From "The Sunday Mail", page 53, October 15, 1995.
Secrets of the
V I R U S by Phil Waga in New York
H O U S E
The gleaming glass office building doesn't
look at all ominous, but it holds plagues
which could easily torment computers around
the world.
The viral booty - mountains of floppy diskettes with more than 6000
computer viruses - is carefully safeguarded.
A padlocked steel bar runs from the top to the bottom of the cabinet
holding the disks. And the cabinet is tucked into a locked laboratory
protected by, among other features its caretakers are reluctant to discuss,
infrared motion detectors.
"I'd be rather unhappy if any of this got out," Steve White, the laboratory's
senior manager, said in his usual understated manner.
He'd actually be than rather unhappy because the laboratory operated by IBM
as part of it's Thomas J. Watson Research Centre, has one of the biggest
collections of computer viruses in the world - killer viruses which can
drain computers of every ounce of information - and benign viruses which
just harass users.
The viruses, regardless of what they do, are becoming an increasing problem
at home and at work.
The "creatures" receiving all the attention are tiny programs written
deliberately to hide out in legitimate applications and then move
covertly from one computer to another.
While even the most costly anti-virus software usually costs less than
$US150 (about $A195), researchers say virus writers are becoming an
increasingly sophisticated bunch.
IBM's array of more than 6000 viruses is in sharp contrast to that of less
than a decade ago when fewer than half a dozen harmless viruses existed.
Today, hackers committed to either wreaking havoc or merely flirting with
computer users are creating three to five new viruses a day.
Viruses have appeared on every continent, striking millions of PC users and
tens of thousands of businesses.
The August debut of Microsoft's Windows 95 operating system for desktop
computers was quickly followed by a virus aimed at the program. The new
virus is relatively harmless, limiting itself largely to flashing the
numeral "1" on the computer screen. The virus can also make it more
difficult to save documents.
Users who examine the virus more closely are greeted by the message: "That's
enough to prove my point".
Reseachers also make the point that viruses of all types are of the fast
lane of the superhighway. Strains multiply as more computer users trade
disks and join computer networks.
Even corporate networks and electronic mail provide fertile breeding grounds
"Everyone talks about computer viruses and agrees that they're a problem,"
said John Mann, an analyst at the Yankee Group, a market research firm in
Boston.
"But they're going to be a much bigger problem down the line - and not far
down the line."
To try to interrupt that line, IBM unveiled its latest virus-buster in July
- IBM AntiVirus.
With different versions available to single users for US$49 (about $A63) and
businesses for varying costs, the software is said to be able to detect
and eradicate just about every virus known to researchers.
But the program also takes a leap forward by scanning a computer's memory
hard-disk and floppy drives for new breeds of viruses for changeable
characteristics which can avoid detection by other anti-virus software.
IBM's software also attempts to detect as-yet unknown viruses by scanning
systems for appearances and behaviours characteristic of viruses.
The war between virus fighters and virus writers is intense because research
indicates that american companies lost at least US$100 million ($A131 million)
last year from viruses which brought down systems and destroyed data.
Striking across the board viruses hit Merriam-Webster, which had to recall
copies of computer programs featuring its dictionaries, to the Canadian
Government, which had to recall disks outlining its budget.
For all the damage viruses have done, there's little information on the
authors.
Steve White said the prevailing theory was that virus writers were young
- many even teenagers - and they didn't number more than several hundred.
"They think it's cool to create a virus and show what they can do," he said.
And tracing an infected disk is close to impossible. It's like getting the
flu and trying to figure out how you got it"
Trying to figure out how to battle viruses has become a major industry, with
hundreds of tiny companies issuing anti-virus programs, and some two dozen
large firms controlling much of the market.
Analysts agree that the big three, all based in california, are McAfee
Associates Inc and Symantec Corp., which specialise in anti-virus work,
and chip-maker Intel Corp.
IBM, which issued its first anti-virus program in 1986, is in the top
dozen, analysts said.
But they added that IBM's potential was vast because of its positive name
recognition with desktop users, its deep reach into large corporations,
its reputation as a computer powerhouse and its widespread, high-priced
research operation.
"Just because its IBM - and also because its done very good anti-virus
work - IBM is already a player and quickly becoming a much bigger player,"
said Kurt Schlegel, an analyst with the META Group market research
company.
IBM customers say its overall anti-virus offerings, as well as its July
release, detect and erase more viruses than competing products.
At Duke Power, a utility serving 1.7 million customers in North and South
Carolina, computer security chief Jim Appleyard said 8000 office PCs had
been using IBM anti-virus products for two years.
"Before that, everyone had one anti-virus program or another, and nothing
worked very well," he said.
At US trust, a New York based bank with trust fund holdings, security
specialist Ralph Langham said the company averaged 15 infected computers
per virus before becoming an IBM antivirus customer. The IBM products
helped detect viruses when they were still limited to infected disks
and had not yet spread to PC's he pointed out.
So among the 1000 PCs now using IBM antivirus software, the infection rate
was now less than one machine per virus incident.
IBM and other large virus fighters are working on the next frontier in
the virus world - an immune strategy for eradicating viruses.
Researchers hope the new system, different from existing software which relies
largely on fighting known viruses, will be available in about two years.
Based loosley on the science of the human biological immune system, the
new work calls for creating technology which identifies unknown programs
or changes in computer systems and then launches decoy programs.
The presence of a virus would be confirmed if decoy programs were infected
and the virus-buster would then erase the offending program.
"It won't mean the absolute end of viruses, but it will go a long way
to ending many of them," said Jeffrey Kephart, an IBM scientist leading the
immune-technology research.
Mr Kephart, 37, is one of 20 researchers and developers who work in the
anti-virus laboratory, formally called the High Integrity Computing
Laboratory, a low-slung rectangular room encircled by PC's.
Each unit operates on an isolated system and new viruses are allowed to
run rampant in a system while researchers study its characteristics and
how to destroy it.
Simple letters signs on the consoles state if a system is "infected" or
"clean".
One of the top virus fighters is David Chess who, with a beard, sandals,
T-shirt and an overall dishevelled appearance, looks more like he'd be
creating viruses than battling them.
But Mr Chess, 35, is a 14-year IBM veteran.
With little prying, he'll volunteer that most viruses are meant to do
nothing more than exhibit a hackers weird sense of humour. Viruses
cause PC's to play Mozart pieces, or freeze units on Sundays to order
workaholics to leave their desks.
"Cansu", a common virus, displays a V-shaped symbol on screens when
computers are switched on.
"Viruses aren't potentially very destructive, but they get into places where
they don't belong," Mr Chess said.
And no matter what advances virus fighters made, virus writers would not
be left behind, he added.
"There'll continue to be sort of an arms race between people who work to
develop viruses and people who work to end them," he said.
- USA Today/Gannet News Service
- VLAD #6 INDEX -