20th Anniversary Of Computer Viruses Commemorated

DoraLives writes "Our good friends at the BBC are celebrating the 20th anniversary of the computer virus. So, viruses are no longer teenagers and are now entering adulthood, as 'there are almost 60,000 viruses in existence and they have gone from being a nuisance to a permanent menace.' What wonders shall there be to come, as these marvelous bits of code continue to grow and multiply?" We ran a recent BBC-authored story on the psychology of virus writers.

"Celebrate"?

[ummit]

Maybe I'm just a grumpy old curmudgeon, but I don't see what there is to celebrate here, or what is about these little bits of code that's so "marvelous".

Re:"Celebrate"?

[ChopsMIDI]

Well despite the fact that they are quite malicious, some of those viruses are pretty clever.

Re:"Celebrate"?

[bananaape]

If there weren't viruses to exploit holes, then holes would not get fixed.

If it doesn't kill you, it makes you stronger... something like that.

Re:"Celebrate"?

[NickDngr]

If there weren't viruses to exploit holes, then holes would not get fixed.

But is there were no viruses to exploit the holes, then the holes would not need to be fixed.

Re:"Celebrate"?

[Davak]

I have always wanted a bit of code that would replicate in my system and could randomly try to perform natural windows functions.

If it didn't do anything --> it would die
If I didn't like it --> it would die

However, it would randomly change and replicate until it did something I liked. Maybe it would even grab programs that I use a lot and try to borrow functions from them.

Things like this are nice experiments for virus-type structures. The virus that works well I would let live and continue to "mutate" and change. The ones that don't... I kill off.

Search code could be this way as well. Randomly change the code and have an external program measure the speed of the searches. If the searches are improving, the external program supports that virus line... if it's get slower, then it would kill it off.

The cool parts of the biology of viruses should be brought to the computer world... ... too bad we just focus on the damage that they do.

Davak

Re:"Celebrate"?

[EvilTwinSkippy]

With me that makes at least 2 grumpy old crumudgeons then.

Re:"Celebrate"?

[smackjer]

Software != Biology

This might be a good thing or a bad thing, but it's true. While software and biological viruses share some traits (especially in the reproductive sense) the potential "positive" aspects of a virus are basically nil in the software world.

Actually, I'm not familiar with any biological viruses that have proven beneficial, other than having the effect of strengthening the hosts immune system (which is observed in software systems as well, with improvements in virus detection systems).

Bacteria, on the other hand...

Re:"Celebrate"?

Any bets on long it will take for the ultimate "exploit hole" link to be posted?

Re:"Celebrate"?

[Frymaster]

But is there were no viruses to exploit the holes, then the holes would not need to be fixed

uh, that's why the parent post got +3 funny. irony, you know.

more importantly! if there weren't viruses, how many of us would be out of a job? now that's something to celebrate.

Re:"Celebrate"?

[Lumpy]

Most of these viruses, espically the early ones were examples of expert coding. Extremely clever viruses that were unbelieveably tiny and worked well, taking them apart tought you alot about the sheer genius behind them.

today, the viruses are copycats or from virus kits or just plain wannabe's writing junk that happens to work and take advantage of huge holes.

I suggest you actually learn about these buggers, they are absolutely facinating and the early ones are just plain old damned impressive.

It's like the old Demo scene... amazing things with tiny bits of code.

Re:"Celebrate"?

[morleron]

I think I'll join you over in the curmudgeon corner. Why our society chooses to "celebrate" the accomplishments of a bunch of immature vandals is beyond me. I think that it's time to start going after the source of the vast majority of the problems that viruses cause: Microsoft. Until that company is held responsible for the problems that its shoddy products give rise to we will not see a decrease in the virus problem. Let's see, Ford can be sued for exploding Pintos, Firestone can be sued for exploding tires: why can't we sue MS for exploding OSes?

Just my $.02,
Ron

Re:"Celebrate"?

[NickDngr]

Yeah, it's Monday. I'm comedy impaired.

Re:"Celebrate"?

[bananaape]

This one time, my friend told me his administrator password for his Win2k server. I proceeded to use Terminal Services to get on his system, I wrote a batch file that would infinitely append itself to the end of itself, and I let it keep going after disconnecting my session.

He couldn't figure out why his server was going extremely slow due to command.com using 99% of the CPU, and he didn't want to restart becase he was going for some personal uptime record, so he let it run for 3 days before I finally told him.

He changed his administrator password, and the problem was fixed.

That is my only virus contribution to the world.

Re:"Celebrate"?

I exploited your mom's hole and got a virus!

Re:"Celebrate"?

