The world’s first computer doc has a security prescription

The man who wrote the original anti-virus program tells Paul Rodgers he wants to make data safer

Where Sergey Brin and Mark Zuckerberg have made geekdom funky, Peter Tippett is a bit of a throwback. He has on a grey suit with a conservative blue tie when we meet; his hair would please a marine drill sergeant and he wears wire-frame glasses that are almost as unstylish as (though undoubtedly more expensive than) mine.

But in his own fashion, Tippett has been just as revolutionary as the founders of Google and Facebook. Long before the internet took off, in the days when software spread from one machine to another on 5 1/4-inch floppy disks, Tippett wrote the world’s first anti-virus program, called Vaccine – at the same time inventing, almost as an afterthought, the undo command (control Z in many applications) and the restore disk. He also built not one but two big security companies, the first evolving into the business now known as Norton.

Along the way, he developed a security philosophy that is so full of common sense, yet so defies commercial imperatives, that one can only conclude that the buying public is mad. “This is how we’ve done security in the real world for ever,” says Tippett, leaning forward to make his point with an enthusiasm that belies his dour dress sense. “Why people don’t want it on their computers is beyond me.”

Most people consider themselves lucky to have a single career. Tippett has qualified for six. For starters he’s a pilot, licensed to fly jumbo jets loaded with passengers across oceans. “I’ve been flying since I was 15,” he says. “It’s my hobby.” He also has a PhD in biochemistry from Case Western Reserve University in Cleveland, and a commercial radio engineer certificate. Plus he’s a medical doctor, which led, circuitously, to his jobs as entrepreneur and security guru.

“For 32 years I’d had no income,” he says. “When I got my first job as a doctor I didn’t know what to do with the money, so I hired four guys and put them to work writing programs in my living room.”

That was shortly before the first computer virus was developed by Frederick Cohen at Lehigh University in Pennsylvania in 1983. Tippett and his chief programmer met a Lehigh student at a trade show in California and got a copy of the virus from him. “Writing Vaccine took us five weeks, including the manual and the sales brochure,” says Tippett.

Yet when McAfee came along three years later with its own anti-virus suite, it quickly ate into Vaccine’s still-small sales. The two programmes worked with philosophies that were diametrically opposed. Vaccine checked that the software on your machine was approved and hadn’t been tampered with. Anything else it considered to be a threat, an approach known in the jargon as “default denial”. McAfee’s program allowed any bit of code as long as it wasn’t on its list of known viruses, an approach called “default permit”. When a new bit of malicious programming emerged, McAfee had to get a copy, write a bespoke response, and distribute it to customers. “It’s like putting a big sign outside your house inviting everyone in to root through your stuff as long as they’re not convicted criminals,” says Tippett in his slightly nasal Michigan accent. “It’s not what we do in the real world.”

The story reminds me of the superiority of Betamax over VHS in the late 1970s, and of Apple over Microsoft a decade later. So why didn’t buyers go for the better product in this case? “What people wanted from an anti-virus program,” says Tippett, “was the ‘scan’ function.” They wanted to be reassured that every line of code had been checked.

For now, at least, the battle has been lost. Like McAfee, Norton works on a “default permit” philosophy these days. And Tippett has moved on. By the start of the 1990s he was an acknowledged expert on information security, and advised the US Joint Chiefs of Staff on cyber warfare during Desert Storm in Iraq. He sold his company to Symantec in 1992, though he stayed on to help them for more than two years. “I left after they decided they didn’t want me to be chief executive,” he says candidly, adding: “I don’t hate them; they bought me a jet plane.” A little one, he adds.

Tippett made his second fortune building Cybertrust, a company that would eventually become the Virginia-based security arm of Verizon, the world’s largest internet service provider, where it does, among other things, the lion’s share of the forensic work after hackers break into corporate and government databases. And its a Verizon report on this work, in its own way as iconoclastic as Vaccine, that he’s here to talk about.

“Computers are at the same point in the growth cycle as airlines were at the time of the DC3,” he says. “Back then we could fly to France, but we’re 5,000 times less likely to die doing it today. How did we make airlines so safe?” The answer, he says, is rigorous scientific investigation of every case where the system fails.

Admitting that corporate firewalls have been breached and sensitive customer data, often financial data, have been stolen is bad for business, he says, so only a third of cases are reported publicly, usually because its a legal requirement. Verizon, however, investigates 90 per cent of such cases around the world, putting it in a unique position to analyse who the hackers are and how they work. The results contradict many popular myths in the information security world.

It is widely thought, for example, that most hacks start with an insider. But Verizon’s stats show that only 11 per cent of cases are down to employees acting alone, while in another 9 per cent outsiders are helped inadvertently by an employee’s actions. Seventy-four per cent of hacks involve outsiders, says Tippett. And those outsiders were far more effective thieves, stealing 99.9 per cent of the records. The remaining cases are initiated by people from partner organisations, such as suppliers, with access to the target’s computer network.

The hackers are also unlikely to work for state organisations – the popular KGB scenario. While there’s no evidence of governments backing hackers, plenty of it points to known organised crime gangs.

