1- IntroductionRational anti-virus policies must be based upon accurate information about computer virus prevalence and a solid understanding of the factors which govern it. These two essential ingredients have been sadly lacking. A few years ago, many people severely underestimated the magnitude of the computer virus problem -- even claiming that viruses were a myth. In 1992, the opposite myth of Michelangelic Armageddon was promulgated by the media. The frenzy over the Michelangelo virus was a dramatic illustration of the general unavailability of information on virus prevalence. Estimates of the number of computers infected by Michelangelo ranged over three orders of magnitude (to as high as 5 million worldwide! [1]), contributing greatly to widespread concern and handsome profits for anti-virus software vendors. Recently, Certus [2] and Dataquest [3] have attempted to measure the extent of the computer virus problem by surveying hundreds of business, government, and educational organizations in the United States. They made some interesting discoveries -- for example, the minimal extent to which most organizations are armed against computer viruses. Unfortunately, however, a number of fundamental conceptual and methodological problems prevented them from getting a clear picture of the prevalence of computer viruses. The substantial overestimates of the number of Michelangelo infections can almost certainly be traced to an understandable misinterpretation of some of the Dataquest results by the media and by some prominent people in the anti-virus industry [4, 5]. Given that the current prevalence of computer viruses has been subject to tremendous exaggeration in both directions, it should hardly be surprising that predictions of their future prevalence have been subject to exaggeration as well. In March, 1990, a well-publicized claim was made that viruses would increase in number exponentially, and that 8 million PCs would be infected by March, 1992 [2]. Based on this theory, it was concluded that virus scanning was ineffectual, and that the only solutions were either broad usage of restricted function computers or a massive campaign to strictly control the execution of all software on all of the world's PCs. Our own observations of real-world virus incidents on a large, stable population of PCs and our theoretical modeling of computer virus spread reveal a much more realistic picture of the situation, and provide a much different, less drastic set of recommendations for dealing with the problem. In Section 2, we review briefly our previous theoretical work. This provides the context for two new epidemiological models described in Section 3. Both of these models serve two purposes: they may help to explain some of the observations presented in Section 4, and they lead to prescriptions for novel anti-virus technologies and policies. In Section 4, we present some of our real-world virus statistics, interpreting them in the light of our theoretical results. We summarize our findings and discuss future directions in Section 5.
|