In the beginning, when most of the internet was still rolling green fields, there was no need for antivirus software. Early web users could swap files with anyone without risk of infection - and they did, en masse, on messageboards and servers across the early web. Those were carefree days.
But in the early 80s, just like in the real world, everything changed. A program called 'Elk Cloner' was the first computer virus to appear in the wild. It was more of a practical joke than anything else, merely displaying a short poem if the videogame it was hidden inside was played more than fifty times, but it gave others more malicious ideas.
Evil elks
Early viruses spread over physical vectors like floppies and zip disks, but as the internet hooked up more and more computers, it quickly took over as the primary means of infection. Today, viruses cause billions of dollars worth of economic damage every year through data loss, systems failure, resource wastage and maintenance costs.
Virus creators and security researchers are fighting a brutal arms race over each new vulnerability discovered, while consumers suffer under the weight of bloated antivirus software that often does more harm than good. To date, no antivirus software can catch all malware.
But can we turn back the clock? Can we return to those halcyon days when you could let your parents play for hours unsupervised with an unpatched version of Internet Explorer?
Breaking the stalemate
An Israeli startup called CyActive believes it has a secret weapon that could finally wipe computer viruses off the face of the planet forever. "We've developed an unprecedented ability to automatically forecast the future of malware evolution, based on bio-inspired algorithms and a deep understanding of the black-hats' attack-launching process," explains Danny Lev, chief marketing officer at the company.
CEO Liran Tancman, who spent a decade in Israel's intelligence corps and was head of its cyber strategy unit before founding CyActive in 2013, details the problems with our modern approach to fighting viruses. "If and when a threat is exposed, it is analysed and a counter-solution is designed," he says. "Response times vary from weeks to years. Even if a solution is made available, attackers can easily modify the original code, evade the updated security measures, and once again a new threat is born."
This is a problem primarily because it's so inefficient, he says. "Attackers keep adapting to the evolving defences, despite the significant efforts exerted by cyber defenders in both enterprise and the cyber security solution vendor community. The unnerving ability of cyber-criminals, cyber terrorists and rogue nations to circumvent defensive mechanisms time and time again must be addressed to fundamentally change this battle ground."
Lev added: "The reactive paradigm creates an asymmetric relationship, whereby hackers have the unfair advantage: 'recycling' malware for re-use is quick and cost effective, while fighting malware is time-consuming and expensive. The mind-boggling fact is that for every dollar spent by black-hat hackers, hundreds of dollars are spent by the IT security industry. This economic imbalance is the springboard from which cyber-crime, cyber-terrorism and cyber-warfare are launched."
Predictive analysis
CyActive's approach to solving this problem involves predicting in advance how virus creators might vary their malware, blocking potential attacks before they're even created. "CyActive's algorithms predict hundreds of thousands of ways in which hackers could evade existing security measures," says Lev.
"Based on this foreknowledge, CyActive is the first to offer proactive detection of future malware before it has ever seen the light of day." That technique has won it funding from an Israeli cyber-security incubator.
However, despite the startup's grand claims of "unparalleled protection" for its customers, Lev declined to detail exactly what aspects of biology inspired the "bio-inspired" algorithms. When asked what's stopping virus creators adapting their software to outwit CyActive's algorithm, Lev said: "We constantly adapt the detectors, making sure we stay one step ahead." To us, that sounds suspiciously like we're back to square one of measures and countermeasures.
Come at me, Bromium
Another startup working on the same problem is Bromium, which has raised $75 million since it was founded in 2010. Its approach is completely different - it uses hundreds of miniature virtual machines that capture every web page, email and instant message that arrive and isolate them from each other. If something that looks infectious arrives, it's kept quarantined until an administrator can review it and dispose of it.
It works on Intel-based hardware, Windows 7 64-bit and 32-bit, Android, and Apple's OS X, protecting against web, email, USB, and instant messaging attacks. It doesn't yet operate on iOS devices, due to Apple's fondness for total control over its software. It can be baked deep into a device's hardware, and operates invisibly to the user.
Security researcher Simon Wardley wrote in May 2013 that he was a big fan of Bromium's approach. "I used to work in the security industry and I can happily say that a chunk of it is based upon snake oil and fear. The general principle of creating a secure but functionally useful system is based upon solving an impossible problem and with good commercial reasons," he said.
"What Bromium has neatly done is not try to solve the impossible (preventing you from being attacked) but instead limited any damage to as small and as temporary a space as possible. The fear is gone. Just because one email has been compromised, doesn't impact all the other emails or the other applications and environments on my machine. It's all isolated and to get rid of the problem I just close that email."
Sandboxing the future
So while it's likely that we'll never be able to rid the world of malware and computer viruses, it may not matter. By putting everything we do on our computers into a little box that can't interact with anything important, we can make viruses essentially pointless by preventing them from doing any damage.
On the other hand, this approach means every web page, email and instant message you receive can be viewed and analysed by your network administrator - a deep packet inspection nightmare for anyone who cares about their privacy.
On that, perhaps Benjamin Franklin said it best. "They who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety."
