If someone has already posted this, my apologies, but I haven't seen it.

There's an interview in an IS trade tabloid with a fellow who works for
HP labs in Britain. In it, he talks about the biological model of
computer security.

The idea is that computers are by nature binary - on or off, infected or
free of infection. But the human body is constantly somewhere in the
middle, constantly infected with some virus or another and constantly
coping with often multiple infections. Treating the computer like a
living body can lead to new ways of thinking about security.

Practically, let's say there is a virus that infects a computer and then
sends infected emails to everyone in the address book. The traditional
approach is to use AV software to clean out the virus. The biological
approach would be to contain the infection so it has the least effect on
the computer's operations. This means: (1) limiting the number of
interactions with various ports so only a small number of emails gets
out; and (2) applying a solution that helps the computer identify which
are legitimate emails so they get priority. So even though the computer
remains infected, the impact is minimized.

I don't know what you would do with an old-style virus that causes
impaired operation and data loss, but I imagine you'd help the data bus
distinguish between legitimate and viral processes and block off the latter.

What are people's thoughts on this?

Miki

I think the guy is high on something.

> Practically, let's say there is a virus that infects a computer and then
> sends infected emails to everyone in the address book. The traditional
> approach is to use AV software to clean out the virus.

Yes, indeed, problem solved. The virus described is actually a worm by the
way ...

> The biological
> approach would be to contain the infection so it has the least effect on
> the computer's operations. This means: (1) limiting the number of
> interactions with various ports so only a small number of emails gets
> out; and (2) applying a solution that helps the computer identify which
> are legitimate emails so they get priority. So even though the computer
> remains infected, the impact is minimized.

And then? Leave it there? It *still* affects operations, also the software
that 'limits' the worm requires resources as well. And then wait for the
next one to join and limit that one as well? How will the PC eventually be
'cured'? The more worms there are, although being 'limited', the more
resources will be required to monitor and limit them. There will be a
constant 'fever'. The worm will not go away by itself because it 'detects'
it is limited, so worm authors will have to cooperate on this.

--
Joep

On Fri, 24 Oct 2003 04:03:40 -0400, Miki Kocic
<(E-Mail Removed)> wrote:

>If someone has already posted this, my apologies, but I haven't seen it.
>
>There's an interview in an IS trade tabloid with a fellow who works for
>HP labs in Britain. In it, he talks about the biological model of
>computer security.
>
>The idea is that computers are by nature binary - on or off, infected or
>free of infection. But the human body is constantly somewhere in the
>middle, constantly infected with some virus or another and constantly
>coping with often multiple infections. Treating the computer like a
>living body can lead to new ways of thinking about security.
>
>Practically, let's say there is a virus that infects a computer and then
>sends infected emails to everyone in the address book. The traditional
>approach is to use AV software to clean out the virus. The biological
>approach would be to contain the infection so it has the least effect on
>the computer's operations. This means: (1) limiting the number of
>interactions with various ports so only a small number of emails gets
>out; and (2) applying a solution that helps the computer identify which
>are legitimate emails so they get priority. So even though the computer
>remains infected, the impact is minimized.
>
>I don't know what you would do with an old-style virus that causes
>impaired operation and data loss, but I imagine you'd help the data bus
>distinguish between legitimate and viral processes and block off the latter.
>
>What are people's thoughts on this?

My thought (and experience) is that prevention works. Far better and
much simpler to not allow malicious code to run on your PC in the
first place. And prevention doesn't necessarily require any antivirus
software or firewall or "protection" software of any kind.


Art
http://www.epix.net/~artnpeg

<(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> On Fri, 24 Oct 2003 04:03:40 -0400, Miki Kocic

And prevention doesn't necessarily require any antivirus
> software or firewall or "protection" software of any kind.
>
Then there was no need to shroud my desktop in latex?

"Miki Kocic" <(E-Mail Removed)> wrote:

> There's an interview in an IS trade tabloid with a fellow who works for
> HP labs in Britain. In it, he talks about the biological model of
> computer security.