[Dan-DAFC]

Search code could be this way as well. Randomly change the code and have an external program measure the speed of the searches. If the searches are improving, the external program supports that virus line... if it's get slower, then it would kill it off.

You have pretty much just described a genetic algorithm. I can thoroughly recommend this book as a good starting point for learning about genetic algorithms.

Re:"Celebrate"?

[larry+bagina]

You're thinking of worms, not viruses.

Re:"Celebrate"?

[Dan-DAFC]

Actually, I'm not familiar with any biological viruses that have proven beneficial, other than having the effect of strengthening the hosts immune system (which is observed in software systems as well, with improvements in virus detection systems).

There was an example of a beneficial virus posted on Slashdot the other day.

Re:"Celebrate"?

[h8macs]

We can celebrate that the virus writers are only talented enough to write code (VB, VBA) that crashes e-mail servers and web servers.

They do not seem to have the skill or determination to ruin physical equipment like a hard drive I had that a BBS download ruined in 1988.

I guess the abstraction layer actually hinders physical hardware abuse nowawadays eh!?

Re:"Celebrate"?

[plover]

Viruses are being genetically modified and used in theraputic applications to deliver drugs. The traits that allow them to reproduce themselves throughout a host are the same traits needed to deliver drugs to targeted cells. Their ability to invade specific cells far exceeds anything else humans have been able to come up with so far. While current technologies require an extensive focused effort on a per-patient basis, it's expected that someday the treatments will be more "cookie cutter."

And as far as the software != biology example, both "genetic programming" and "genetic engineering" are yielding very exciting results. While they're not software "viruses" in the classical sense, self-modifying and self-selecting programs are coming up with some startling new creations.

Re:"Celebrate"?

[Bendebecker]

If there weren't viruses, none of the holes would need to be fixed.

Re:"Celebrate"?

[Dark+Fire]

viruses and worms are designed to hit a wide range of machines, the intention being to get publicity or attention. When a system is exploited for profit/gain, you almost never hear about it. Even if the individual is caught, you almost never hear about it. Companies don't want their customers to know about those kind of breakins, those breakins affect their stock both directly and indirectly. Directly in that they may loose customers. Indirectly in that share holders may think that the company may loose customers and start selling. I would say that the public nature of what we know as viruses/worms helps us long term, despite the short term annoyance. I would rather have a vulnerability in a web server/application server comprised by a wide spread public virus/trojan than to have the same server silently compromised and have my credit card information and personal information stolen without me or the company I am trusting knowing about it. Stagnation and a lack of commoditization in the software market has led to open source software. By a similiar stroke, lack of security considerations in both software development methodologies, practices, and tools has led to public viruses/worms. They have created public awareness of the problem. I don't know if any legislation exists on the matter, but if I am a customer and I trust you with my information, I WANT TO KNOW whenever their is any chance my information was compromised. If this isn't a law, it should be! Enough for now. Any thoughts?

Re:"Celebrate"?

Fred Cohen is full of crap, he wasn't the first. It was years before then.

Re:"Celebrate"?

[Chatterton]

Good old virus were marvelous. The one who can put themself into an MBR sector, COM or EXE executable. Who can disimulte themself and trick antivirus with interruption tunnelling. Written in assembler. With polymorphism, Encryption... Yes those virus were marvelous. Not the shit you can have now written by some looser in vbscript :/

Re:"Celebrate"?

[doofusclam]

My fsvourite was the Atari ST one which reversed up and down on your mouse. The thing is, it was one of those things your brain just compensated for even though it happened at random, But the first time I noticed it was at 4am after a mammoth session coding a demo, and I was scared s**tless thinking my computer was haunted.

I disassembled the code and to be fair, whoever wrote it deserved a handshake for the coding genius contained within ;)

Re:"Celebrate"?

[linzeal]

You too can create viruses for all your pet peeves, revolutions, and jihads; don't like your job, make a virus that gets revenge for you by making your coworkers computers download child porn, don't like your country take out the BIND/DNS servers, and many more fun applications! Just $25.00 I wish the blink tags worked, sigh.

Re:"Celebrate"?

[NanoGator]

"Maybe I'm just a grumpy old curmudgeon, but I don't see what there is to celebrate here, or what is about these little bits of code that's so "marvelous"."

If computers weren't popular enough to have viruses, we'd all still be virgins.

Re:"Celebrate"?

How in the hell is that a virus? A virus is self replicading code, all you did was make code that got bigger. Malware, yes. Virus, no.

By the way, what kind of a nick is Bananarape?

Re:"Celebrate"?

