Computer viruses present an increasing risk to the integrity of information systems and the functions of a modern business enterprise. Systematic study of this problem can yield better indicators of the impact of computer viruses as well as a better understanding of strategies to reduce that impact. We conducted a Computer Virus Epidemiology Survey (CVES) on the World Wide Web to examine indicators of the impact of computer viruses. A major finding from the CVES is that multiple indicators of the impact of computer viruses reveal a problem growing more severe that affects large, as well as small, organizations. Another important finding is that apparently undetectable viruses caused only about 15% to 21% of problems reported in workgroups using antiviral software, leaving a substantial amount of damage due to viruses that were probably detectable. Another important finding is that viruses not detected despite regular updating of antiviral software caused only about 15% to 21% of virus problems reported in workgroups using antiviral software. The possible reasons for failure to detect include improper configuration of software and the inability of all known anti-virus detectors to detect. A related implication is that a substantial amount of damage due to viruses could probably have been prevented by regular updating of antiviral software. We also used the CVES in the development of a simulation model for the spread of computer viruses in workgroups in order to analyze the effect of a notification process on control. Our major finding is that the process of notification, whether by human behaviour or by technology, substantially reduces the impact of computer viruses in workgroups. For example, if a workgroup has a period of vulnerability when only 80% of its workstations are effectively using antiviral software, then even a 50% probability of notification of a detected virus substantially reduces the burden. An added benefit of maintaining an environment with high effective antiviral software usage and high levels of notification is that greater rates of communication rates events that can potentially transmit computer viruses within the workgroup actually become protective reduce the impact of computer viruses in the workgroup. Anecdotal observations also indicate that the process of notification is significant in controlling the spread of ''new'' viruses not yet detectable by software, although the process of notification from law enforcement authorities to workgroups was not in the simulation model. More formally, the reduced impact of computer viruses in a workgroup due to a protective effect of greater rate of communication events that can potentially transmit computer viruses corresponds to a situation when a computer virus introduced into the workgroup produces, on average, less than one copy in the workgroup. This threshold corresponds to the basic reproduction ratio in epidemiology that describes the spread of infectious disease.
[1]
Jeffrey O. Kephart,et al.
Measuring and modeling computer virus prevalence
,
1993,
Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.
[2]
G. Smith,et al.
Basic Epidemiology
,
1994
.
[3]
Joan L. Aron,et al.
Application of Models from Epidemiology to Metrics for Computer Virus Risk - A Brief Update
,
1999,
IICIS.
[4]
Steve R. White,et al.
Fighting Computer Viruses
,
1997
.
[5]
David M. Smith,et al.
The cost of lost data
,
2000
.
[6]
Jeffrey O. Kephart,et al.
Directed-graph epidemiological models of computer viruses
,
1991,
Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.
[7]
Richard W. Pew,et al.
Modeling human and organizational behavior : application to military simulations
,
1998
.