Computer viruses as a paradigm for infectious diseases - PowerPoint PPT Presentation

Loading...

PPT – Computer viruses as a paradigm for infectious diseases PowerPoint presentation | free to download - id: 2d9e0-ZDRiM



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Computer viruses as a paradigm for infectious diseases

Description:

Hoaxes are a nuisance because they take up resources but, until ... You should always check if a message is a hoax before forwarding it. Response of the virus ... – PowerPoint PPT presentation

Number of Views:112
Avg rating:3.0/5.0
Slides: 28
Provided by: Wasse
Learn more at: http://www.cbs.dtu.dk
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Computer viruses as a paradigm for infectious diseases


1
Computer viruses as a paradigm for infectious
diseases
  • T. Wassenaar and M.J. Blaser
  • Molecular Microbiology and Genomics Consultants
  • Zotzenheim, Germany
  • School of Medicine, New York University NY

2
Introduction
Viral diseases will be compared to computer
viruses. To see their similarities, infectious
diseases are viewed in an abstract manner. Basic
principles of infectious diseases can so be
illustrated and explained by day-to-day computer
experiences. This can lead to a better
understanding of underlying principles of
infections, and to better treatment of both
biological and cyberspace infections.
3
What is a virus?
  • A virus is a living organism, containing DNA or
    RNA
  • It parasitizes on a host
  • It can only replicate when inside a host
  • It follows the biological laws of mutation and
    selection

4
What is a virus?
You have new mail
  • A computer virus is a program
  • It parasitizes on an operating system
  • It can only replicate through an operating
    system
  • It follows laws of mutation and selection

5
What is what?
Computer viruses are man-made programs that
perform harmful operations (destroy data, files,
software) and can reproduce and spread new
copies. Specialists' definitions WORM a
self-replicating program that spreads copies
between computers in a network (internet!) with
little or no user interaction VIRUS a harmful
program that plants itself in a program it can
modify, and spreads to files within a computer or
(with user interaction) between computers TROJAN
HORSE a program in disguise (game, tool) that
makes a computer available to non-authorized
users. Non-replicative. In view of the
biological infectivity of worms, computer worms
should have been called viruses, as they are in
common languag
6
The life cycle of a virus
A virus enters the host through an opening after
passively being breathed in, swallowed, or via
direct contact. A virus has to have the correct
host and tissue specificity to gain a foothold in
a host. A virus replicates at the cost of the
host. Damage in the form of disease causes pain,
suffering, and sometimes death. Transfer to a
next host is required for offspring replicates.
The host will (unknowingly) secrete virus
particles by coughing, sneezing, fecal shedding.

Entry
Foothold
Replication Damage
Transfer to next host
7
The life cycle of a virus
You have new mail
A virus enters the system passively, through an
activity of the operator (inserting an infected
disk, opening an infected mail attachment). A
virus has to be compatible with the system to
gain a foothold. A virus replicates at the cost
of computer speed. Damage causes loss or
inaccessibility of files, and sometimes loss of
the complete hard disk. Transfer to the next
computer can occur automatically when computers
are interconnected, or requires human activity
such as sharing of diskettes.
Entry
Foothold
Replication Damage
Transfer to next host
8
Response of the host
Viruses have evolved with their hosts. The host
responds to viral infections with defense
strategies, which the virus tries to evade. The
host response and the viral answer to this evolve
together. The result may look like a 'planned'
strategy but is the result of mutation and
selection.
9
Response of the host
  • Animals have evolved immune systems that largely
    protect against a broad range of pathogens. It
    comprises of two mechanisms
  • Innate immunity recognition of stereotypic
    patterns associated with microbes
  • adaptive immunity involves learning from
    exposures and improved responses with recall.
  • The response targets on destruction of the
    virus. This has costs and risks. Since host
    response and virus evolve together, a host
    response can not make a virus extinct.

