IDG: How do you keep pace with the constant proliferation of viruses?
Chen: There's a big change in the antivirus field. The industry used to play the numbers game - it was about how many viruses you could catch. But recently it has become a response-time game. Viruses travel on the Internet faster than most antivirus companies can send out the vaccines or solutions. The problem is not whether you [can] catch the virus, it's how to put the vaccine out to your users faster than they get the virus. Within three hours, millions of users got Melissa through spam. The challenge for antivirus companies is not only updating the product architecture, it's having the trained antivirus engineers to deploy your solution to millions of people very quickly.
What trends in the field of cybervandalism do CIOs need to be most wary of?
The new trend in the hacker world is collaboration. Virus writers, hackers and e-mail bombers used to be in different camps and they didn't talk to each other. But now I'm starting to see mixed attacks, in which the different camps are collaborating together. For example, there is a virus called BackOrifice that combines a harmless-looking e-mail bomb, a virus-spreading mechanism and a software agent. It doesn't do any traditional virus damage like destroy a hard drive. It sits there on the network so that it can steal important information and send it back to the hacker over an extended period of time. The hacker gains permanent access to your most important files. Whenever network administrators get a virus or a hacker infiltration, they need to be aware of what the virus actually did and whether it left a hacker agent in the network.
Hackers are often depicted as technical whiz-kids gone wrong. Do you think their image has been glorified in the media?
I know some people think that hackers or virus writers are very good technical people, and a reporter even asked me once if I would consider hiring an engineer or a person who writes this type of code. The answer is no! It's not difficult to do all that damage, because hackers write code without any error controls. They don't care about crashes, scalability issues or performance. But when repairing the damage, [you need to ensure that] the repairs are stable and reliable. A hacker is like someone who uses a hammer to destroy a car - doing damage is easy, it's putting the car back together that's the hard part. I think people need to be educated that, from a technical standpoint, hacking is not much of an achievement.
What attracts you to the task of thwarting would-be hackers?
It's like playing chess. You guess their move and try to move first. The challenge has always interested me.
How has your eclectic array of experiences (science-fiction writer, sports journalist, software developer and business book author) affected the way you approach your job as CTO?
Science fiction takes a lot of imagination - it's about seeing the future. All these different jobs trained me to not be afraid of approaching new fields, and that has really helped me because technology changes every day. If you're not open-minded and you're afraid of new technology, then you can't do your job well.