The world’s first computer doc has a security prescription

The man who wrote the original anti-virus program tells Paul Rodgers he wants to make data safer

Where Sergey Brin and Mark Zuckerberg have made geekdom funky, Peter Tippett is a bit of a throwback. He has on a grey suit with a conservative blue tie when we meet; his hair would please a marine drill sergeant and he wears wire-frame glasses that are almost as unstylish as (though undoubtedly more expensive than) mine.

But in his own fashion, Tippett has been just as revolutionary as the founders of Google and Facebook. Long before the internet took off, in the days when software spread from one machine to another on 5 1/4-inch floppy disks, Tippett wrote the world’s first anti-virus program, called Vaccine – at the same time inventing, almost as an afterthought, the undo command (control Z in many applications) and the restore disk. He also built not one but two big security companies, the first evolving into the business now known as Norton.

Along the way, he developed a security philosophy that is so full of common sense, yet so defies commercial imperatives, that one can only conclude that the buying public is mad. “This is how we’ve done security in the real world for ever,” says Tippett, leaning forward to make his point with an enthusiasm that belies his dour dress sense. “Why people don’t want it on their computers is beyond me.”

Most people consider themselves lucky to have a single career. Tippett has qualified for six. For starters he’s a pilot, licensed to fly jumbo jets loaded with passengers across oceans. “I’ve been flying since I was 15,” he says. “It’s my hobby.” He also has a PhD in biochemistry from Case Western Reserve University in Cleveland, and a commercial radio engineer certificate. Plus he’s a medical doctor, which led, circuitously, to his jobs as entrepreneur and security guru.

“For 32 years I’d had no income,” he says. “When I got my first job as a doctor I didn’t know what to do with the money, so I hired four guys and put them to work writing programs in my living room.”

That was shortly before the first computer virus was developed by Frederick Cohen at Lehigh University in Pennsylvania in 1983. Tippett and his chief programmer met a Lehigh student at a trade show in California and got a copy of the virus from him. “Writing Vaccine took us five weeks, including the manual and the sales brochure,” says Tippett.

Yet when McAfee came along three years later with its own anti-virus suite, it quickly ate into Vaccine’s still-small sales. The two programmes worked with philosophies that were diametrically opposed. Vaccine checked that the software on your machine was approved and hadn’t been tampered with. Anything else it considered to be a threat, an approach known in the jargon as “default denial”. McAfee’s program allowed any bit of code as long as it wasn’t on its list of known viruses, an approach called “default permit”. When a new bit of malicious programming emerged, McAfee had to get a copy, write a bespoke response, and distribute it to customers. “It’s like putting a big sign outside your house inviting everyone in to root through your stuff as long as they’re not convicted criminals,” says Tippett in his slightly nasal Michigan accent. “It’s not what we do in the real world.”

The story reminds me of the superiority of Betamax over VHS in the late 1970s, and of Apple over Microsoft a decade later. So why didn’t buyers go for the better product in this case? “What people wanted from an anti-virus program,” says Tippett, “was the ‘scan’ function.” They wanted to be reassured that every line of code had been checked.

For now, at least, the battle has been lost. Like McAfee, Norton works on a “default permit” philosophy these days. And Tippett has moved on. By the start of the 1990s he was an acknowledged expert on information security, and advised the US Joint Chiefs of Staff on cyber warfare during Desert Storm in Iraq. He sold his company to Symantec in 1992, though he stayed on to help them for more than two years. “I left after they decided they didn’t want me to be chief executive,” he says candidly, adding: “I don’t hate them; they bought me a jet plane.” A little one, he adds.

Tippett made his second fortune building Cybertrust, a company that would eventually become the Virginia-based security arm of Verizon, the world’s largest internet service provider, where it does, among other things, the lion’s share of the forensic work after hackers break into corporate and government databases. And its a Verizon report on this work, in its own way as iconoclastic as Vaccine, that he’s here to talk about.

“Computers are at the same point in the growth cycle as airlines were at the time of the DC3,” he says. “Back then we could fly to France, but we’re 5,000 times less likely to die doing it today. How did we make airlines so safe?” The answer, he says, is rigorous scientific investigation of every case where the system fails.

Admitting that corporate firewalls have been breached and sensitive customer data, often financial data, have been stolen is bad for business, he says, so only a third of cases are reported publicly, usually because its a legal requirement. Verizon, however, investigates 90 per cent of such cases around the world, putting it in a unique position to analyse who the hackers are and how they work. The results contradict many popular myths in the information security world.

It is widely thought, for example, that most hacks start with an insider. But Verizon’s stats show that only 11 per cent of cases are down to employees acting alone, while in another 9 per cent outsiders are helped inadvertently by an employee’s actions. Seventy-four per cent of hacks involve outsiders, says Tippett. And those outsiders were far more effective thieves, stealing 99.9 per cent of the records. The remaining cases are initiated by people from partner organisations, such as suppliers, with access to the target’s computer network.

The hackers are also unlikely to work for state organisations – the popular KGB scenario. While there’s no evidence of governments backing hackers, plenty of it points to known organised crime gangs.

