Carey Nachenberg

Computer virus-antivirus coevolution

A S RECENTLY AS SIX YEARS AGO, COMPUTER viruses were considered an urban myth by many. At the time, only a handful of PC viruses had been written and infection was relatively uncommon. Today the situation is very different. As of November 1996, virus writers have programmed more than 10,000 DOS-based computer viruses. In addition to the sheer increase in the number of viruses, the virus writers have also become more clever. Their newer creations are significantly more complex and difficult to detect and remove. These “improvements” can be at least partially attributed to the efforts of antivirus producers. As antivirus products improve and detect the “latest and greatest” viruses, the virus authors invent new and more devious ways to hide their progeny. This coevolution has led to the creation of the most complex class of virus to date: the polymorphic computer virus. The polymorphic virus avoids detection by mutating itself each time it infects a new program; each mutated infection is capable of performing the same tasks as its parent, yet it may look entirely different. These cunning viruses simply cannot be detected costeffectively using traditional antivirus scanning algorithms. Fortunately, the antivirus producers have responded, as they have in the past, with an equally creative solution to the polymorphic virus threat. Many antivirus programs are now starting to employ a technique known as generic decryption to detect even the most complex polymorphic viruses quickly and cost effectively. A computer virus is a self-replicating computer pro-

Malware Evolution: A Snapshot of Threats and Countermeasures in 2005

Speed, stealth, and purpose of malware [1] threats and countermeasures are evolving quickly. This chapter describes these three facets of current malware threats, and describes a few countermeasures emerging to better address such threats.

The military impact of information technology

T hanks to Sy Goodman for an informative column about how nations attempt to use information technology for military purposes (“War, Information Technologies, and International Asymmetries,” Dec. 1996, p. 11). The column makes clear the belief IT can enhance performance in fighting wars. That belief has always seemed naive to me. Computers and IT are effective mainly when the application area is ordered and predictable (i.e., when the level of chaos and entropy is fairly low). War, however, is the epitome of a chaotic, highly entropic environment. It is a breakdown of rational human behavior. In short, war and armed conflict is one of the application areas to which IT is least applicable. Put crudely, when all hell breaks loose, computers are at their worst. That computercontrolled robot drone may work fine in the lab or on the testing range, but the situations encountered in battle are by the very nature of war new and unique. Furthermore, the primary function of IT is to create value. War is the destruction of value. The lives, societies, and artifacts destroyed in war are produced by costly antientropic processes that in some cases include IT. Using computers to fight wars is thus like using firehoses to fan a fire. The continued popularity (among world leaders and defense hawks) of high technology for fighting wars is due more to fraud on the part of the defense industry and wishful thinking on the part of their customers than on the success of IT in that application domain. This is not to say IT has no military applications. As is mentioned in the column, intelligence gathering and analysis is precisely the sort of problem IT is good at: reducing entropy—adding value— in a domain where the entropy is already fairly low. Even if one is opposed on moral or political grounds to many of the means used by various militaries to gather information, the purposes for which the information is used, or even their right to gather certain information, one must acknowledge intelligence gathering and analysis is a more suitable problem for computer and IT than is war-fighting. It is the responsibility of computer professionals to educate policymakers about the limitations of IT. Otherwise, the fraud and gullibility will continue. Jeff Johnson San Francisco, CA