WHMurray@DOCKMASTER.NCSC.MIL (03/18/91)
[Ed. The complete text of this paper is available by anonymous FTP on cert.sei.cmu.edu in the pub/virus-l/docs directory under the filename of virus.strategy.whm] William H. Murray Deloitte & Touche Wilton, Connecticut A New Strategy for Computer Viruses PREFACE This presentation was prepared for and delivered to the "DPMA 4th Annual Virus and Security Conference" on March 14, 1991. ABSTRACT This presentation argues that it is time for a new strategy for dealing with computer viruses. It reviews the present strategy and suggests that it was adopted before we knew whether or not viruses would be successful. It points out that this strategy is essentially "clinical." That is, it treats the symptoms of the virus without directly dealing with its growth and spread. It presents evidence that at least two computer viruses, Jerusalem B and Stoned, are epidemic, that more copies are being created than are being killed. It argues that simply the growth of the viruses, without regard to their symptoms, is a problem. It argues that it is now time for an epidemiological approach to viruses. A keystone of such an approach will be the massive and pervasive use of vaccine programs. These programs are characterized by being resident, automatic, getting control early, and acting to resist the very execution of the virus program. The presentation notes that there is significant resistance to such a strategy and, specifically, to the use of such programs. It addresses many of the arguments used to justify this resistance. It concludes that we will ultimately be forced to such a strategy, but that, given the growth of the viruses and the resistance to stragtegy, we will not likely act on a timely basis.
mike@pyrite.SOM.CWRU.Edu (Michael Kerner) (03/24/91)
Umm, excuse me, I'm just a dumb Mac Admin, but I was under the impression that this "new strategy" was the current strategy. At least on Macs, where this whole thing started, the strategy is to zing the bugger. The PC anti-viral programs we've installed on our machines (all 100-200), essentially block spreads by watching what's going on and looking for virus-like code, then killing it (unless I have no concept of the way PC virus killers work) Mikey Mac Admin WSOM CWRU mike@pyrite.som.cwru.edu P.S. If I'm ignorant, please tell me and then explain why