Text 1: Software That Fixes Itself
A professor of computer science at the Massachusetts Institute of Technology (MIT) has claimed to have developed software that can find and fix certain types of software bugs within a matter of minutes. Normally when a potentially harmful vulnerability is discovered in a piece of software, it usually takes nearly a month on average for human engineers to come up with a fix and to push the fix out to affected systems. The professor, however, hopes that the new software, called Fixer, will speed this process up, making software significantly more resilient against failure or attack.
Fixer works without assistance from humans and without access to a program’s underlying source code. Instead, the system monitors the behavior of a binary. By observing a program’s normal behavior and assigning a set of rules, Fixer detects certain types of errors, particularly those caused when an attacker injects malicious input into a program. When something goes wrong, Fixer throws up the anomaly and identifies the rules that have been violated. It then comes up with several potential patches designed to push the software into following the violated rules. (The patches are applied directly to the binary, bypassing the source code.) Fixer analyzes these possibilities to decide which are most likely to work, then installs the top candidates and tests their effectiveness. If additional rules are violated, or if a patch causes the system to crash, Fixer rejects it and tries another.
Fixer is particularly effective when installed on a group of machines running the same software. In that case, what Fixer learns from errors on one machine, is used to fix all the others. Because it doesn’t require access to source code, Fixer could be used to fix programs without requiring the cooperation of the company that made the software, or to repair programs that are no longer being maintained.
But Fixer’s approach could result in some hiccups for the user. For example, if a Web browser had a bug that made it unable to handle URLs past a certain length, Fixer’s patch might protect the system by clipping off the ends of URLs that were too long. By preventing the program from failing, it would also put a check on it working full throttle.