What? I have checked out the source code of most of the old school 1980's virus's and they were most certainly NOT the product of expert coding and I can remember very few that were just plain old damned impressive as you put it. I just think that many people like to say: "Everything now a days sucks, its not like it was back in the good old days when people really knew how to write a virus" Dark Avenger and all of the famous old-school virus writers were just pimply faced kids who could'nt code well at all. Seriously. Most of those virus's sucked.

As far as your comment about todays viruses being junk. Well, hell, look at Saphire (SQL-Slammer worm). The entire fscking worm fit inside of a single UDP packet! . There are lots of cool virus's being written nowadays. You just have to look.

Re:"Celebrate"?

written by some looser in vbscript

If I may ask a question. What in the hell is a looser??

Re:"Celebrate"?

I guess the abstraction layer actually hinders physical hardware abuse nowawadays eh!?

What in the hell are you talking about?

Re:"Celebrate"?

[Feztaa]

But is there were no viruses to exploit the holes, then the holes would not need to be fixed.

Bullshit. If the viruses weren't there to draw attention to the holes, then the malicious human attackers would just continue to use the attacks in secret.

Re:"Celebrate"?

[h8macs]

Abstraction layer in the most simple terms is the interface between the Operating System and a computers hardware.

See definition:
http://whatis.techtarget.com/definiti on/0,,sid9_gc i214424,00.html

Re:"Celebrate"?

it did NOT fit inside a udp packed, the command to retrieve the virus fit in the udp packet..

try learning about what you talk about....

if a virus is not written in assembler, it's from a poeser wannabe.

Does this mean that they'll ...

[burgburgburg]

finally leave home and get a job?

Their mother and I have put up with enough!

Re:Does this mean that they'll ...

finally leave home and get a job?

Yes, it does. Meet their new employers.

Re:Does this mean that they'll ...

You're such a LOSER! HAHA. Look at my Lexus. Isn't it shiny? I'm better than you. I live on my own plot of land too. I get to pay through the nose in taxes and the sprawl is bad, but I'm a MAN !

thank you, thank you..

[grub]

We'd like to thank the Academy, the little people and most of all Microsoft for making all this possible. Here's to another 20 good years.

[applause]

Re:thank you, thank you..

[DasAlbatross]

Blaming it on Microsoft is foolish. There are exploits in every OS out there. People write for MS because it's what people use.

Re:thank you, thank you..

[grub]

People write for MS because it's what people use.

Microsoft apologism.
There were viruses on the Mac "back in the day", UNIX worms and Linux worms but MS doesn't have enough fingers to stick in the dike. Consumer product recalls don't come about because many people use them, they come about because of flaws in the product. Software companies are immume to these types of recalls and we all pay.

Re:thank you, thank you..

But Microsoft writes the best virus OS money can buy.

Re:thank you, thank you..

s/best/only/g

Re:thank you, thank you..

[EvilTwinSkippy]

Wait a minute. That's way too short. You have to thank Melissa, and Ana, god bless.

And all the folks who double clicked on me, in alphebetical order: Aarron Aardvark, Adam Acres, Audry Acres, Barnaby Acres ...

Re:thank you, thank you..

[DasAlbatross]

Don't get me wrong, I'm not saying that Microsoft is putting out a solid OS, I'm just saying that it's flaws are overexposed but the sheer amount of use it gets. I know that the bugs reported on software I write is directly proportional to the number of people using it. Users will find the most asinine, crackheaded things to do with your software and Microsoft has more asinine crackheads using it than anyone else.

Re:thank you, thank you..

[Carnildo]

Blaming it on Microsoft is foolish. There are exploits in every OS out there. People write for MS because it's what people use.

I've got a great counter-example for that. Microsoft's IIS web server runs about 20% of all web sites, while Apache runs 70%. By your logic, Apache should be the server everyone attacks.

I've been running a copy of the Apache web server on my home computer for the last three months. During that time, I've logged 22,000 attacks on my server. And every last one of those was attacking it as if it were IIS.

Re:thank you, thank you..

"I've been running a copy of the Apache web server on my home computer for the last three months. During that time, I've logged 22,000 attacks on my server. And every last one of those was attacking it as if it were IIS."

Sorry about that, I will be sure to remember you have Apache from now on.

Re:thank you, thank you..

[Carnildo]

Sorry about that, I will be sure to remember you have Apache from now on.

Thank you. I was getting bored.

Re:thank you, thank you..

[Scudsucker]

People write for MS because it's what people use.

And because Microsoft makes it incredibly easy for them to do so. Even if Apple had 95% marketshare, they would only have a fraction of a percentage of the number of problems that Microsoft has.

Most of the "show stopper" worms and viruses for MS's products aren't from some obscure buffer overflow, but because they were designed without any thought to security.

Re:thank you, thank you..

Yet according to posters here on Slashdot, Apache running on Linux accounts for the vast majority of website defacements and the like.

Sure, where information reliability is concerned posters here on Slashdot rank just above Fox News and just below what some bloke said in the pub last night, but in this case I believe it.

Re:thank you, thank you..

[RLW]

Exactly! If Apache were as vulnerable as MS IIS then the web would be un-usable. At 70% web server share Apache should be the server to attack not MS IIS. It would be interesting to compare attack attempts vs. success by platform. I don't have the data but I will bet my house that Apache will fair much better than IIS.

Re:thank you, thank you..

[Geek+of+Tech]

>> Users will find the most asinine, crackheaded things to do with your software and Microsoft has more asinine crackheads using it than anyone else.

Finally! A quote I can agree with! :P

Re:thank you, thank you..

[Ed+Avis]

Yes but Microsoft software often makes it especially easy for asinine crackheads to do stupid things. For example, running as local administrator by default in some Windows versions, or allowing write access to the Windows system directory even for non-admins. Disguising running an executable as 'opening' a document, so most users cannot tell which attachments are safe to read and which aren't. Executing scripting languages attached to documents so that even viewing a doc can expose you to macro viruses (partly fixed in newer Office versions by prompting about macros, but why is the macro language allowed unrestricted access to modify other documents anyway?). File formats that include leftover binary garbage from old documents, so people can find information you didn't intend to send them.

A Unix-like system with text-based file formats (so you can see exactly what you're sending), a clear separation between root and ordinary user accounts, between editing a document and running a program, and with a traditional text-based mail reader would do a lot more to protect stupid users from themselves. (And Unix is not exactly great in this regard - it's only when you stand it next
to Windows that it looks good.)

So it's an unfortunate coincidence that the OS used by the greatest number of idiots is also the one that does the least to stop them doing stupid things. Or perhaps not such a coincidence after all...

The first picture in the article...

[momerath2003]

support@microsoft.com
support@microsoft.com
supp ort@microsoft.com

They let it happen; now, they're sending it to your doorstep.

Re:The first picture in the article...

Make "PhyicsExpert" [slashdot.org], the worst kind of troll, your foe!

Do you want to elaborate on this? I find PhysicsExpert entertaining ...

Re:The first picture in the article...

[momerath2003]

Well, the thing is, a TON of moderators are too stupid to tell fact from disguised fiction, so he gets modded up informative and such. It's not a good thing to pass off misinformation to people, you know. I hate people who go around spouting out nonsense about science that they think is true but is really just stupid.

(Heck, I don't know that you're not PhysicsExpert, but it doesn't really matter.)

i'm celebrating by

[Savatte]

opening up and unsecuring all the ports on my machine!

Re:i'm celebrating by

[Lane.exe]

This is no cause to install Windows.

Re:i'm celebrating by

[Woy]

opening up and unsecuring all the ports on my machine!

That should be an option during the installation of windows, so that we could unselect it.

Scary

[metlin]

Whats scary is that this article is right next after one that says Microsoft Moving Into Chip Design. Is this an omen of some sorts?

Disturbing. Very disturbing.

Re:Scary

[GoofyBoy]

>Is this an omen of some sorts?

Yes, it means that its almost time for another SCO article.

Re:Scary

[bigberk]

Whats scary is that this article is right next after one that says Microsoft Moving Into Chip Design

Good point. Electrical Engineers know that microcontrollers rule the world. Now although Microsoft is interested in the gaming side of things, I for one would be terribly worried if Microsoft actually started to get the world to use its microcontrollers (along the lines of Motorola 68K etc.). These core units are found in just about every electrical device you have contact with. I would seriously shit my pants if Microsoft-made hardware found its way into critical equipment.

Re:Scary

[smackjer]

Actually, I think we're extremely overdue for a SCO article at this point.

Re:Scary

[hotairhappy]

Can't be that scary, chip design is easy. :)

What wonders shall there be to come

[bigberk]

Just you wait, there's more in store. Except it seems now that virus authors have major financial backing (spammers) and are establishing a sophisticated zombie infrastructure running on Windows machines that will cause years of serious trouble. Time to start seriously prosecuting these a$$holes (spammers, virus authors, or Microsoft... you decide!)

