WHMurray@DOCKMASTER.NCSC.MIL (03/18/91)
[Ed. The complete text of this paper is available by anonymous FTP on
cert.sei.cmu.edu in the pub/virus-l/docs directory under the filename
of virus.strategy.whm]
William H. Murray
Deloitte & Touche
Wilton, Connecticut
A New Strategy for Computer Viruses
PREFACE
This presentation was prepared for and delivered to the
"DPMA 4th Annual Virus and Security Conference" on March 14,
1991.
ABSTRACT
This presentation argues that it is time for a new strategy
for dealing with computer viruses. It reviews the present
strategy and suggests that it was adopted before we knew
whether or not viruses would be successful. It points out
that this strategy is essentially "clinical." That is, it
treats the symptoms of the virus without directly dealing
with its growth and spread.
It presents evidence that at least two computer viruses,
Jerusalem B and Stoned, are epidemic, that more copies are
being created than are being killed. It argues that simply
the growth of the viruses, without regard to their symptoms,
is a problem.
It argues that it is now time for an epidemiological
approach to viruses. A keystone of such an approach will be
the massive and pervasive use of vaccine programs. These
programs are characterized by being resident, automatic,
getting control early, and acting to resist the very
execution of the virus program.
The presentation notes that there is significant resistance
to such a strategy and, specifically, to the use of such
programs. It addresses many of the arguments used to
justify this resistance. It concludes that we will
ultimately be forced to such a strategy, but that, given the
growth of the viruses and the resistance to stragtegy, we
will not likely act on a timely basis.mike@pyrite.SOM.CWRU.Edu (Michael Kerner) (03/24/91)
Umm, excuse me, I'm just a dumb Mac Admin, but I was under the impression that this "new strategy" was the current strategy. At least on Macs, where this whole thing started, the strategy is to zing the bugger. The PC anti-viral programs we've installed on our machines (all 100-200), essentially block spreads by watching what's going on and looking for virus-like code, then killing it (unless I have no concept of the way PC virus killers work) Mikey Mac Admin WSOM CWRU mike@pyrite.som.cwru.edu P.S. If I'm ignorant, please tell me and then explain why