Courses/Computer Science/CPSC 203/CPSC 203 2007Summer L60/CPSC 203 2007Summer L60 TermProjects/Computers and Viruses

Project Statement
Our research project will look at the constant adaptations of viruses anti-viruses and whether or not there is a relation to the Red Queen hypothesis. Using this explanation we will propose possible solutions to prevent the spread of viruses which will subsequently help corporations and various educational institutions better their computer security and prevent a computer virus. The question we will be answering by the end of this project is: could the Red Queen Hypothesis be used to enhance the security level in computers used in corporations and educational institutions?

A Brief Definition

 * A computer virus can be defined as a computer program that can replicate itself. Viruses are designed to infect a computer without permission or knowledge of the user.


 * Because of the popularity of the world wide web, the spread of viruses has become inherently more popular. This can be seen with the prevalence of virus protection programs enabled in an attempt to constantly deal with the creation of new and more effective computer viruses


 * In association to the Red Queen Hypothesis, a virus originates from a biological concept; “A computer virus reproduces by making (possibly modified) copies of itself in the computer's memory, storage, or over a network. This is similar to the way a biological virus works.”

How They Work

 * There are two main ways by which a virus moves from one computer to another:


 * 1) Sent over a network. (i.e.: the internet)
 * 2) Carried by a removable medium. (i.e.: a floppy disk, CD, USB drive, etc…)

http://youtube.com/watch?v=sxal31zIKdE

Brief Definition of Anti-viruses
The primary purpose of antivirus software is to detect viruses and potential threats to a computer system then perform different tasks, preferred by the user, to eliminate it.



How they work
When the anti-virus program is run, it sorts through multiple computer files searching for potential threats listed in the virus dictionary.

When a virus is found, the user has three options:
 * 1) quarantine the virus (prevent it from spreading throughout the system)
 * 2) delete the virus without harming the file that it is attached to
 * 3) completely delete the virus and the infected file

Updating Virus Dictionaries
Anti-virus software includes a virus dictionary containing multiple listings of known virus signatures. Manufacturers have two ways of attaining new virus signatures:


 * 1) Users who believe that the files contain a virus send this file to the software company.
 * 2) Software companies try to detect any files containing suspicious behavior. (i.e.: A picture file trying to access the internet) This method attempts to detect a virus before it attacks your computer.

Limitations of Anti-virus programs

 * As new viruses are constantly being produced encrypted with modifications changing their initial virus signatures, the virus dictionary needs to be constantly updated.


 * In order to keep the virus dictionary up to date, new versions of the software needs to be downloaded, purchased, or upgraded by the user for maximum security. This can become costly and time consuming.


 * This competition for dominance involving viruses and anti-viruses can be noticeably related to the Red Queen Hypothesis.

In a nut shell

 * Founded by Van Valen in 1973, the Red Queen Hypothesis suggests that the relationship between computers and viruses can be associated to the theories of natural selection and coevolution.
 * coevolution: evolutionary extinction of one species, either the prey or the host, can result in the extinction of the other species, the predator or the parasite
 * natural selection: based on the concept of survival of the fittest, only genes that attribute to survival will be passed down to future generations.
 * Three key features of the Red Queen Hypothesis:
 * 1) A "Parasite" that attacks a host at a specific point.
 * 2) A one-to-one matching of codes between host and parasite (metabolic codes, genetic codes, computer codes)
 * 3) Build up of an "arms race" as a change in host code initiates a corresponding change in parasite codes.

Where does this idea come from?

 * Originated with a quote from the book “Looking through the Glass"
 * Within the book, a character called the Red Queen says to the main character Alice "Now, here, you see, it takes all the running you can do to keep in the same place”
 * The overall theme of the Red Queen Hypothesis is that no matter how advanced viruses and anti-virus programs become, we are not getting any further ahead in terms of enhancing computer security. (We are simply finding more advanced ways to avoid the same problem without actually resolving it)

Possible Solutions

 * In the increasing virus problem worldwide, it proves that businesses, major corporations and even homes are still vulnerable to wide spread virus infections even with an antivirus program and software updates. Antivirus programs that try to isolate a system for a single infection eventually will make the system become too fragile to deal with any virus attacks and may crash as soon as a virus is able to break through the antivirus system.


 * The issue of viruses/anti-viruses and its relation to the red queen is whether we should or should not treat computers and viruses as a biological entity. Biological entities, such as ourselves, have a tolerance and are still able to function under certain levels of infection. Thus biological mechanisms are better able to deal with infections as they constantly are adapting.


 * If corporations do consider computers as a biological entity then solutions such as immunization are possible. If not, they may look at redundancy as a solution.

Immunization

 * slowly introduce small parts of a virus so that the computer becomes somewhat resistant

http://youtube.com/watch?v=zcEn7p6CKfE

Redundancy

 * The other way we can try to reduce the risk of computer viruses is redundancy.
 * This solution is based on a simple thing called “Single Point Sensitivity” which is the possibility of any one component in the system to affect the whole system. And that can have the potential to affect operations performed by the computer system to some extent.
 * So, to avoid this everything can be duplicated, such as CPU’s, Input/Outputs, and controls. This duplication of everything is known as redundancy.
 * Software would be set up to detect errors in the hardware and automatically shut down the affected component and start up the back up. The computer system will know to do this because of a preset threshold of error tolerance. At the same time, the system operations and maintenance personnel will be alerted and they can fix the problem.
 * Some ways duplication works is by having back up on USB hard drives, cds, and perhaps tapes.

Conclusion

 * To answer the initial question, the Red Queen Hypothesis can act as an enhancement to security. It tells us that there are feasible solutions to the virus attacks such as immunization. But also, there are still practical solutions such as redundancy that provide security enhancement without the biological-relationship background.


 * The conflict between virus and antivirus, which displays similarities with the Red Queen Hypothesis, is still eminent today and if relied on the hypothesis correctly, it will never end.


 * But it is still worthy to introduce the debate of biological computers and also practicing the concepts of immunization or redundancy which may increase the security and reduce the chances of widespread viral infection to and within major corporations.


 * Examples of biological computers:

http://www.youtube.com/watch?v=iZAce5j5q2U

http://www.youtube.com/watch?v=RYPWFF9Sty4