10
Response of the host
You have new mail
  • Computer users protect their computers with
    anti-virus programs, which scan files and discs
    for known viruses.
  • This largely resembles the innate immunity of
    animals. Adaptive immunity which learns from
    exposure is under development. In part it is
    already operational against polymorphic viruses.
  • The response targets on destruction of the
    virus. This has costs and risks. Since host
    response and virus evolve together, anti-virus
    programs can not make a virus extinct.

11
Did you know?
  • An Email without an attachment until recently
    could not be a virus, and could not do harm.
    Virus attachments that were not opened until
    recently could not cause harm. Hardware is never
    damaged by viruses (although hard disks can
    become inaccessible).
  • A Hoax is an Email that warns against a
    non-existing virus. Hoaxes are a nuisance because
    they take up resources but, until recently, they
    were harmless. You should always check if a
    message is a hoax before forwarding it.

12
Response of the virus
Viruses escape host defenses by accumulative
mutations and selection of the best survivors.
Repeat of this process over time has resulted in
many serotypes. In cyberspace, successful
viruses are rapidly copied by malicious
programmers who change sufficient parameters to
make the anti-viral screens ineffective. Viruses
can now change their subject and attachment name
automatically during replication. The anti-viral
programs recognize these polymorphic viruses.
13
Hygiene
  • Good hygiene practice can prevent the spread of
    (viral) infections.
  • Disinfection and sterilization are routine
    measures in a hospital.
  • Regular virus checks with update anti-viral
    programs should be just as routinely applied by
    every computer user.
  • A used needle is just as suspicious as an
    unexpected attachment with a non-professional
    name or an unknown extension. Both should be
    discarded immediately.
  • Our body can heal, but our hard disc can be
    replaced. Regular backups will limit the damage
    in the event of a virus attack.

14
Immunity has costs
  • Immunity uses resources and energy and thus is
    costly for the host.
  • Similarly, computer-virus awareness is costly in
    terms of time and resources
  • making back-ups
  • routine screening of attachments and discs
  • requesting confirmation from sender before
    opening an attachment

15
Immunity has risks
  • When immunity runs out of control, immune
    diseases result in self-damage
  • allergic reactions are immune responses against
    harmless agents
  • auto-immunity degrades 'self' instead of
    pathogens

16
Allergic reactions
  • Anti-virus programs may respond to .exe programs
    that are not viruses. Compare this to an allergic
    reaction to a harmless particle (hay fever).
  • The user must know when to abide the request to
    inactivate anti-virus programs when downloading
    from internet
  • Allergies are an inavoidable consequence of
    immunity

17
Hoaxes and Auto-immunity
  • Hoaxes are usually harmless, but a new generation
    has similarity to immune disorders
  • A hoax may warn for an unseen virus, infecting a
    particular file which you will find on your
    computer. Deleting this file in response, you
    delete part of your system and cause harm to it.
    Compare this to auto-immunity
  • A virus hidden in a 'patch' to repair identified
    security leaks--a classical example of
    self-destruction
  • Severe automutilation due to hoaxes/patches is a
    new threat

18
Similarities
  • A toxin becomes harmful above a toxic dose.
    Toxins can not multiply but have to be produced.
    Compare a Denial-of-Service attack (DoS) a
    harmless operation (attempt to enter a website)
    becomes harmful above a critical amount. DoS can
    not replicate but have to be sent by a
    programmer.
  • Biological viruses can be socially transmitted,
    i.e. spread through (passive) social contacts, or
    sexually transmitted. Computer viruses (not
    worms) are like an STD since they require human
    activity for transmission. Worms are similar to
    socially transmitted infections.
  • Spam (unwanted but harmless emails) resemble
    opportunistic pathogens that can injure the host
    only under specific conditions--spam can hinder
    downloading mail through an expensive modem
    connection

19
More similarities
  • Host specificity limits the spread of biological
    viruses.
  • Different operating systems (PC, Mac, UNIX) are
    barriers for further transmission (and often
    barriers to damage as well) and in that way show
    host-specificity as biological viruses do.
  • The young and elderly are most vunerable, in vivo
    and in silico
  • An open wound is a portal of entry for infectious
    organisms.
  • An unprotected internet connection (or poorly
    protected Email programs such as MS Outlook) can
    do the same to your computer.