Tippett also pours cold water on some of his industry’s favourite remedies, such as encrypting every piece of data, applying security patches immediately, or using long passwords. Most uses of encryption won’t stop hacking, he says – though it might be helpful on easily stolen laptops – few cases of data theft involved recently discovered vulnerabilities in the system and when thousands of user names are being attacked, an eight-digit code is only slightly more secure than one five digits long. The bigger risk is that passwords will be left on the default settings, such as “admin” or “password”, especially on servers.

What’s needed, he says, are layered defences, each catching most, though not all, attempts at invasion. “The number one thing to do,” he says. “is a lot of little things.”

people And here is why...
Arts and Entertainment
Amazon has added a cautionary warning to Tom and Jerry cartoons on its streaming service
voicesBy the man who has
Arsene Wenger tried to sign Eden Hazard
footballAfter 18 years with Arsenal, here are 18 things he has still never done as the Gunners' manager
Life and Style
The new Windows 10 Start Menu
Arts and Entertainment
Kristen Stewart and Robert Pattinson star in The Twilight Saga but will not be starring in the new Facebook mini-movies
tvKristen Stewart and Stephenie Meyer will choose female directrs
Arts and Entertainment
Hilary North's 'How My Life Has Changed', 2001
books(and not a Buzzfeed article in sight)
ebooksAn unforgettable anthology of contemporary reportage
William Hague
people... when he called Hague the county's greatest
More than 90 years of car history are coming to an end with the abolition of the paper car-tax disc
newsThis and other facts you never knew about the paper circle - completely obsolete today
Arts and Entertainment
There has been a boom in ticket sales for female comics, according to an industry survey
comedyFirst national survey reveals Britain’s comedic tastes
Arts and Entertainment
Twerking girls: Miley Cyrus's video for 'Wrecking Ball'
arts + ents
Arts and Entertainment
Ed Sheeran performs at his Amazon Front Row event on Tuesday 30 September
musicHe spotted PM at private gig
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs Money & Business

Trainee Recruitment Consultant - Birmingham - Real Staffing

£18000 - £23000 per annum + Commission: SThree: Real Staffing are currently lo...

Trust Accountant - Kent

NEGOTIABLE: Austen Lloyd: TRUST ACCOUNTANT - KENTIf you are a Chartered Accou...

Graduate Recruitment Consultant - 2013/14 Grads - No Exp Needed

£18000 - £20000 per annum + OTE £30000: SThree: SThree are a global FTSE 250 b...

Law Costs

Highly Competitive Salary: Austen Lloyd: CITY - Law Costs Draftsperson - NICHE...

Day In a Page

Ebola outbreak: The children orphaned by the virus – then rejected by surviving relatives over fear of infection

The children orphaned by Ebola...

... then rejected by surviving relatives over fear of infection
Pride: Are censors pandering to homophobia?

Are censors pandering to homophobia?

US film censors have ruled 'Pride' unfit for under-16s, though it contains no sex or violence
The magic of roundabouts

Lords of the rings

Just who are the Roundabout Appreciation Society?
Why do we like making lists?

Notes to self: Why do we like making lists?

Well it was good enough for Ancient Egyptians and Picasso...
Hong Kong protests: A good time to open a new restaurant?

A good time to open a new restaurant in Hong Kong?

As pro-democracy demonstrators hold firm, chef Rowley Leigh, who's in the city to open a new restaurant, says you couldn't hope to meet a nicer bunch
Paris Fashion Week: Karl Lagerfeld leads a feminist riot on 'Boulevard Chanel'

Paris Fashion Week

Lagerfeld leads a feminist riot on 'Boulevard Chanel'
Bruce Chatwin's Wales: One of the finest one-day walks in Britain

Simon Calder discovers Bruce Chatwin's Wales

One of the finest one-day walks you could hope for - in Britain
10 best children's nightwear

10 best children's nightwear

Make sure the kids stay cosy on cooler autumn nights in this selection of pjs, onesies and nighties
Manchester City vs Roma: Five things we learnt from City’s draw at the Etihad

Manchester City vs Roma

Five things we learnt from City’s Champions League draw at the Etihad
Martin Hardy: Mike Ashley must act now and end the Alan Pardew reign

Trouble on the Tyne

Ashley must act now and end Pardew's reign at Newcastle, says Martin Hardy
Isis is an hour from Baghdad, the Iraq army has little chance against it, and air strikes won't help

Isis an hour away from Baghdad -

and with no sign of Iraq army being able to make a successful counter-attack
Turner Prize 2014 is frustratingly timid

Turner Prize 2014 is frustratingly timid

The exhibition nods to rich and potentially brilliant ideas, but steps back
Last chance to see: Half the world’s animals have disappeared over the last 40 years

Last chance to see...

The Earth’s animal wildlife population has halved in 40 years
So here's why teenagers are always grumpy - and it's not what you think

Truth behind teens' grumpiness

Early school hours mess with their biological clocks
Why can no one stop hackers putting celebrities' private photos online?

Hacked photos: the third wave

Why can no one stop hackers putting celebrities' private photos online?