No love lost on computer virus creators; A bug maker is like someone smashing windows to prove they're glass, says a virus doctor at IBM.; Conversations

David Chess has been with IBM for 20 years, nearly as long as there have been personal computers. For the past 12 years, his sole concentration has been on those nasty bugs most everyone with a PC and Internet access loves to hate-- the computer virus.

Chess, 40, one of a handful of virus doctors at the computer giant, spends his time ferreting out not only the viral code that infects our systems and makes us miserable, but the glitches and niches in existing software that make it possible for viruses to work.


In the wake of the recent incredibly destructive "Love Bug" virus, Chess took a few moments away from his work to talk with The Sun about viruses, their creators, and some of the latest means being used to battle both.

What is it that makes a virus a virus?


The biological analogy is sort of aloof but the similarity is still there. They are self-replicating. They enter a system and use its machinery to multiply. This can be a problem even if there is no ... malicious intent -- it will still get into other programs. It reminds me of the Form virus. This is an older virus that you don't see anymore -- a real classic. It actually had a line in its code saying "don't worry the form virus does not destroy data." But, it got to places where assumptions that it made weren't true and it was still wiping out data.

Is there a sort of thrill to the hunt so to speak?

Well, I've been doing this for a lot of years, and the viruses I come across are generally not all that well written, so my interest in pursuing the code has dropped. The systems that these programs exploit are kind of interesting, but more often than not we're finding bugs in the systems that allow these viruses to attack. I deal with the more seamy side of backroom and basement code jockeys and not the more elegant world of programming. The virus itself isn't really all that impressive a piece (of programming). That's an important thing. Unfortunately, they aren't that hard to write. Almost anyone can do it.

What about the "Love Bug?" It seems to have done a lot of damage. Was this due to more sophisticated programming?

The "Love Bug" was sort of amateur code. They obviously had a particular interest in the handle -- the e-mail address. They aren't professionals, or they are very subtle in the ways they masked their professionalism. There wasn't anything particularly interesting about the Love Bug. We had seen all of the symptoms before: the e-mail virus, the overwriting of files, etc. None of the things it did were one of a kind, but they were all bundled into one program, which partly accounts for how fast it spread. The other part of that was most likely luck.

So you don't really have any respect for these programmers or the way that they are trying to expose security problems in the companies? No, they aren't acting responsibly. It's kind of like someone walking down the street and throwing rocks through windows to demonstrate that they are glass. Gee, who would have thought? I think that the motives of these people varies quite a bit. Some want to do harm to a company or the world. Some just are just experimenting without thinking about it hard enough.

About how many viruses are we looking at worldwide?

Well, there are two ways to classify a virus. "Zoo viruses" are contained by anti-virus programming companies. "Wild viruses" are ones that are actually out there and infecting machines, but they too can become extinct on their own. Any given month, there are a couple of hundred wild viruses out there, but some are relatively harmless or just posted on someone's server. There are tens of thousands in the "zoo" and probably more that have just winked out of existence.


How do you catch them all?

Well, I can look at the technical details and the language of the virus, and that can give me a general clue as to what kind of programmer wrote this. But the forensics and the law enforcement aspect of this isn't really in my hands. I'm more of a biologist than a hunter, if you will. I look at the reasons viruses work, and the general trends they are taking. I'm always looking a few years into the future to see what will be coming next.

And what might that be?

There are always platforms and niches where we expect to see viruses in before too long, but I don't want to give a list -- it might give people ideas. I will tell you this, though: As networks become more powerful, we see more problems. What's coming next is really just more and more of the same. That's probably the hardest part of the job -- keeping up with the growing complexity of the computer programs. Keeping up with the multitudinous code that has all of these niches where viruses can attack.

So what might you have in store for virus writers in the future? [Anti-virus software maker] Symantec will be putting out a Digital Immune System under DESCRIPTION TK Norton (Utilities). Digital Immune is the umbrella name for a whole suite of anti-virus and immune control systems. The immune system will monitor a slew of often-targeted hosts in a computer. When it sees something that looks odd, it sends it out as an encrypted attachment to the analysis center on the other end. This center examines the virus and sends back the proper data to wipe it out.

You can still make the loose biological analogies with antibodies being sent out into the bloodstream and sending back the cure. Hopefully, the cure will come back before the virus begins to spread. That's the kind of technologies that we're working on -- total automation. Either you'll try to open a file and the system will say no, or you'll never even see the file. You won't even know that for a moment or two your system was in danger of being infected.


Any advice for those of us without that sort of protection?

As always, be very careful opening attachments. Some people say 'Be wary of messages from strangers,' but that isn't enough. You have to be careful even if they are from people you know. If someone sends you an unexpected attachment, you should call that person and make sure that they intentionally sent it to you.