20
How virulence evolves
Pathogens do not re-invent the wheel but 'steal'
virulence genes. These genes often spread through
bacterial populations as 'pathogenicity
islands' Combinations of successful properties
can lead to new successes. The same is true in
cyberspace. For instance, 'ILOVEYOU' and
'Melissa' are a combination of a Trojan Horse and
a worm. The Trojan Horse helps the Worm to
spread. The latest fasion a virus producing spam
21
Virulence must be dosed
Reuse of formerly proven effective (and
infective) information is frequently seen in
computer viruses. However, virulence must be
properly dosed to be successful. An
example Code Red SirCam Nimda
(W32/Nimda.A-mm) Nimda sends itself by e-mail,
as SirCam does, and also scans for, and infects
Web servers, as Code Red does. It combines the
strongest properties of both.
22
Nimda
Nimda
  • Nimda
  • spreads without an Email attachment, by clicking
    on the subject line of an infected Email (e.g. to
    delete it) or by visiting a website of an
    infected server
  • spreads extremely fast
  • A weak point was the uncommon subject line of the
    Email, such as "xboot" or "desktopsamplesdesktopsa
    mples" or "samples" (a better script nowadays
    'steals' a name of recently opened files for
    subject line)
  • So why didn't see the world a cyberspace disaster
    after it was launched (exactly 1 week after the
    terrorist attack in the US)?
  • Because it is 'too' virulent

23
Nimda
"This worm was so fast moving, so potentially
dangerous, that people saw it right away and
responded." Antiviral companies quickly
released alerts advising systems administrators
to scan all incoming email for the "readme.exe"
which blocked the virus from spreading rapidly
only hours after the release. By the end of day 1
it's spread had slowed down. Compare this with
the rapid and deadly, but always small outbreaks,
of hemorrhagic fevers (Ebola) an outbreak is so
rapidly recognized that measures can be taken
quickly.
24
History
1981 first Apple virus spreads through Texas AM
via pirated computer games 1983 definition of a
computer virus (Fred Cohen) 1988 first major
outbreaks (all Macs) 1990 Symantec launches
Norton AntiVirus 1991 first polymorphic
virus 1994 first hoax 1995 Word viruses
predominate 1996ff Windows viruses
predominate 1999 Melissa, first mass-mailing
worm. (Author sentenced 20 months (2002)) 1999
first virus activated by opening email rather
than attachment
25
History
1981 first Apple virus spreads through Texas AM
via pirated computer games 1983 definition of a
computer virus (Fred Cohen) 1988 first major
outbreaks (all macs) 1990 Symantec launches
Norton AntiVirus 1991 first polymorphic
virus 1994 first hoax 1995 Word viruses
predominate 1996ff Window viruses
predominate 1999 Melissa, first mass-mailing
worm. (Author sentenced 20 months (2002) 1999
first virus activated by opening email rather
than attachment
26
History (contd.)
2000 Lovebug. Stage first virus with attachment
disguised with .txt suffix. DoS
become en vogue 2001 Nimda SirCam
Code Red 2002 Klez
Bugbear 2003 first virus-generated spam 2004
MyDoom
27
Conclusions
  • Computer viruses are a human invention.
  • Nevertheless does their evolution follow routes
    similar to biological diseases
  • relatively harmless ancestors gradually or
    step-wise evolve into virulent 'pathogens'
  • simultaneously enforced defense mechanisms of the
    host evolve
  • successful strategies are reused and combined
  • this in turn solicits new virus 'variants' and
    'strains'
  • Eventually an equilibrium will result in which
    the cost of infection is limited to an acceptable
    level by the host.
  • Comparing cyberspace "microbes" with their
    biological counterparts is beneficial to the
    combat of both.
About PowerShow.com