This year has been especially exciting for us. Earlier in the year, we reached a significant milestone of growing our user base to 1 million users. And now we're closing out the year having doubled that number to 2 million. Our team has used its collective industry experience to fundamentally rethink the problem of malware defense and we hope that our rapid growth is a testament to the effectiveness of our approach.
This year also marks the 25th anniversary of the first "in-the-wild" PC-based computer virus. Given all of this, I thought it would be especially timely to write a multi-part blog series on the history of computer viruses and other forms of malware.
First, the concept of a computer virus is actually quite old. The famous mathematician and computing pioneer John von Neumann wrote a paper called “The Theory and Organization of Complicated Automata” where he proposed the idea of a computer program that could replicate. Some proof-of-concept viruses were written since then, mostly for the sake of intellectual curiosity, and in 1984 Fred Cohen performed the first rigorous academic study of such self-replicating programs that could attach themselves to other programs. His advisor at the time, Len Adelman, suggested the terminology “computer virus” given the parallels between biology and what Cohen was studying. Adelman is a remarkably well-known mathematician in his own right, and along with Ron Rivest and Adi Shamir co-invented the RSA public-key cryptosystem that is widely used today.
Cohen defined a computer virus as “a program that can ‘infect’ other programs by modifying them to include a possibly evolved copy of itself”. He developed some proof-of-concepts, but the first in-the-wild PC virus was Brain, which was unwittingly unleashed to the world twenty-five years ago in 1986. Brain was developed by two Pakistani programmers (Basit and Amjad Iqbal) as an anti-piracy mechanism for some medical software they had written. And quite to their shock, the virus actually spread around the world – from floppy disk to floppy disk!
This particular virus was not written with any malicious intent on the part of the authors, but shortly after its release, we began to see more computer viruses in the wild that did have malicious intent. These viruses displayed some level of technical sophistication, but their technical sophistication was geared around infection and propagation. In fact, you could easily detect these viruses because they would announce their presence on your system. For example, some of them would display text on the screen (e.g., the Stoned virus) and others would put on a graphical display (e.g., the Ping-pong virus or the Cascade virus)! So, you didn’t need to be technically savvy to know that you had been infected. Furthermore, it was easy to programmatically find these threats. In fact, some viruses contained some fairly obvious strings that you could use as tell tale signs for detection. For example, the string "Your PC is now Stoned" is immediately visible in any hexadecimal dump of the Stoned virus, which was an early boot sector virus. This virus was actually the first one I got infected with when I inserted a floppy disk containing it into my PC the night before a programming project was due!
Since there were no anti-malware products at that time, viruses generally did not use techniques such as obfuscation, metamorphism, polymorphism, packing, etc., to evade detection. It's just not something that virus writers were concerned with at that point. (The one notable exception, however, was the Cascade virus, which included encrypted itself – but because it used the same decryption routine, it could be detected.)
So, here you had a new problem in the form of computer viruses, and there appeared to be some fairly easy technical solutions to dealing with this problem, and as you can imagine it was not long before the anti-virus industry was born. Since then, there have been many other varieties of threats beyond the traditional self-replicating "parasitic infector" viruses that first appeared on PCs twenty-five years ago! And accordingly, the industry has had to evolve to deal with a large panoply of threats rather than just garden variety computer viruses. I'll talk about some of those variants in my next blog in this series!
0 comments:
Post a Comment