Wednesday, July 20, 2005

Wormie Bits

I don't know anything about the worm that is going around - I'm presuming it's a worm, but I suppose it might be a virus or a trojan or really any kind of system. Microsoft's sites went down, CNN and Yahoo are laboring, Hotmail died. I'm sure I'll hear all about it tomorrow.

But it got me thinking. My real love is emergence, despite the fact that most game designers this month seem to be about as embarassed by it as they are by bell-bottoms. Emergence isn't a fad, emergence isn't an unwanted or even unpredicted effect. Emergence is simply a system whose complex behavior grows from simple rules. Whether you understand it or not, whether you predict it or not, is irrelevant.

That's a core concept to a wide variety of games, including almost all of the age-old classics such as chess and go. That's not something to discard as a fad, or as an unwanted side effect. It is the heart and soul of tabletop gaming... and it can be done in any environment.

Take worms and viruses. They infect computers and drive them to infect other computers, usually. There are a lot of different types and infection vectors, but each one follows a very simple set of rules, because the file size needs to be small and the data needs to be hard to detect.

However, the behavior this causes is often insanely complex. Witness the targets of this worm: stodgy news sites, the geek antichrist, and the "luser" search and mail engines. All the uncool but popular stuff. Alas, AOL seems to be chugging along just fine, still popping up ads for... itself. Is this something they programmed into the software? To target specific sites?

Maybe for one or two of them, but it is more likely just that the infection spreads based on links of various kinds, and the audience it infects is linked more commonly to popular news sites and mail providers. These kinds of people are also notably easier to infect.

A simple rule, affecting a complex system, becomes a complex effect.

Ever since I was old enough to see two computers talking I've been interested in just that: two computers talking. Sharing data. Okay, maybe more like two million, not two. But computers talking.

One of the things I wrote into many of my games was the "networked simple systems" creature. Whether a hive of bees or a swarm of nanobots, these were simple creatures who communicated on a simple level, but combined to form a kind of distributed super-brain. Classic scifi stuff.

However, as my studies progressed, I came to believe that such a system was rather beyond my capabilities. I toyed with it on and off for about a decade, but never got anything exceptionally meaningful. Not because of a lack of computational power, although I did have that lack, and not because of a lack of network programming capability, although I did have that lack, too; but because of a total lack of anything resembling a method of communication which would emerge enough to be really interesting. No emergence = nothing interesting.

I came up with a number of systems that would be cool to try - they primarily do searching through vast amounts of data - but nothing that would be any better than a well-run database-driven system.

But there might be a good application:

Anti-virus software.

Your anti-virus software sucks. I don't care if it has a $1000/month maintenance fee - it blows. The only reason it blocks any viruses is because it is constantly told by real people how to fix the most recent outbreak. It may also have some basic security measures, such as .zip scanning - but, again, only for the viruses it knows about.

Now imagine an anti-virus system which communicated with other anti-virus systems (other installs of the same program) everywhere. Using a kind of amorphous network and a continual low-level 'buzz' of noise, they should quickly be able to determine when someone is going down, when someone has been corrupted, and so on and so forth.

If given extra monitoring capabilities, they should be able to detect unusually high amounts of processing expenditure and data transfer. Even if compromised, the secure ones can correlate the fact that they're all getting weird data from these guys. If equipped on a mail router, it can correlate that with ease.

It doesn't have to act on this info: just tracking the problem and reporting it to the humans would be a powerful benefit.

The old adage is "fight fire with fire". A stupid adage, but in some ways correct: when you want to fight something, you some times have to fight them on their territory. A virus' territory is not the computers you are protecting, it is the computers you are not protecting.

Use the terrain as best you can: you can't clean the computers you don't protect, but you can track them. Not with any great level of detail: just enough to set up trends. The computers you ARE protecting are your strongholds, and one of the biggest problems right now is that a piece of virus protection software cannot tell that it is, itself, infected and damaged.

But if you're concentrating on the others, then one of the others in the system will identify the damaged system by unusual patterns of data transfer followed by query-response algorithms.

Hmmm. It would be more expensive, bandwidth-wise, but probably not enough to piss anyone off... you could sell it as a combination software-firewall and virus protection.


No comments: