Tuesday, October 5, 2010

Physical and Digital Health

I found it a bit ironic that, in the final stages of my cold, I should run into an Op-Ed piece in today's New York Times by Jennifer Ackerman, author of Ah-Choo!:  The Uncommon Life of Your Common Cold.  I was impressed by how much Ackerman could say within the constraints of an op-ed column, not to mention the clarity with which she said her piece.  I am not sure that her content will have any impact on my lifestyle, but I am glad to be better informed about the underlying mechanisms.  At the same time, I feel it worth noting that I came away so well-informed by her column that I see little need to read her book!

Ironically, my encounter with disease in the physical world has now been matched by one in cyberspace.  Yesterday my Yahoo! Mail account was compromised, and my Contacts list was hijacked for spam distribution.  I was initially aware of this through a flood of messages in my Inbox, through which I discovered just how many expired addresses were in my list.  My initial reaction was that this was an internal Yahoo! problem;  but then I started getting replies from friends, many of which offered diagnostic advice.

The first one suggested that this was the work of a virus.  This seemed to recommend a manual update of my signature database, followed by a manual scan.  Fortunately, the computer itself emerged from the scan with no detections;  and that hypothesis was refuted.

I have a friend at Google to thank for floating the spam hypothesis.  His message did not waste any time, beginning with an injunction to change my password.  While I was willing to consider further hypotheses, this made perfect sense;  and I complied immediately.  This also set me to thinking about the metaphor of "breaking and entering," where the first thing you do is change the locks.  Most likely, the damage was done through software that "gained entry" and then implemented a mass mailing to all my Contacts addresses under my assumed identity.  Reflecting further on this metaphor, I found myself wondering if it was time to "move to a safer neighborhood."  Would Google Mail be any better than Yahoo! Mail in this respect?

This morning, however, I wondered if that Contacts list may have been copied, rather than simply assumed while under cover of my identity.  This time I received mail from someone who was not on my Contacts list and was, indeed, sometime I did not know.  He was replying to a "mailing list" address, a "cover" for a whole collection of "invisible" addresses.  Given the timing of this incident, I figured it could be related to the "first round" attack.  My address had become vulnerable by being added to a "master list" of addresses, which may well have also included my Contacts.  If this was the case, then I would probably have to think more seriously about changing addresses.

In many ways we may have begun to think about malware on our computers the same way we address the common cold in our bodies.  We treat it as an inconvenience to be sustained, without bothering to give much consideration to the mechanisms behind that inconvenience.  From a biological point of view, however, malware is a product of coevolution (which is probably also the case with cold viruses).  Each time a new generation of "antibody" defense software is deployed to thwart spam distribution, the distributors come up with a way to thwart the defense software.  Udi Manber opted for the more militant metaphor of an arms race (a metaphor that he first introduced back when he was working at Yahoo!);  but coevolution is a somewhat less emotionally charged concept (which is not to suggest that victims do not need some form of emotional release).  Furthermore, coevolution may be more suitable for more general forms of regulation, which allows us to consider the extent to which there are useful parallels between regulation in biological systems and regulation in social systems.  At the very least it may be helpful to think about the nature of the underlying mechanisms in terms of a relatively neutral terminology.

No comments: