Diseases and parasites are present in every population: even
simulated software lifeforms will rapidly evolve parasites. You
may think of parasites such as ticks, worms, and mites with some
distaste, but evolutionarily speaking parasites are incredibly
successful: at one estimate, there are three to four parasite species
for every one free-living species.
The inevitability of parasitical lifeforms has had a big impact
on our own. One theory about why we spend so much effort in sex
is that it's a defense against parasites: the little things that
enjoy eating us so much may be able to breed a million generations
to our one, but every time we breed, we can switch our defenses
around and present our parasites with a whole new set of locks.
It's one of the great dangers of a monoculture, as farmers have
found. Bananas, for instance, rarely pollinate, and the vast
majority of bananas grown around Africa, Asia, and South America
are clones vulnerable to parasites like nematodes and wevils,
leading to crop losses of up to 50%.
We all know about another great monoculture and the parasites
that feed off it: Windows on the desktop and the server, and the
worms, trojans, viruses, and other malwares that live off it.
It's often been remarked that if a parasite like Sobig.F was
truly malicious, it could cause much greater damage than simply
filling up our mailboxes with junk and overloading networks and
routers. It could simply destroy files, corrupt data, reformat
disks... having got into a system, the potential for damage is
extraordinary. But when you look at viruses (or rather the
people who write viruses) as diseases, rather than as criminals,
you understand why. A disease that kills its host cannot spread
to new ones. "Hot" diseases, such as Ebola, may win the headlines,
but it is the "cool" ones, like malaria, which infect the most
Most diseases jump from species to species over time, and a new
disease tends to be "hot" - Ebola, for instance, is thought to have
jumped from another species quite recently. Over time, the disease
adapts to its host, and finds the sweet spot between maximum
exploitation and maximum transmission.
We have seen something similar happen with computer viruses over
time - the early ones simply trashed data, destroying entire
disks or selected files. Later ones comprimised security in obvious
ways, sending out personal documents and information. The current
state of the art is more subtle: install IRC backdoors, collect
information, "own" the system without damaging it or informing the
The anti-virus experts agree that there is really no sure way to stop
software parasites from entering. The current state-of-the-art in
anti-virus software is unable to deal with software that can adapt
hundreds or millions times faster than the anti-virus programmers.
Meanwhile, Windows is present on every desktop, and despite the many
names it goes under (Windows 98, Windows XP, Windows 2000...), it
is basically the same operating system each time, as MS Blaster
Office and personal computing thus consists of an unprotected and
unprotectable monoculture fighting the inevitable battle against
software parasites, and losing.
What is the inevitable conclusion? What happens when a plantation
of clones is hit by a successful parasite? When there is no cure
that can be easily applied, and when the parasite can evolve many
times faster than any defense?
You've got it. Plague.
I suspect we're seeing the start of it now. One month ago, I could
filter the 60% or so spams and viruses out of my email. Today more
than 95% is junk, and this is after passing everything through one
of the best spam filters out there (Spam Assassin). Luckily the
junk emails are easily deleted, and I'm not afraid of losing real
email. It's simply the scale of the problem that astonishes me.
What percentage of domestic PCs are infected today with one or
other software parasite? Figures are impossible to come by but I
suspect it's very high indeed if you include spyware, trojans,
porn dialers, and other low-level parasites that signal the failure
of the defensive system. I let a friend use a Windows PC the other
day when I came back an hour or two later, I found she had downloaded
and installed not one, but multiple parasites, happily clicking on
every "Yes, I will install this" box she saw. I reformatted the box
and threw on a Linux, and within an hour she was back surfing, her
only complaint being that MSN was gone. Yes, indeed. Gone.
What percentage of Windows PCs are 0wn3d by one or other parasite?
By multiple parasites? By spammers working with crackers working
with corrupt web site designers and pornographers? Enough, I think
to ensure that within a short time - say 6 to 12 months - we will
hit infection levels of 50% and more. The vast majority of home
PCs, happily connected to the Internet, will be hit, and a large
proportion of office PCs, insufficiently secured and protected,
will also succumb.
