The world’s first computer doc has a security prescription

The man who wrote the original anti-virus program tells Paul Rodgers he wants to make data safer

Where Sergey Brin and Mark Zuckerberg have made geekdom funky, Peter Tippett is a bit of a throwback. He has on a grey suit with a conservative blue tie when we meet; his hair would please a marine drill sergeant and he wears wire-frame glasses that are almost as unstylish as (though undoubtedly more expensive than) mine.

But in his own fashion, Tippett has been just as revolutionary as the founders of Google and Facebook. Long before the internet took off, in the days when software spread from one machine to another on 5 1/4-inch floppy disks, Tippett wrote the world’s first anti-virus program, called Vaccine – at the same time inventing, almost as an afterthought, the undo command (control Z in many applications) and the restore disk. He also built not one but two big security companies, the first evolving into the business now known as Norton.

Along the way, he developed a security philosophy that is so full of common sense, yet so defies commercial imperatives, that one can only conclude that the buying public is mad. “This is how we’ve done security in the real world for ever,” says Tippett, leaning forward to make his point with an enthusiasm that belies his dour dress sense. “Why people don’t want it on their computers is beyond me.”

Most people consider themselves lucky to have a single career. Tippett has qualified for six. For starters he’s a pilot, licensed to fly jumbo jets loaded with passengers across oceans. “I’ve been flying since I was 15,” he says. “It’s my hobby.” He also has a PhD in biochemistry from Case Western Reserve University in Cleveland, and a commercial radio engineer certificate. Plus he’s a medical doctor, which led, circuitously, to his jobs as entrepreneur and security guru.

“For 32 years I’d had no income,” he says. “When I got my first job as a doctor I didn’t know what to do with the money, so I hired four guys and put them to work writing programs in my living room.”

That was shortly before the first computer virus was developed by Frederick Cohen at Lehigh University in Pennsylvania in 1983. Tippett and his chief programmer met a Lehigh student at a trade show in California and got a copy of the virus from him. “Writing Vaccine took us five weeks, including the manual and the sales brochure,” says Tippett.

Yet when McAfee came along three years later with its own anti-virus suite, it quickly ate into Vaccine’s still-small sales. The two programmes worked with philosophies that were diametrically opposed. Vaccine checked that the software on your machine was approved and hadn’t been tampered with. Anything else it considered to be a threat, an approach known in the jargon as “default denial”. McAfee’s program allowed any bit of code as long as it wasn’t on its list of known viruses, an approach called “default permit”. When a new bit of malicious programming emerged, McAfee had to get a copy, write a bespoke response, and distribute it to customers. “It’s like putting a big sign outside your house inviting everyone in to root through your stuff as long as they’re not convicted criminals,” says Tippett in his slightly nasal Michigan accent. “It’s not what we do in the real world.”

The story reminds me of the superiority of Betamax over VHS in the late 1970s, and of Apple over Microsoft a decade later. So why didn’t buyers go for the better product in this case? “What people wanted from an anti-virus program,” says Tippett, “was the ‘scan’ function.” They wanted to be reassured that every line of code had been checked.

For now, at least, the battle has been lost. Like McAfee, Norton works on a “default permit” philosophy these days. And Tippett has moved on. By the start of the 1990s he was an acknowledged expert on information security, and advised the US Joint Chiefs of Staff on cyber warfare during Desert Storm in Iraq. He sold his company to Symantec in 1992, though he stayed on to help them for more than two years. “I left after they decided they didn’t want me to be chief executive,” he says candidly, adding: “I don’t hate them; they bought me a jet plane.” A little one, he adds.

Tippett made his second fortune building Cybertrust, a company that would eventually become the Virginia-based security arm of Verizon, the world’s largest internet service provider, where it does, among other things, the lion’s share of the forensic work after hackers break into corporate and government databases. And its a Verizon report on this work, in its own way as iconoclastic as Vaccine, that he’s here to talk about.

“Computers are at the same point in the growth cycle as airlines were at the time of the DC3,” he says. “Back then we could fly to France, but we’re 5,000 times less likely to die doing it today. How did we make airlines so safe?” The answer, he says, is rigorous scientific investigation of every case where the system fails.

Admitting that corporate firewalls have been breached and sensitive customer data, often financial data, have been stolen is bad for business, he says, so only a third of cases are reported publicly, usually because its a legal requirement. Verizon, however, investigates 90 per cent of such cases around the world, putting it in a unique position to analyse who the hackers are and how they work. The results contradict many popular myths in the information security world.

It is widely thought, for example, that most hacks start with an insider. But Verizon’s stats show that only 11 per cent of cases are down to employees acting alone, while in another 9 per cent outsiders are helped inadvertently by an employee’s actions. Seventy-four per cent of hacks involve outsiders, says Tippett. And those outsiders were far more effective thieves, stealing 99.9 per cent of the records. The remaining cases are initiated by people from partner organisations, such as suppliers, with access to the target’s computer network.

The hackers are also unlikely to work for state organisations – the popular KGB scenario. While there’s no evidence of governments backing hackers, plenty of it points to known organised crime gangs.

Tippett also pours cold water on some of his industry’s favourite remedies, such as encrypting every piece of data, applying security patches immediately, or using long passwords. Most uses of encryption won’t stop hacking, he says – though it might be helpful on easily stolen laptops – few cases of data theft involved recently discovered vulnerabilities in the system and when thousands of user names are being attacked, an eight-digit code is only slightly more secure than one five digits long. The bigger risk is that passwords will be left on the default settings, such as “admin” or “password”, especially on servers.

What’s needed, he says, are layered defences, each catching most, though not all, attempts at invasion. “The number one thing to do,” he says. “is a lot of little things.”

Start your day with The Independent, sign up for daily news emails
ebooks
ebooksAn introduction to the ground rules of British democracy
Voices
The male menopause: those affected can suffer hot flushes, night sweats, joint pain, low libido, depression and an increase in body fat, among other symptoms
voicesSo the male menopause is real, they say, but what would the Victorians, 'old' at 30, think of that, asks DJ Taylor
Arts and Entertainment
Anna Smaill’s debut novel, The Chimes, is a fusion of fantasy and romance
booksMan Booker Prize nominee Anna Smaill on the rise of Kiwi lit
Sport
Ji So-Yun scores the only goal of the game
sport
Arts and Entertainment
One of the Pyongyang posters, the slogan of which reads: ‘Let the exploits of the northern railway conductors shine!’
art
Life and Style
Linguine with mussels and fresh tomatoes
food + drink
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
SPONSORED FEATURES
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs Money & Business

Recruitment Genius: DBA Developer - SQL Server

£30000 - £35000 per annum: Recruitment Genius: This is an exciting opportunity...

Recruitment Genius: Customer Service Administrator

£13000 - £15000 per annum: Recruitment Genius: Are you passionate about custom...

Recruitment Genius: Dialler Administrator

£22000 - £25000 per annum: Recruitment Genius: Main purpose: Under the directi...

Ashdown Group: Contracts Manager - City of London

£35000 - £37000 per annum + benefits : Ashdown Group: Contracts Manager - City...

Day In a Page

Turkey-Kurdish conflict: Obama's deal with Ankara is a betrayal of Syrian Kurds and may not even weaken Isis

US betrayal of old ally brings limited reward

Since the accord, the Turks have only waged war on Kurds while no US bomber has used Incirlik airbase, says Patrick Cockburn
VIPs gather for opening of second Suez Canal - but doubts linger over security

'A gift from Egypt to the rest of the world'

VIPs gather for opening of second Suez Canal - but is it really needed?
Man Booker Prize 2015: Anna Smaill - How can I possibly be on the list with these writers I have idolised?

'How can I possibly be on the list with these writers I have idolised?'

Man Booker Prize nominee Anna Smaill on the rise of Kiwi lit
Art of the state: Pyongyang propaganda posters to be exhibited in China

Art of the state

Pyongyang propaganda posters to be exhibited in China
Jeremy Corbyn dresses abysmally. That's a great thing because it's genuine

Jeremy Corbyn dresses abysmally. That's a great thing because it's genuine

Fashion editor, Alexander Fury, applauds a man who clearly has more important things on his mind
The male menopause and intimations of mortality

Aches, pains and an inkling of mortality

So the male menopause is real, they say, but what would the Victorians, 'old' at 30, think of that, asks DJ Taylor
Bill Granger recipes: Heading off on holiday? Try out our chef's seaside-inspired dishes...

Bill Granger's seaside-inspired recipes

These dishes are so easy to make, our chef is almost embarrassed to call them recipes
Blairites be warned, this could be the moment Labour turns into Syriza

Andrew Grice: Inside Westminster

Blairites be warned, this could be the moment Labour turns into Syriza
HMS Victory: The mystery of Britain's worst naval disaster is finally solved - 271 years later

The mystery of Britain's worst naval disaster is finally solved - 271 years later

Exclusive: David Keys reveals the research that finally explains why HMS Victory went down with the loss of 1,100 lives
Survivors of the Nagasaki atomic bomb attack: Japan must not abandon its post-war pacifism

'I saw people so injured you couldn't tell if they were dead or alive'

Nagasaki survivors on why Japan must not abandon its post-war pacifism
Jon Stewart: The voice of Democrats who felt Obama had failed to deliver on his 'Yes We Can' slogan, and the voter he tried hardest to keep onside

The voter Obama tried hardest to keep onside

Outgoing The Daily Show host, Jon Stewart, became the voice of Democrats who felt the President had failed to deliver on his ‘Yes We Can’ slogan. Tim Walker charts the ups and downs of their 10-year relationship on screen
RuPaul interview: The drag star on being inspired by Bowie, never fitting in, and saying the first thing that comes into your head

RuPaul interview

The drag star on being inspired by Bowie, never fitting in, and saying the first thing that comes into your head
Secrets of comedy couples: What's it like when both you and your partner are stand-ups?

Secrets of comedy couples

What's it like when both you and your partner are stand-ups?
Satya Nadella: As Windows 10 is launched can he return Microsoft to its former glory?

Satya Nadella: The man to clean up for Windows?

While Microsoft's founders spend their billions, the once-invincible tech company's new boss is trying to save it
The best swimwear for men: From trunks to shorts, make a splash this summer

The best swimwear for men

From trunks to shorts, make a splash this summer