WHMurray@DOCKMASTER.NCSC.MIL (03/23/91)
Archive-name: security/virus/virus-strategy-whm/1991-03-17
Archive: cert.sei.cmu.edu:/pub/virus-l/docs/virus.strategy.whm [128.237.253.5]
Original-posting-by: WHMurray@DOCKMASTER.NCSC.MIL
Original-subject: DPMA Talk - "A NEW STRATEGY FOR COMPUTER VIRUSES"
Reposted-by: emv@msen.com (Edward Vielmetti, MSEN)
[Ed. The complete text of this paper is available by anonymous FTP on
cert.sei.cmu.edu in the pub/virus-l/docs directory under the filename
of virus.strategy.whm]
William H. Murray
Deloitte & Touche
Wilton, Connecticut
A New Strategy for Computer Viruses
PREFACE
This presentation was prepared for and delivered to the
"DPMA 4th Annual Virus and Security Conference" on March 14,
1991.
ABSTRACT
This presentation argues that it is time for a new strategy
for dealing with computer viruses. It reviews the present
strategy and suggests that it was adopted before we knew
whether or not viruses would be successful. It points out
that this strategy is essentially "clinical." That is, it
treats the symptoms of the virus without directly dealing
with its growth and spread.
It presents evidence that at least two computer viruses,
Jerusalem B and Stoned, are epidemic, that more copies are
being created than are being killed. It argues that simply
the growth of the viruses, without regard to their symptoms,
is a problem.
It argues that it is now time for an epidemiological
approach to viruses. A keystone of such an approach will be
the massive and pervasive use of vaccine programs. These
programs are characterized by being resident, automatic,
getting control early, and acting to resist the very
execution of the virus program.
The presentation notes that there is significant resistance
to such a strategy and, specifically, to the use of such
programs. It addresses many of the arguments used to
justify this resistance. It concludes that we will
ultimately be forced to such a strategy, but that, given the
growth of the viruses and the resistance to stragtegy, we
will not likely act on a timely basis.