Frequently Asked Questions

Q: Help, I have a virus!
A: First, don't panic! If your data is all still there chances are you'll be okay. First, go out immediately and get some quality anti-virus software. Follow the instructions. Call tech. support if it doesn't fix it! I know that all sounds remarkably unexciting

Q: How can I protect myself from viruses/worms/spyware?
A: There are a number of different things you can do to protect yourself from malicious code. Each of the steps is synergistic, and I strongly recommend you follow them all:

• Back up your computer. Yes, it's that simple. If your data is nicely backed up on a CD or DVD, while Malcode can ruin your day, it's not going to destroy your favorite picture of Aunt Rita or your memoirs. I can't stress this enough. Backup.

• Buy some decent anti-virus software. Use it and keep it up to date. Some anti-virus vendors don't do a very good job of catching non-replicating malware. If that's the case, enhance your protection with some quality anti-spyware software (or better yet, get a new anti-virus vendor!).

• Protect your computer from the rest of the Internet. Use a firewall of some kind. Don't rely on your Wireless router to protect you.

• Be careful what you run. Carelessly running executables you find online can be very dangerous if they're not from reputable sources.

• Patch your machine. If you run a modern Microsoft Operating System, turn on automatic updates!

In addition to these steps, there are a couple of tools that I personally use - both are free for non-commercial use, but I'll leave it up to you to read the license agreements and make sure you are complying. First, you can get a pretty good free antivirus product from AVG at free.avg.com. Second, Secunia makes a fantastic tool for patch management that is also free for home users. While it may appear a little complicated to use at first, I highly recommend you take a look here.

Q: How can I get a job in security?
A: Work hard! Some people believe that the best way to land a security job is to be a hacker but that's not true in the modern sense of the word. Instead, study security, contribute to some of the security lists and open source projects and hone your skills. While a degree is Computer Science or Software Engineering is helpful, it's certainly not a requirement.

Q:Don't you researchers write all the viruses anyway?
A: No. Even if we wanted to, we simply don't have time. More seriously, it's simply not the case. Yes, anti-virus vendors make money from the virus problem, but assuming that means they're actually writing the malcode just doesn't make sense. It's like suggesting doctors make people ill deliberately to create business.

If you really want to know who writes viruses, the best research can be found on Sarah Gordon's website.

Q: What's the difference between a virus and a worm?
A: The difference is subtle. Worms tend to spread without user interaction, and viruses don't. If you're a security person, this difference is pretty important and beyond the scope of this little FAQ. If you're a home user, the difference doesn't make a large difference in how you should go about protecting yourself.

Q: How do scanners work?
A: Primarily, Anti-virus software comes in two types: scanners and integrity checkers. A virus scanner works by looking for particular "signals" that an object contains a particular piece of malware. Although scanners sometimes detect new viruses, by and large, they only detect viruses that they already know about. As such, virus scanners need to be continually updated in order to provide reliable protection. Most modern scanners can be configured to automatically update themselves when you're on online, and this is highly recommended.

Q: How do integrity checkers work?
A: Because of the limitations of known virus scanning, there has been significant interest in technologies that can detect new, previously unseen viruses. While there are new techniques (such as Sana Security's product line), one tried and true method is using an integrity checker. This technology works by checking for files on your computer which have changed. Unfortunately, change detection isn't virus detection - there are lots of reasons that a file could be changed.

Integrity checking is a powerful technology, but it's really not for everyone.

Q: What is your research on viruses?
A: I have studied many different topics in computer viruses, and also teach a graduate-level course in Malicious Code at Florida Tech. My most recent projects include Gatekeeper, a behavioral virus detection engine with a novel undo feature. At the time of completion, Gatekeeper could detection 100% of new viruses added to the wildlist, with a low false positive rate. I am also working on Hephaestus, a robust simulator for studying topological effects on virus spread.

Despite the fact that my virus work is more well known, most of my research is actually more generally related to computer security.

Q: How did you get involved in computer virus research?
A: Simple. I got a virus - Spanish Telefonica, I think. It triggered on my computer at Oxford, and I "lost" a whole bunch of data. Instead of crying onto my keyboard, I fired up DEBUG and pulling the whole thing apart. A good deal of luck got me in front of Jan Hruska and Peter Lammer at Sophos, and I was hired by Virus Bulletin. The rest is history.

Q: What skills do you need to be a virus researcher?
A: When I got involved in Computer virus research, my primary degree was in Physics. In fact, if you look at many of the early anti-virus researchers, many of them have fairly non-traditional Computer Science backgrounds. However, as the industry has evolved, having a more formal background has become more important.

The most important skills for computer virus research are basically the same as those for a good Computer Scientist. In particular, focus on core skills like low-level programming and the Win32 API. A strong understanding of Networking and security is also highly beneficial.

If you want to be a virus researcher, perhaps the best place to start is to get a first-class Computer Science or Software Engineering degree.

Q: What are some open problems in computer virus research?
A: There are lots. The Holy Grail of research is a good solution for zero-day threats. However, I am also fascinated by new types of Malcode, like BotNets, or malcode on novel platforms.

Q: Why are you focusing mostly on Spyware now?
A: Quite simply, it's a more interesting problem. The Spyware vendors play a game of cat and mouse with researchers, and the technological problems are much more difficult. Spyware is probably going to remain a very challenging problem for quite some time.