written 8.5 years ago by |
i. The Digital Immune system is a comprehensive approach to virus protection developed by IBM. The motivation for this development has been the rising threat of Internet-based virus propagation.
ii. Traditionally the virus threat was characterized by the relatively slow spread of new viruses and new mutations. Antivirus software was typically updated on a monthly basis and this has been sufficient to control the problem.
$$\text{Figure 6.1 Digital Immune System}$$
iii. Also traditionally, the Internet played a comparatively small role in the spread of viruses. Two major trends in Internet technology had an increasing impact on the rate of virus propagation in recent years:
- Integrated Mail Systems: Systems such as Lotus Notes and Microsoft Outlook make it very simple to send anything to anyone and to work with objects that are received.
- Mobile-Program Systems: Capabilities such as Java and ActiveX allow programs to move on their own form one system to another.
iv. In response to threat posed by these Internet-based capabilities, IBM has developed a prototype digital immune system. The objective of this system is to provide rapid response time so that viruses can be stamped out almost as soon as they are introduced.
v. When a new virus enters an organization, the immune system automatically captures it, analyzes it, adds detection and shielding for it, removes it and passes information about that virus to systems running IBM antivirus so that it can be detected before it is allowed to run elsewhere.
vi. The operation of digital immune system as follows:
- A monitoring program on each PC uses a variety of heuristics based on system behaviour, suspicious changes to programs or family signature to inform that a virus may be present. The monitoring program forwards a copy of any program thought to be infected to an administrative machine within the organization.
- The administrative machine encrypts the sample and sends it to a central virus analysis machine.
- This machine creates an environment in which the infected program can be safely run for analysis. Techniques used for this purpose include emulation, or the creation of a protected environment within which the suspect program can be executed and monitored. The virus analysis machine then produces a prescription for identifying and removing the virus.
- The resulting prescription is sent back to the administrative machine.
- The administrative machine forwards the prescription to the infected client.
- The prescription is also forwarded to other clients in the organization.
- Subscribers around the world receive regular antivirus updates that protect them from the new virus.
vii. The success of digital immune system depends on the ability of the virus analysis machine to detect new and innovative virus strains.
viii. By constantly analyzing and monitoring the viruses found in the wild, it should be possible to continuously update the Digital Immune System software to keep up with the threat.