Forget Y2K, this is going to be traumatic. The last outbreak of
Sobig.F was bad enough to paralyze several government departments
and businesses. Consider this as a test run. Windows parasites
are still in their "hot" phase, and despite having evolved to
leave their host PCs more or less intact, they still wreak havoc
Competition between parasites is common in nature, and it's common
in software too. One virus starts to spread, and a second virus
comes along, its only goal to knock-out the first one. "Hurray",
cries the population, "there are also good viruses". Wrong. The
war between parasites takes place without consideration for lateral
damage, it is a competition for territory, not a battle between
good and evil.
Parasites have their parasites, too. Any parasite that gains a
wide-spread foothold, installs backdoors on a sufficient number of
PCs, 0wns enough property, will itself become the target of other
parasites. It's far easier to hack one backdoor protocol and use
that for your own advantage than to laboriously construct the whole
network from zero. The key question is: will a parasite's parasite
be hot or cold? And the answer is the standard one: parasites
start hot and get cooler over time.
And so we come to the nightmare scenario. A relatively benign
parasite has infiltrated the general population and suddenly a very
"hot" parasite discovers how to piggy-back that infection. In the
blink of an eye - a day, an hour - 50% of Windows PCs around the
world are destroyed. It can happen, and therefore, it most probably
We are very close to such a scenario. I believe less than a year.
What will happen? At first, much joy and "I told you so's" from the
Linux community. Next, realization that joy is a less appropriate
reaction than, perhaps, outright panic. Lastly, tears and retribution
as entire swathes of the online and business world are paralyzed by
a catastrophe more serious than we ever imagined possible. It won't
matter who was right and who was wrong: when the bomb drops, we will
The cure is obvious, but for the moment, the patient is refusing it.
We must, clearly, move away from the monoculture and back to a rich
mix of hosts where change (like sex) is recognised as being an
essential part of staying alive. Linux is a good start but it's not
enough by itself: with 95% of PCs running Linux, we would still have
a monoculture, and have much the same problems.
In this story lies a challenge, and an opportunity.
First the challenge. It's very simple, and it will save a lot of pain
and suffering. We need a Linux distribution that is aimed at rescuing
an infected and dying Windows PC. It should take over the Windows data,
recover emails and addresses, documents and files, and archive these
for safety. It should install a basic set of tools and applications so
that life can continue more-or-less as normal. It should come with a
big red sticker marked "IN CASE OF DISASTER INSERT THIS CDROM
AND REBOOT", and there should be millions of these,
distributed around the world.
Secondly, the opportunity. The laws of biology and evolution make
it almost an inevitable outcome. Our software systems - operating
systems, services, network management systems, protocols and gateways
- need mechanisms that will generate defenses against parasites.
It's no use trying to build these defenses manually - parasites will
always have the edge, being able to breed and evolve much faster than
any manual process. It must happen automatically: our systems need
the capacity to breed, and more specifically, the capacity to shuffle
their patterns around at regular intervals.
Large parts of our biological systems are the result of the wars
between parasites and free-living lifeforms. It stands to reason that
large parts of future software systems will likewise be constructed
around the need to continue operation under wave upon wave of unrelenting
hostile parasites. What I'm talking about is sex. "Software protocol
seeks compatible gateway for exchange and mutual benefit."
I'm not even speaking about the distant future. My theory is that
software systems which can't incorporate this kind of change mechanism
will simply die, and that we are already seeing the start of this process.
The opportunity is clear: design software systems that confound the
parasites, and these systems will eventually rule the world.
In the second part of this story I will present an analysis of what "sex"
actually is, and how it can be replicated in software systems. If you
want a head start, take a look at the entry on sex in Heironymous'
A complex social and physical process of negotiation and trade between
groups of genes, implemented finally by an exchange of body fluids and
reproductive cells through the use of various internal and external organs.
-- HeironymousCoward, 1 September 2003