The Hand That Rocks the Net

Not so long ago it was common for high-minded "Netheads" to spout theories about the Internet's capacity to learn, evolve and, yes, even think. For anyone who still believes this, consider a tale of Christmas past. Back in December 1987 -- when fewer than 100,000 people were using the Internet -- a nasty computer code called Christma.exe swept the globe, infecting thousands of mainframes. The virus, which traveled via e-mail, came with a message: "Here's a Christmas greeting I thought you'd like."

Uncomplicated and compact, Christma.exe was a clever program. Even so, the virus required some naivete on the part of its recipients. The e-mail could wreak havoc only if a person executed or clicked on the attached ".exe" file. Most did. Once lodged inside a host computer, the Christmas virus destroyed files and replicated itself hundreds of times, stymieing the computer's random access memory. It copied a list of people who frequently received mail from its host and parceled itself out seeking new victims.

Any of this sound familiar? The Christma.exe scourge of 1987 mirrors events this spring when a couple of Philippine miscreants unleashed the I Love You virus, which itself followed the Melissa virus contagion. And despite the massive damage and equally sizable media coverage of I Love You, this summer's Killer Resume and Very Funny.vbs viruses are still finding victims.

What all this says about the state of the Internet is alarming: In 13 years, the network's collective subconscious has learned nothing. "Instead of evolving and becoming stronger, the Internet has become 'dumber' and less efficient," says Fred Cohen, a computer scientist at Albuquerque, N.M.-based Scandia National Laboratories.

Cohen is widely recognized as the first person to use the word "virus" as a metaphor for malicious code. Over the last two decades he has studied the similarities between digital viruses and biological ones. These days, he questions the extent to which biology can help explain social, economic and technical development on the Net. Cohen notes, for instance, that the Internet has yet to develop a decent immune response system.

The similarities between the Christma.exe and I Love You bugs illustrate a glaring flaw in the biological metaphor on which many people base their understanding of the Internet. Scholars tend to see the Net as a Darwinian ecosystem, a landscape of machines, wires and code in which users -- sophisticated hackers and newbies alike -- would each fill a useful niche in the evolving, symbiotic digital world.

According to this worldview, Net users encountering a series of similar viruses would learn from experience, adapt and develop a means of protecting themselves. How? By weeding out inferior software, faulty hardware and incompetent network engineers. The end result: A better, smarter, more balanced system.

Virus-writers and hackers often cite this Internet-as-Serengeti philosophy to justify their destructive activities. By authoring rogue programs they're exposing vulnerabilities in the network and improving the state of Internet security. In its February 1995 issue, Wired lent mainstream credibility to the idea with a piece titled "Viruses Are Good for You." And five years later, even those who disdain hackers see a place for them in the grand scheme of things. History may treat them as the "early warning system of cyberspace," says Winn Schwartau, author of the recent book Cybershock (Thunder's Mouth Press).

Sure, viruses might be good for the Net just as termites have their purpose in the right environment. In a densely wooded area the little bugs are a natural deforestation, as well as a source of food for birds and other animals. In the same sense, viruses and hackers might fill a niche on the Net -- but only if the Internet's ecology were a healthy one.

Unfortunately, there's ample proof that the global network has taken a turn for the worse on its evolutionary path. Instead of termites in the Amazon basin, picture swarms of them feasting in Central Park, an artificial environment where every tree is a more valuable resource than its jungle counterpart. That's what hackers and viruses are to today's Internet.

The Net's ecosystem is clearly dysfunctional, says Bruce Schneier, one of the world's leading cryptography experts and CEO of Counterpane Internet Security based in San Jose, Calif. How are hackers prodding the Net down a warped evolutionary path? "On the Internet, you have malicious adversaries designing viruses to attack someone in a methodical way. Computer viruses don't occur randomly the way they do in nature," says Schneier. "So, there's no way for the Net to keep up -- just like our ecosystem can't keep up with man." As in nature, it is man's will that is throwing the Internet ecosystem out of balance. This will, or agency, as philosophers call it, must be taken into account when measuring the Net ecosystem's development.

As you read this, virus writers are busily fashioning new mutations of I Love You. Though it's impossible to estimate the volume of viruses now coursing through the Net's infrastructure, researchers at Symantec (SYMC) , makers of the bestselling Norton antivirus software, estimate that about 40,000 are currently in circulation, more than double the number at the end of 1998. (The human fight against real-world viruses and disease isn't nearly so daunting by comparison, at least in terms of numbers. Although an estimated 1,500 people around the world die every hour from an infectious disease, only 30 new diseases -- including ebola and hantavirus -- have emerged in the last three decades, according to the National Center for Infectious Diseases in Atlanta.)

In 1996, a mere 10 out of every 1,000 computers were infected with a virus in a given two-month period. Today, according to the International Computer Security Association in Reston, Va., some 80 computers per 1,000 are virus-stricken. A recent Pricewaterhouse-Coopers study predicts viruses and hackers will cost businesses worldwide more than $1.5 trillion this year -- for everything from new servers to lost productivity.

Originally created as a forum for collaborative ideas, the Internet wasn't designed to be secure. Rather than maturing from that state of innocence, as one might expect, recent market developments are working against tougher security. Companies trying to seize first-mover advantage often release buggy and insecure software. More important, functionality has become the main catalyst of Net evolution. Security is a growing, but still small part of the innovation equation.

Consumers too are partly to blame. "Evolution takes place when the weaker one dies out," says Steve Bellovin, a research fellow at AT&T Labs in Florham Park, N.J. "So far that's not happening. If Microsoft (MSFT) Word is vulnerable to macro viruses, you would think people would move away from Word toward another product. Until you see a product losing market share because of security problems, there's no natural evolution in software development."

The network effects surrounding Microsoft's dominance in Web browser and e-mail software are much discussed. And Bellovin's point was noted after security experts observed that the I Love You virus spread so quickly because of Microsoft Outlook's dominance as a consumer e-mail program. It's what ecologists call a monoculture -- the same absence of differentiation that allowed a single organism to wipe out Ireland's homogeneous potato crop, causing the famines of the 1840s.

Another reason for the dysfunction: The Internet may be growing too fast to develop a decent ecology. Indeed, people who experienced the Christma.exe virus in 1987 are a small portion of the Net's current population -- too small, perhaps, to contribute anything to the network's collective memory.

Even if the Net were to someday develop a healthier, balanced ecosystem of sorts, is a digital Darwinism, in which the fittest survive, really what we want? Not everyone is willing to abide the life and death struggles this type of world implies. "Saying all this destruction occurs for the good of the system is OK if you're talking about zebras, but if it's my human resources database, I don't want to hear it," says Schneier.

Whatever the case, the Internet is plagued with problems that mirror the natural world: crime, hyperfast population growth and economic imperatives that run counter to its well-being. Those engaged in business and policymaking on the Net, however, should be aware that the invisible hand of market capitalism is not the same as the arbitrary, sometimes cruel hand of Mother Nature. It is the invisible hand for now, though, that guides the evolution of the Net.