Tippett also pours cold water on some of his industry’s favourite remedies, such as encrypting every piece of data, applying security patches immediately, or using long passwords. Most uses of encryption won’t stop hacking, he says – though it might be helpful on easily stolen laptops – few cases of data theft involved recently discovered vulnerabilities in the system and when thousands of user names are being attacked, an eight-digit code is only slightly more secure than one five digits long. The bigger risk is that passwords will be left on the default settings, such as “admin” or “password”, especially on servers.

What’s needed, he says, are layered defences, each catching most, though not all, attempts at invasion. “The number one thing to do,” he says. “is a lot of little things.”

PROMOTED VIDEO
News
ebooksAn unforgettable anthology of contemporary reportage
Sport
Luis Suarez and Lionel Messi during Barcelona training in August
footballPete Jenson co-ghost wrote Suarez’s autobiography and reveals how desperate he's been to return
Money
Welcome to tinsel town: retailers such as Selfridges will be Santa's little helpers this Christmas, working hard to persuade shoppers to stock up on gifts
news
Arts and Entertainment
Soul singer Sam Smith cleared up at the Mobo awards this week
newsSam Smith’s Mobo triumph is just the latest example of a trend
News
Laurence Easeman and Russell Brand
people
Sport
Fans of Dulwich Hamlet FC at their ground Champion Hill
footballFans are rejecting the £2,000 season tickets, officious stewarding, and airline-stadium sponsorship
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs Money & Business

Compensation and Benefits Manager - Brentwood - Circa £60,000

£60000 per annum: Ashdown Group: Compensation and Benefits Manager - Compensat...

Data Analyst/Planning and Performance – Surrey – Up to £35k

£30000 - £35000 Per Annum plus excellent benefits: Clearwater People Solutions...

IT Systems Business Analyst - Watford - £28k + bonus + benefits

£24000 - £28000 per annum + bonus & benefits: Ashdown Group: IT Business Syste...

Markit EDM (CADIS) Developer

£50000 - £90000 per annum + benefits: Ampersand Consulting LLP: Markit EDM (CA...

Day In a Page

Wilko Johnson, now the bad news: musician splits with manager after police investigate assault claims

Wilko Johnson, now the bad news

Former Dr Feelgood splits with manager after police investigate assault claims
Mark Udall: The Democrat Senator with a fight on his hands ahead of the US midterm elections

Mark Udall: The Democrat Senator with a fight on his hands

The Senator for Colorado is for gay rights, for abortion rights – and in the Republicans’ sights as they threaten to take control of the Senate next month
New discoveries show more contact between far-flung prehistoric humans than had been thought

New discoveries show more contact between far-flung prehistoric humans than had been thought

Evidence found of contact between Easter Islanders and South America
Cerys Matthews reveals how her uncle taped 150 interviews for a biography of Dylan Thomas

Cerys Matthews on Dylan Thomas

The singer reveals how her uncle taped 150 interviews for a biography of the famous Welsh poet
DIY is not fun and we've finally realised this as a nation

Homebase closures: 'DIY is not fun'

Homebase has announced the closure of one in four of its stores. Nick Harding, who never did know his awl from his elbow, is glad to see the back of DIY
The Battle of the Five Armies: Air New Zealand releases new Hobbit-inspired in-flight video

Air New Zealand's wizard in-flight video

The airline has released a new Hobbit-inspired clip dubbed "The most epic safety video ever made"
Pumpkin spice is the flavour of the month - but can you stomach the sweetness?

Pumpkin spice is the flavour of the month

The combination of cinnamon, clove, nutmeg (and no actual pumpkin), now flavours everything from lattes to cream cheese in the US
11 best sonic skincare brushes

11 best sonic skincare brushes

Forget the flannel - take skincare to the next level by using your favourite cleanser with a sonic facial brush
Paul Scholes column: I'm not worried about Manchester United's defence - Chelsea test can be the making of Phil Jones and Marcos Rojo

Paul Scholes column

I'm not worried about Manchester United's defence - Chelsea test can be the making of Jones and Rojo
Frank Warren: Boxing has its problems but in all my time I've never seen a crooked fight

Frank Warren: Boxing has its problems but in all my time I've never seen a crooked fight

While other sports are stalked by corruption, we are an easy target for the critics
Jamie Roberts exclusive interview: 'I'm a man of my word – I'll stay in Paris'

Jamie Roberts: 'I'm a man of my word – I'll stay in Paris'

Wales centre says he’s not coming home but is looking to establish himself at Racing Métro
How could three tourists have been battered within an inch of their lives by a burglar in a plush London hotel?

A crime that reveals London's dark heart

How could three tourists have been battered within an inch of their lives by a burglar in a plush London hotel?
Meet 'Porridge' and 'Vampire': Chinese state TV is offering advice for citizens picking a Western moniker

Lost in translation: Western monikers

Chinese state TV is offering advice for citizens picking a Western moniker. Simon Usborne, who met a 'Porridge' and a 'Vampire' while in China, can see the problem
Handy hacks that make life easier: New book reveals how to rid your inbox of spam, protect your passwords and amplify your iPhone

Handy hacks that make life easier

New book reveals how to rid your email inbox of spam, protect your passwords and amplify your iPhone with a loo-roll
KidZania lets children try their hands at being a firefighter, doctor or factory worker for the day

KidZania: It's a small world

The new 'educational entertainment experience' in London's Shepherd's Bush will allow children to try out the jobs that are usually undertaken by adults, including firefighter, doctor or factory worker