It
flies in the face of most of the conventional wisdom about computer
networks and viruses, but "virus writers can save the world," according
to Cyrus Peikari. Peikari, a medical doctor and chief technology
officer of VirusMD Corp., gave a speech to that effect at the Def Con
hacker convention here Saturday."The unchecked proliferation
of networks leaves society open to collapse," Peikari said. Drawing a
medical analogy which ran throughout his speech, Peikari pointed to the
Black Plague in Europe and small pox in Native American communities in
the Americas. Both destroyed or severely set back civilizations and
computer viruses are no different than other viruses, he said. Our
society may face the same fate as those laid low by older viruses, he
said.
That said, though, "viruses are need to stabilize global networks and to prevent the collapse of civilization," he said.
"It's
no longer sufficient to immunize PCs - basically we need someone to
immunize the Internet as a whole," he said. Current antivirus efforts
are simply not good enough, he said, pointing to the continued success
of viruses such as ILoveYou and Anna Kournikova, as well noting that
most users likely do not update their antivirus software as frequently
as they should.
Because of this, other methods of distributing antivirus protection must be found, he said. This method is the 'good virus.'
"Good
computer viruses are not only possible but inevitable," he said, again
pointing to the world of medicine where the vaccines for polio and
small pox, among other diseases, are actually weakened forms of the
viruses.
Though the idea of using one virus to fight another
virus is likely to encounter a great deal of opposition, so too did the
initial small pox and polio vaccines, he said. Initially, the small pox
vaccine was dangerous and not completely effective, but as its use and
research increased, it became safer, more widely-used and more
effective, he said.
An antivirus virus would have to be open
source, international and attenuated in Peikari's view. The 'good
virus' would have to be open source for quality control purposes. The
virus would have to be international because "you can't have individual
governments releasing vaccines" that other countries might not have
access to or want. Lastly, the virus would have to be attenuated, or
weakened, so as to allow it to spread and be effective, yet not
destructive.
Such a virus would have to be released by a cooperative of world governments or by a body like the World Health Organization.
"You need someone who knows how to track vaccines," he said.
Though Peikari does not yet have a working model for the 'good virus,' he hopes to have one up and running by next year.
During
the question and answer portion of the talk, Peikari encountered a
strongly skeptical audience resistant to the notion that such a virus
would be safe and effective, or that a government could be trusted to
work quickly of efficiently enough to be useful.
One audience
member suggested that such a model for antivirus work is akin to
sneaking a bomb onto a plane, blowing the plane up and arguing that
such an act is beneficial as it will likely increase airport security.
Peikari conceded that this was a good point.
Another audience
member who took a less-than-favorable view of Peikari's theories was
Sarah Gordon, a senior research fellow at Symantec Corp. Gordon, who
worked on a digital immune system program at IBM Corp. before coming to
Symantec, said that an antivirus virus is not stable or effective
enough to be workable.
"There are more stable ways to do fixes,"
she said in an interview after the speech. Current antivirus programs
offer automatic updates of new virus definitions and are more
controlled, she said. Peikari's model would "(tend) to introduce a lot
of instability."
Gordon also questioned whether Peikari's analogy with medical viruses was in fact accurate.
"Medical
analogy only goes so far," she said. "It's admirable that someone is
looking to a multi-disciplinary approach to solve the problem, but this
analogy breaks down."
Humans are not computers, so what works for one will not necessarily work for the other, she said.
"Just
because we use the word 'virus' doesn't mean we need a medical
approach," she said. "This model is not something we're going to see in
the near future. We have superior solutions to this already in place."
Peikari
is not the first to advance the idea that a virus is the best way to
fight other viruses. In May, a worm circulated on the Internet that
attempted to fix a backdoor in a number of Linux servers left by the
Lion worm. Antivirus and computer security experts took as dim a view
of that attempt as Symantec's Gordon did of Peikari's theory.
Despite the skepticism of the audience, Peikari remained optimistic.
"Antivirus (companies) will be violently opposed to (the idea), they may never accept it."
Judging by the response of the audience and the computer security community, he may be right.
Def Con, in Las Vegas, runs from July 13 to 15.
VirusMD can be reached online at http://www.virusmd.com.