TAU cure for computer viruses?

TAU team proposes spreading an antidote that knocks out viruses before infecting others on-line.

By JUDY SIEGEL-ITZKOVICH
computer 88 (photo credit: )
computer 88
(photo credit: )
A Tel Aviv University doctoral student and his colleagues are proposing an innovative way to beat computer viruses - the bane of Internet users since its inception - by spreading a specially designed antidote that knocks out the viruses before they can infect others on-line. Eran Shir, 31, of Kfar Saba, along with TAU's Dr. Yuval Shavit and Hebrew University professors Sorin Solomon and Jacob Goldenberg, have published their theoretical model - which operates much like a biological virus spreads in nature - in the December 1 on-line edition of the prestigious journal Nature Physics. The five-page article, full of diagrams and formulas, is called "Distributive immunization of networks against viruses using the 'honey-pot' architecture." Shir told The Jerusalem Post on Thursday that he and his colleagues did not hold any patent protection on the idea, as they did not intend to make any money out of it. "Our work is theoretical," he said. "We did the simulations and analyses. We hope it will be open source in the community and have no plans to turn into millionaires from it. We would be happy if somebody would do it for us." But he predicted that a commercial company that took "three or four well-trained people" could develop an effective antivirus program within a year that could immunize computers around the world against troublemaking viruses and contain the cyber-plague that threatens to strangle the Internet. Shir said antiviral software purchased by almost every computer owner was still based on a mechanism developed in the 1980s when PCs were infected with a "bad" diskette. "I started on the project in August 2003, after a big power blackout in the US was followed by the Blaster virus, which wiped out many computers around the world," he said. "It angered me. I understood very early that the old antivirus concept is wrong. It tries to protect the individual computer by purging the offending virus from its brain. "But to identify the virus and then compose a program that can neutralize it takes too long; by that time, the virus has infected the whole network. So I wanted to protect the network by taking advantage of the connectiveness of the Internet. "The need to respond to cyber-attacks in real time has spurred efforts to create artificial immune systems that could autonomously identify viruses and develop immunizing agents. In such schemes, the vaccine would spread to other computers in the same epidemic fashion as the virus, but it would reach most computers too late - later than the virus. "Our solution involves the installation of a special program as a 'sentinel at the gate' to quickly receive messages on new viruses, and when it arrives, the sentinel will know in real time not to allow it in," Shir said. Using network theory - a branch of statistical physics - the authors show that the design of a computer network can be slightly modified to have just a handful of extra connections open only to the vaccine. This is enough to enable the vaccine to outrun the virus and spread to other computers. "I was not the first to suggest sending viruses in a decentralized way," Shir said. "There were people at IBM, but they thought it was not practical because the virus always has a head start and the antivirus can't keep up. "But we succeeded in showing it can be practical if one makes small changes in an on-line network. This can be done by allowing immunity to pass through links where the antivirus program cannot go, such as SMS, instant messaging, peer-to-peer networks or secure e-mail networks with encryption. As a result, with even a small number of secure links, the antivirus can jump behind the enemy lines and stop the virus. It can happen within seconds," Shir said. He said the antivirus could protect not only Microsoft Windows, which is the most widely used operating system (despite its having the most security holes), but also Macintosh and Linux operating systems. Shir spends most of his time on mapping the routing infrastructure of the Internet with the help of thousands of volunteers in more than 80 countries, including Saudi Arabia, Egypt, Kuwait and other Arab countries. Via the Web site www.netdimes.org, whose work is funded by the European Community, individuals donate brainpower from their personal computers at home or the office, when they are not in use, to make measurements to map out the Internet's infrastructure.