Cyber-Docs Computer Virus Hunters Try to Keep Bugs in Check

Article excerpt

The narrow, windowless room is guarded by electronic locks and the red-beam light rays of motion detectors. Two dozen computers blink as programs run. A couple of filing cabinets have bars and locks.

David Chess unlocks one metal cabinet, gently opening a drawer that holds row after row of unassuming computer disks. "This is our collection," Chess said with pride, as if he were a wine collector showing off his cellar. "It's a complete set of the world's known computer viruses."

A tall, bearded 36-year-old computer scientist, Chess works at the IBM Thomas J. Watson Research Center, where he specializes in the detection, analysis and extermination of computer viruses. He is a member of the small group of professional virus hunters, estimated at fewer than 100 people scattered around the world from Silicon Valley to Reykjavik, Iceland.

Their field is only a decade old, tracing its origins to 1987 when the early viruses like Brain and Jerusalem began to infect personal computers. Yet today, the antivirus experts find themselves not only in a fast-paced, rapidly growing business but also being forced to pursue innovations in artificial intelligence and computer-immune systems to stay a step ahead of new viruses spreading over the Internet.

"With the Internet, viruses can spread 10 times faster than they ever did before," said Peter Tippett, president of the National Computer Security Association, an antivirus group in Carlisle, Pa.

Today, the threat posed by computer viruses is a matter of debate. As in biology, a computer virus lives on its host. The ones that are immediately destructive are the least likely to spread.

But even so-called benign computer viruses can cause problems because they are unwanted strands of software code, which can act as bugs. For example, the Concept virus, which infects Word documents, is not deliberately destructive. But it causes bug-like problems, altering data or hindering printing, in 2 to 5 percent of the infected cases, estimates the National Computer Security Association. The cost of all computer viruses to users in terms of lost time, cleanup and repair is more than $2 billion a year, the association says.

Virus hunters are engaged in the digital-age equivalent of medieval warfare, an escalating battle between arms and armor. Their adversaries - the virus writers - traditionally have been a few hundred bright, bored teen-age boys. These nerdish vandals give themselves swaggering nicknames like Death Star, Dark Avenger or Tough Guy, and they often belong to gangs like Nuke, Vlad, Phalcon/Skism or the Digital Hackers Alliance.

Most virus writers are the graffiti scribblers of cyberspace, as only about one third of viruses are deliberately destructive. But other virus writers are closer to digital arsonists, writing virus programs intended to crash computers or erase data. (Legally, the malicious intent is difficult to prove. Only in a few nations, including Italy and Switzerland, is distributing a computer virus against the law.)

Typically, virus writers abandon their adolescent mischief when they reach their 20s. "Most virus writers stop when they grow up, get a girlfriend or a real job," said Fridrik Skulason, the president of Frisk Software International, an antivirus software company in Iceland.

Yet the profile of the typical virus writer seems to be changing, too. Sarah Gordon, security analyst for Command Software Systems, an antivirus company in Jupiter, Fla., specializes in the sociology of virus writers. Recently, she has noticed a difference, as more virus writers are in their 20s and 30s.

"The new virus writer is a whole different breed, older, more talented, using better equipment and less likely to be linked to groups," Gordon said.

More than anything else, the Internet is changing the craft of the virus hunter. For years, computer viruses spread mainly by people physically exchanging infected diskettes. …