The Future of Viruses on the Internet - Lots of Little Tremors, a Few Big Quakes
By: Wendy • Essay • 2,908 Words • April 8, 2010 • 1,287 Views
The Future of Viruses on the Internet - Lots of Little Tremors, a Few Big Quakes
--------------------------------------------------------------------------------
The Future of Viruses on the Internet
Lots of Little Tremors, a Few Big Quakes
There are many different phenomena, both natural and man-made, that come in different sizes. In many cases, the small things come quite often, and the big things only rarely. Small earth tremors are much more common than large earthquakes. Slight rises in the level of a river are much more common than floods. Virus incidents that involve only a few machines are much more common than major outbreaks involving hundreds of systems.
When the distribution of incidents is skewed in this way, we tend to get good at handling the small incidents; they become routine and expected, and our solutions will be efficient and well-tested. Large incidents, since they happen rarely, are handled on a more ad hoc basis; maybe we know who will be on the Crisis Team (assuming that someone's remembered to update the list as people changed jobs), but exactly what the team will do once it's assembled will be determined on the fly to fit the case. That's why the Crisis Team has to contain some of the best people we have available.
Conditions change. If the probability of a large incident increases rapidly, we can be caught unawares, and the number of large incidents can easily overwhelm an ad hoc crisis-based approach that depends on large problems being few and far between. On the other hand, if we can see the change coming, we have a chance to develop methods that can handle the majority of large incidents as smoothly as we already handle the small ones.
How will the continued growth of the Internet change the pattern of virus spread and similar threats? Is our current paradigm of virus containment sufficient for the future?
Viruses and the Internet
At present, computer viruses are a constant low-level annoyance. Every company knows that it ought to have anti-virus software, and that virus protection is a cost of doing business, just like backup and fire insurance. Small virus incidents are common and routine. In organizations that do centralized incident management and reporting and have anti-virus software well deployed, most incidents involve only one or two systems; the virus is caught before it can spread farther than that [1].
When new viruses are discovered, anti-virus software is updated to deal with them on a cycle of weeks or months. Anti-virus vendors generally offer monthly updates, and in a typical corporate environment new updates are installed every one to six months. Because it takes a typical new virus many months, or even a few years, to become widespread, this is reasonable. The recent rise of macro viruses, which can become widespread in just a few months, has put some downward pressure on these time-scales, but not changed their general magnitude. It is still feasible to deal with new viruses through a largely manual process: a customer finding a new virus sends it in to a vendor, the vendor analyses it by hand and returns detection and repair information to the customer, and other customers get the information over the next months, in their regular updates.
The Internet currently plays a comparatively small role in the spread of viruses. No common virus today is network-aware; all of them require help (generally accidental help) from users in order to spread. So the Concept virus spreads over the Net only when someone mails an infected document to someone else, or makes one available on their Web site. Virus authors have taken advantage of the ease of anonymous posting to distribute copies of their viruses via Usenet News, but since the viruses themselves do not make use of Usenet to spread further, this is a one-time "planting" event, not a continual spread. Since all these network transmission methods rely on manual action, manual responses have been adequate to deal with them.
New Systems
There are two major trends in Internet technology that will have an impact on virus spread in the next few years: one is the increasing ubiquity and power of integrated mail systems, and the other is the rise of mobile-program systems.
Integrated mail systems such as Lotus Notes and Microsoft Outlook make it very simple to send anything to anyone, and to work with objects that you receive. They also support application programming interfaces (such as MAPI and the Notes API) that allow programs to send and process mail automatically. To the extent that these systems increase the rate at which people intentionally share programs (including documents with embedded