7- ConclusionThe problem of DOS viruses continues to get slowly worse around the world. There are many more viruses than there were a few years ago, and they are appearing at a slightly higher rate. Virus incidents have also increased slightly, but we have to analyze the changes in prevalence of each individual virus in order to understand this trend. Fortunately, we have made significant progress in this regard. We have achieved a good basic understanding of the spread of computer viruses. We know that a virus can either spread widely or almost not at all, depending upon how fast the virus spreads and how quickly and infection can be found and eliminated. If a virus does spread worldwide, it will rise slowly in prevalence, until it reaches an equilibrium level in the population. For DOS viruses, this rise is very slow, often taking months or years. The equilibrium level is also quite low. Well-prepared organizations experience about one virus incident per quarter for every one thousand PCs they have, and this incident rate has not changed substantially for a number of years. Our ongoing study of actual virus incidents had also demonstrated the remarkable effectiveness of good anti-virus software coupled with central incident management in controlling the virus problem within an organization. This paper has focussed on the causes of the major changes in viral prevalence worldwide. We conclude, perhaps surprisingly, that the use of anti-virus software does not play a major role in these changes. Rather, they are determined by the way in which specific viruses, and classes of viruses, interact with the world's computing environment. We examine the history of several specific viruses to understand this interaction between a virus and its changing environment. The Michelangelo virus was never very prevalent, but media attention to it resulted in increased reports of viruses of all kinds, followed by a temporary decrease in reports. The Brain virus, which spread primarily among systems without hard disks, effectively died out as systems with hard disks became the norm. Virtually all file viruses, including the once-prevalent Jerusalem virus, have decreased dramatically in prevalence because of the increased usage of Windows, and because Windows is fragile in the presence of file viruses. The Form virus, along with other boot viruses, have increased substantially in prevalence, to the point where boot viruses account for around 90% of all virus incidents today. Their spread is not unusual. It is the expected behavior of viruses in a population. They have not died off as have file viruses because their spread is not limited by Windows. If the computing environment did not change, we would expect that file viruses would remain very low in prevalence, while other boot viruses would increase substantially. If dozens of boot viruses became as prevalent as the Form virus is today, the total number of virus incidents would increase substantially. By examining trends in the computing environment, however, we can analyze how these might affect computer virus prevalence in the next few years. Increased use of 32-bit operating systems, such as OS/2 and Windows, is likely to cause a decrease in the prevalence of all current DOS viruses. This is not because they were designed to resist viruses. Quite the contrary, viruses can be written for and spread by these operating systems. Rather, the predicted decrease in DOS virus prevalence is simply because features that current DOS viruses use to spread changed in these newer operating systems. Increased networking, and global networking in particular, will tend to increase the spread of file viruses and decrease the spread of boot viruses. Viruses written to take advantage of features of 32-bit operating systems, especially local and global networking, could become increasing problems. This is a worrisome prospect, as viruses can spread with remarkable speed on world-wide networks. The technology required to deal with a world of rapidly spreading viruses will be much more challenging than current anti-virus technology. It will be required to respond very quickly, and globally, to new viruses -- probably more quickly than humans can respond. While elements of this technology are working in the lab today [19, 20] the task of creating an immune system for cyberspace will occupy us for some time to come [21].
|