Was it Matt Williamson? I chaired the session at VB2003 in which he
presented a paper on this... (Well, on the _epidemiological_ model of
computer virus spread, but as he's from HP Labs, Bristol I guess he is
probably who you mean.)

> The idea is that computers are by nature binary - on or off, infected or
> free of infection. But the human body is constantly somewhere in the
> middle, constantly infected with some virus or another and constantly
> coping with often multiple infections. Treating the computer like a
> living body can lead to new ways of thinking about security.
>
> Practically, let's say there is a virus that infects a computer and then
> sends infected emails to everyone in the address book. The traditional
> approach is to use AV software to clean out the virus. The biological
> approach would be to contain the infection so it has the least effect on
> the computer's operations. This means: (1) limiting the number of
> interactions with various ports so only a small number of emails gets
> out; and (2) applying a solution that helps the computer identify which
> are legitimate emails so they get priority. So even though the computer
> remains infected, the impact is minimized.
>
> I don't know what you would do with an old-style virus that causes
> impaired operation and data loss, but I imagine you'd help the data bus
> distinguish between legitimate and viral processes and block off the latter.
>
> What are people's thoughts on this?

Such models work well under certain simplifying assumptions.

In the real woorld however, note that biological systems _very_ seldom
come close to "wiping out" a "pathogen" or "infector" as typically the
control mechanism is "symbitoic" (that is, the well-being of the
controlling organism, gene, "circumstance", etc depends (to some degree)
on the continued existence of some "background existence level" of the
infective (etc) agent.

Biological systems are also _way_ more complex so although very near
"perfect" systems for isolating yourself from computer virus and related
threats are actually (theoretically) fairly achievable, it is exceedingly
unlikely in bio-systems (making the usefulness of the analogy somewhat
moot, I feel...).


--
Nick FitzGerald

"Nick FitzGerald" <(E-Mail Removed)> wrote in
news:3f990dfe$(E-Mail Removed):

> "Miki Kocic" <(E-Mail Removed)> wrote:
>
>> There's an interview in an IS trade tabloid with a fellow who works
>> for HP labs in Britain. In it, he talks about the biological model of
>> computer security.
>
> Was it Matt Williamson? I chaired the session at VB2003 in which he
> presented a paper on this... (Well, on the _epidemiological_ model of
> computer virus spread, but as he's from HP Labs, Bristol I guess he is
> probably who you mean.)
>
>> The idea is that computers are by nature binary - on or off, infected
>> or free of infection. But the human body is constantly somewhere in
>> the middle, constantly infected with some virus or another and
>> constantly coping with often multiple infections. Treating the
>> computer like a living body can lead to new ways of thinking about
>> security.
>>
>> Practically, let's say there is a virus that infects a computer and
>> then sends infected emails to everyone in the address book. The
>> traditional approach is to use AV software to clean out the virus.
>> The biological approach would be to contain the infection so it has
>> the least effect on the computer's operations. This means: (1)
>> limiting the number of interactions with various ports so only a small
>> number of emails gets out; and (2) applying a solution that helps the
>> computer identify which are legitimate emails so they get priority.
>> So even though the computer remains infected, the impact is minimized.
>>
>> I don't know what you would do with an old-style virus that causes
>> impaired operation and data loss, but I imagine you'd help the data
>> bus distinguish between legitimate and viral processes and block off
>> the latter.
>>
>> What are people's thoughts on this?
>
> Such models work well under certain simplifying assumptions.
>
> In the real woorld however, note that biological systems _very_ seldom
> come close to "wiping out" a "pathogen" or "infector" as typically the
> control mechanism is "symbitoic" (that is, the well-being of the
> controlling organism, gene, "circumstance", etc depends (to some
> degree) on the continued existence of some "background existence level"
> of the infective (etc) agent.
>
> Biological systems are also _way_ more complex so although very near
> "perfect" systems for isolating yourself from computer virus and
> related threats are actually (theoretically) fairly achievable, it is
> exceedingly unlikely in bio-systems (making the usefulness of the
> analogy somewhat moot, I feel...).
>
>
> --
> Nick FitzGerald
>
>
>

Yes, moot. Like many arguments based on analogy, the proponent has
forgotten that there are often more differences than similarities. So the
conclusions, while perhaps interesting, are far from certain.

In Message-ID:<(E-Mail Removed)> posted on
Fri, 24 Oct 2003 10:36:25 GMT, (E-Mail Removed) wrote:

>And prevention doesn't necessarily require any antivirus
>software or firewall or "protection" software of any kind.

Just use the rhythm method when downloading stuff, huh? <g>

--

Bart

On Fri, 24 Oct 2003 08:44:49 -0700, Bart Bailey <(E-Mail Removed)>
wrote:

>In Message-ID:<(E-Mail Removed)> posted on
>Fri, 24 Oct 2003 10:36:25 GMT, (E-Mail Removed) wrote:
>
>>And prevention doesn't necessarily require any antivirus
>>software or firewall or "protection" software of any kind.
>
>Just use the rhythm method when downloading stuff, huh? <g>

I've never found infestations of any software I've ever downloaded,
other than crap I've downloaded on purpose for testing. Sometimes I
wonder why I bother keeping my DOS scanners updated. They never find
anything. Neither do AdAware and Spybot. And I've tried tons of
freeware and utils. I can't imagine wasting resourses on useless
software "protection" when it's so easy to do it right.


Art
http://www.epix.net/~artnpeg

Miki Kocic wrote:
> If someone has already posted this, my apologies, but I haven't seen it.
>
> There's an interview in an IS trade tabloid with a fellow who works for
> HP labs in Britain. In it, he talks about the biological model of
> computer security.
>
> The idea is that computers are by nature binary - on or off, infected or
> free of infection. But the human body is constantly somewhere in the
> middle, constantly infected with some virus or another and constantly
> coping with often multiple infections. Treating the computer like a
> living body can lead to new ways of thinking about security.

perhaps, but i can see one critical difference between computers and
human bodies... that difference is huge numbers of human bodies aren't
constantly plugged into each other... human-human contact is discrete
and ephemeral, the way viruses and other pathogens are contained and
dealt with in such an environment does not translate well to networked
computers...

something else to consider, by the way, is that we can deal with
computer infections much *better* than we can with human infections..
if we could do to a human body what we do to a computer we would...

--
"hungry people don't stay hungry for long
they get hope from fire and smoke as the weak grow strong
hungry people don't stay hungry for long
they get hope from fire and smoke as they reach for the dawn"

I've read about this too.
I think there was also some talk about applying that theory so that a
computer could be used to simulate the effect that a biological virus may
have on the human body. So basically, the computer would the test subject
and that a computer virus is written to replicate the effect.
It's interesting stuff in a way. Unfortunately, I'm so strung up on job
hunting these days I haven't read up more on it.

I wonder if there's a NG where guys like me could just go and bitch for a
while?

Regards,

Ka.

"Miki Kocic" <(E-Mail Removed)> wrote in message
news15mb.22251$(E-Mail Removed)...
> If someone has already posted this, my apologies, but I haven't seen it.
>
> There's an interview in an IS trade tabloid with a fellow who works for
> HP labs in Britain. In it, he talks about the biological model of
> computer security.
>
> The idea is that computers are by nature binary - on or off, infected or
> free of infection. But the human body is constantly somewhere in the
> middle, constantly infected with some virus or another and constantly
> coping with often multiple infections. Treating the computer like a
> living body can lead to new ways of thinking about security.
>
> Practically, let's say there is a virus that infects a computer and then
> sends infected emails to everyone in the address book. The traditional
> approach is to use AV software to clean out the virus. The biological
> approach would be to contain the infection so it has the least effect on
> the computer's operations. This means: (1) limiting the number of
> interactions with various ports so only a small number of emails gets
> out; and (2) applying a solution that helps the computer identify which
> are legitimate emails so they get priority. So even though the computer
> remains infected, the impact is minimized.
>
> I don't know what you would do with an old-style virus that causes
> impaired operation and data loss, but I imagine you'd help the data bus
> distinguish between legitimate and viral processes and block off the
latter.
>
> What are people's thoughts on this?
>
> Miki
>