I’ve never seen the comics at xkcd.com before, but they are really quite brilliant nerdy comics. Liking virtualization and simulation, I found number 350 at http://xkcd.com/350/ especially fun. And note that that is what some serious researchers are doing, using virtual machines as active honey pots (“honey monkeys“) to go out and contract infections by actively searching the web with machines in various stages of patching.
I also discovered Xkcd a while ago, and it’s definitely brilliant. Actually having a virus zoo would also be nice :-). I remember reading some time ago that an unpatched Windows machine (without firewall etc) connected to the Internet is infected after on average something like 47 seconds.
Almost a minute of safe computing!
That is absolutely true. And the nice thing with virtualization is that you can try that without jeopardizing anything really valuable. What is probably the hardest with a virus zoo is finding a good way to know what has infected it and to visualize the infections as they spread around.
Actually, that would make an interesting research topic for someone. Being able to instrument basically all computer activity in a simulator probably means that you can (using a neural net?) produce a program which can learn to recognise “normal” memory access patterns, network traffic patterns etc and then detect when these are disrupted.
At least for network I’d suppose something like that should be possible. Or maybe it’s already implemented, who knows 🙂
There was an article in the CACM recently on this topic (or it could have been IEEE Computer). Probably, the right place to look for anomalies is in the network communications — understanding the behavior of a Windows machine sounds really hard. While any self-respecting virus, trojan, or worm will start sending spam, spread itself, or some combination of the above.