Content

The human/computer virus conundrum

The triage tent in the hospital parking lot is full with nurses and technicians wearing protective masks as they test patients for H1N1. The crisis has already hit and we are not in season yet. They have performed over 6,000 virus screening tests admitting 100 patients and losing two to death. Such is the fertile breeding grounds for the H1N1 virus. I couldn't quite imagine bringing my servers to such a location for analysis and potential admittance.

Figure 1.  New Malicious Code Threats
Source: Symantec

Unlike cyber malware, viruses such as the H1N1 are usually quite predictable as to when they will hit and how they will spread. Each year the fall season brings us a new strain or two that spreads in high human traffic areas such as schools, the workplace and in mass transportation. Pharmaceutical companies awarded the contract to develop the vaccine try their best to predict exactly what the strain will be in the fall since they do not have samples available to analyze. The virus mutates throughout the year as it interacts with organic tissue learning the host and responding to host anti-bodies as a method of survival. These viruses do not care if they kill the host. Their intent is survival and survival only -- at all costs.

Computer viruses are manufactured with specific intent. That intent has changed over the years from simple annoyances that were easy to see, discover and respond to, to low and slow malware with the intent of stealth required to steal items of value for later monetization. Outside the realm of state sponsored cyber-warfare, the criminal element has taken over the virtual virus world since it is much easier, cheaper, and less risky to steal items of value in this manner than it is to perform the same in the physical world.

Figure 2. Flu tracking
Source: Google

Figure 3. Flu tracking last 9 years
Source: Google

What is interesting is the parallel growth of human and computer virus outbreaks over the past 8-9 years (Figures 2 and 3 compared to Figure 1). We understand the reasons for the computer growth but human virus outbreaks are far beyond my pay grade.

There are many similarities between human and computer viruses and much that can be learned from each other (Figure 4). Human borne viruses have an innate intelligence based upon survival that drives their ability to mutate. The current ability for computer viruses to mutate is based solely upon the developer to author modifications that can bypass and hide from existing computer defenses driven by the need to capture more information and generate more revenue.

Figure 4. Human and Computer Virus Comparison

The major worry for future computer-borne viruses is the eventual capability to incorporate artificial intelligence where the virus mutates without human intervention becoming more lethal and stealthier as a method of survival. A learning cyber virus that makes its way across the Internet from corporation to corporation; device to device; gathering information and learning ways to survive through simple trial and error or cause and effect while extracting items of value for monetization. This Artificial H1N1 will self-repair; will clean its own tracks; will hide when it has to and appear when it needs to. It will be able to steal information while at the same time destroy the host if needed.

Until that day arrives, we can evaluate and improve our understanding of how human viruses work as a method to build better software and operating systems that strength the computers immune system as a core component of the commercial development process. Anti-virus and computer vaccines of some type will always be required but maybe someday they will only be needed on an annual basis. This requires much greater maturity in our software development lifecycle and a focus on survivability; something that is not necessarily in the top ten of every developer's job description or every software companies' core values.

One thing I believe that is true in this whole equation is that the criminal element adapts and innovates much faster than commercial software companies. This speed will force maturity but it will be reactive in nature and eventually may mirror the human vaccine process where a best, educated guess is the method used to manufacture a vaccine that is not administered to all computers, but only those that want it and are most at risk.



Jeff Bardin

Jeff Bardin is the Chief Intelligence Officer for Treadstone 71 with clients on 4 continents. In 2007, Jeff received the RSA Conference award for Excellence in the Field of Security Practices. His team also won the 2007 SC Magazine Award – Best Security Team. Jeff sits or has sat on the Board of Boston Infragard, Content Raven, Journal of Law and Cyber Warfare, and Wisegate and was a founding member of the Cloud Security Alliance. Jeff served in the USAF as a cryptologic linguist and in the US Army / US Army National Guard as an armor officer, armored scout platoon leader. Mr. Bardin has extensive experience in cyber intelligence lifecycle services, program builds, targeted research and support, cyber counterintelligence services and analysis, deception planning, and cyber operations.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.