,
• Worm,
• Verdasys,
• Disease

Published: 30 Jan 2004 12:10 GMT

• 
• 
• 
• 
• 

A worst-case disease for humans would have 100 percent chance of transmission, zero incubation time, and leave the host infectious for a long period.

Few, if any, biological diseases come close to that description, but many computer viruses do, said Daniel Geer, chief scientist at security firm Verdasys.

"A [typical] virus mimics the properties of a worst-case disease," he said during a keynote speech that kicked off the Black Hat Windows security conference.

Geer said that computer systems face threats that would be considered unacceptable if analysed from the standpoint of other fields of study, such as the risk analysis done by insurance companies or the medical establishment's study of diseases and epidemics.

Geer is well-known for co-authoring a paper that outlined the threat Microsoft's dominance poses to critical infrastructure. He is equally famous for subsequently being fired from a security firm that counted Microsoft as a client.

Yet the paper simply repeated ideas that were already known in the security community, he said.

The dangers of a software "monoculture is not a new idea," he said, adding that awareness of the problem is growing. "Nothing is so powerful as an idea whose time has come."

A proposal to study so-called monoculture threats was submitted more than a year ago -- well before the paper written by Geer and six other security researchers. The study gained funding from the federal government last November. Moreover, a committee of computer science departments from major universities in the United States pointed to computer virus epidemics as a problem that the government should give the most attention to solving.

Geer said that other industries have already learned the lessons of monocultures. Insurance companies, for example, tend not to insure all the houses on a single street because of the chance for a catastrophe: if one house burns, the others are likely to catch fire as well.

Geer said cross-disciplinary thinking has benefits, because computer security experts invariably come from some other field. As university students begin to graduate with specialised degrees in the subject, it is important to learn from other fields of study, he said.

"We must do our utmost to mine those fields for more information," he said.

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed