Monday, Apr. 17, 1995

THE DEVIL IN THE NETWORK

By JOSHUA QUITTNER

Dan Farmer is a computer programmer with a gold ring in his eyebrow, a curly shock of orange hair and a tendency to tug on the beard of authority. Last Wednesday, on the day that Farmer turned 33, he gave a gift to the computer world: a fiendish little software device called SATAN.

It was, judging by its advance press, the most dreaded computer program since the Michelangelo virus. SATAN, which is an acronym for Security Administrator Tool for Analyzing Networks, was designed by Farmer and a fellow programmer to help network administrators scan their computers for the technological equivalent of an unlocked back door -- a security hole that could be exploited by unauthorized users looking for a way to break in. By locating the cracks in their computer systems, administrators could patch them before they sprang leaks.

The fear was that the program, which Farmer intended to make widely available free of charge, would have the opposite effect. Computer experts were worried that it would get into the hands of computer intruders, who would use it as a burglar's tool kit to break the Internet wide open. The program is so point-and-click simple that it can turn second-rate hackers into efficient computer crackers.

SATAN certainly landed with a crash. Within minutes of its release, traffic started to pile up on the dozen or so computers around the world that Farmer had authorized as SATAN release sites. "Everyone was grabbing SATAN at once," says John Fisher, a computer-security specialist at Lawrence Livermore National Laboratory, one of several sites that became overloaded in the crush. Two days after satan was unleashed, tens of thousands of copies had been downloaded.

But the wave of satanic attacks never materialized -- or at least they hadn't at week's end. It may be that most computer hackers don't own the industrial-strength unix machines needed to run the program. But it seems more likely that SATAN is actually doing the job it was designed to do. In fact, many security experts are now praising the program -- and the publicity that surrounded it-as just the thing to shore up the Internet.

"The world is a better place with SATAN out there," says Bill Cheswick, a computer scientist at AT&T's Bell Laboratories and co-author of Firewalls and Internet Security. The Internet has been growing so rapidly, says Cheswick, that it is filled with novice administrators running powerful computer networks who don't have any idea how vulnerable their systems are. "The bad guys already have these tools," says Cheswick. "It's a lot harder for the good guys to get them."

That's little solace for Farmer, who until last month was employed as a security specialist at Silicon Graphics in Mountain View, California. In March, when his bosses learned that he intended to unleash SATAN into the world, they gave him an ultimatum: publish if you want to perish. He published. Now he's on the market, looking for a new job.