Bugs at Internet speed? Pt II

Errors not unheard of with automatic antivirus software

And errors do creep in. Just ask Richard Armstrong. On Wednesday morning, calls started trickling into Armstrong, a system administrator for a Tulsa-based coal and natural resource venture. Each caller complained that his or her computer would not boot up. Soon after, the trickle turned into a torrent.

By noon, almost 250 computers at the office -- more than 80 percent of the company -- were unusable, said Armstrong, who asked that his company's name not be used.

Armstrong and other system administrators puzzled through the problem and by early evening found the cause: the latest updates from antivirus software maker McAfee had reacted badly to the Oklahoma company's own software, fouling up the works.

"We had people here late last night," he said. "We basically had to manually remove the antivirus software."

That's not all that unusual, said Virus Myths' Rosenberger, who found conflicts between installed software and antivirus scanners on a weekly basis when he consulted with a large firm. He kept a 25-user licence of a competitor's virus scanner to install on troublesome machines in the hopes that if one didn't work, the other would.

"It gets to the issue of 'safe hex,' " he said. "Are you checking your updates, turning off macros, and testing software? You should be."

Add the lack of testing on the side of clients to an automated system, and you have a recipe for a major meltdown.

Such problems are not flights of fancy, either. In the late 1970s, two researchers at Xerox PARC, John Shoch and Jon Hupp, wrote a paper on their experiences using the first computer worms to do network maintenance and distributed computing. "Instead of viewing [our network] as 100 independent machines," they wrote in a 1982 article in Communications of the ACM, "we thought of it as a 100-element multiprocessor, in search of a program to run."

The programs they ran were fully automated and distributed themselves throughout the system as needed -- one of the attributes of worms and, in many ways, similar to the increasingly automated update systems of today.

In the case of Shoch and Hupp, the complete lack of oversight led to problems.

One night, a small worm was left running to test its ability to control itself. When the duo arrived the next morning, dozens of the Alto computers used in their experiments were dead. Each time Shoch and Hupp restarted an Alto, it would freeze up.

"The worm would quickly load its program into [the computer] -- the program would start to run and promptly crash, leaving the worm incomplete -- and still hungrily looking for new [computers]," they wrote.

"The embarrassing results were left for all to see: 100 dead machines scattered about the building."

For Armstrong, a failure meant 250 computers on the blink; for Shoch and Hupp, it was 100. For a system connecting an antivirus firm directly to all its clients over the Internet, the result could easily be 100,000 machines.

For that reason, such firms have continued to test the security and slowed the transition to the new systems. Symantec will only deploy the Digital Immune System in medium to large companies, where professionals can oversee the process. For the time being, no consumers will be using the system, said Vincent Weafer, director of Symantec's Antivirus Research Centre. "When we look forward, we have to make sure that the infrastructure is secure," he said. Symantec also intends to make its system forgiving as well. The company will soon add an automatic rollback feature -- letting customers return to the last set of definitions -- to its newest scanner.

MyCIO's Kouznetsov agrees that security needs to be done right.

"The most important thing to get right in these systems is security," he said. "With these systems, you are starting to control the [client's] computer. Every step along the way, we thought about how to make sure that people don't abuse the system."

And so it boils down to a matter of trust, said Kouznetsov.

"There is a leap of faith here," he said. "Do you trust the people who make the solution? You trust the people who have control of nuclear weapons. We are asking you to trust us."

Take me back to Pt I/ Bugs at Internet speed?

Take me to ZDNet Enterprise

To have your say online click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.