Re:What wonders shall there be to come

[pvt_medic]

Reminds me of the age old problem, who do you focus on the drug users or the drug distributors. Its a lot easier to findd the users but the end result is not much. You get the distributors and you do a lot more damage. Now you have to decide who is the users and who is the distributors....

Re:do *NOT* read that article: you already read it

This slashdot what really are the odds that the article been read by anyone?

Aren't they at least 21?

[xanthines-R-yummy]

wasn't the first boot sector virus written around 1982 on what was then called the Nova system? i believe it infected the track 0 of the diablo disk drives.

Anyone old enough to know what I'm talking about?

Re:Aren't they at least 21?

[AbbyNormal]

Nah, there has to be one older. I found this link. I'm guessing they started appearing around 1975 or so.

Re:Aren't they at least 21?

[fred_sanford]

You forgot to start counting at 0.

Re:Aren't they at least 21?

1982 => 0 years
1983 => 1 year ...
2003 => 21 years

Maybe you think the count should start at -1?

Re:Aren't they at least 21?

I was the person who first isolated the Westwood
virus. It seems like that was more than 20 years
ago... but it wasn't. It was 1990.

I remember there was a lot of hoopla about how
there was a "Friday The 13th" virus that was
going to attack the computers of the UC system
in August of 1990.

I bought a motherboard and a 10Mb HD from a
Taiwanese sutdent at UCLA who was going into the
PC hardware business.
The HD came with DOS and a copy of speed.com
installed... I noticed the first time I ran it
that speed.com reported an odd, inexplicable
value for the processor MHz.
After m$ word failed with a checksum error (m$
products failed more gracefully in those days)
I compared word.exe to the copy stored elsewhere
on the HD and found some odd strings. I managed
to get an almost clean copy of the viral code by
writing a short assembly program and running it.

I reported this to the SEASNET folks, and in a
couple of hours they called me back and said
"congratulations, you have isolated the Friday
the 13th virus".

I asked them to keep my name and department out
of the press release, hence it became known as
the Westwood virus in honor of the location of
UCLA (go figure).

Re:Aren't they at least 21?

[AndroidCat]

Makes sense, that's when Gates and Allen wrote thier BASIC. :^P

But seriously, I'm sure that there were Apple II viruses long before 1983. (I think I even remember my reaction of "Huh? That's old news" to this presentation 20 years ago.)

Re:One more year and...

[F34nor]

Twenty one is the legal drinking age lat time I checked. But...

It represents a full generation. e.g. One cadre of people have grown up for their whole lives in contact with both the realities of the thing and the meme.

This might inicate both better virus and better defenses.

It also might just be a slow day for the news.

Anyone remember this one...

"Something wonderful has happened...Your Amiga is alive!"

Good ol' days.... ;)

Only 60,000 ?

I remember about 5 or 6 years ago, back when I last used AntiVirus software (I've since then stopped due to degraded PC performance, I don't accept email attachments or open ambiguous executables and I also hit windowsupdate daily and have never had any issues) there was claimed to be over 50,000 virii known to McAfee.

Has the growth slowed down or something?

If anything I thought there would be much more today with the staggering amount of computer users (and crackers/hackers/elite people whatever you wan't to call them).

Or is this a good sign? Maybe since more and more people use AV software the authors just figure its not as easy anymore?

Re:Only 60,000 ?

[simi-lost]

Sounds like some pretty unsafe computing to me. It has more to do than with attachments, or executables. The ONLY way you would ever avoid getting a virus without running an A-V would to be NEVER hook a phone line or Wireless, or network cable of ANY sort to your computer, and NEVER put in ANY kind of removable media. This kind of computing is very unsafe. It only takes one bad website you drive by to infect your machine. I hope you practice safe sex better than this. I hope you do more than shove a cork in the hole of your pecker, and I also hope you never bang you peter on the side of the urinal to dry it...

Re:Only 60,000 ?

Your mistaken though.

Virus don't travel over phone line or wireless unless you download them. Perhaps you are thinking about worms?

As for removable media. I use it all the time (CD and DVD but not floppies) and I don't boot from untrusted media that has no reason to be booted from nor do I download any warez.

As for bad websites, I use Mozilla which is a very good browser, and when I must I use Internet Explorer (which has all of its security settings raised).

Don't misunderstand--worms and activex exploits aren't really virii but I don't get infected by those anyhow.

Secure computing in my opinion is an enlightened user, a decent set of firewalls before their machine and 5 minutes of daily attention to patches and security alerts.

Viruses signal the organic nature of the net

[heironymouscoward]

Put enough people into a system and it starts to behave like an organic system rather than individuals each doing their thing.

Viruses, worms, trojans are way past the point of being expressions of individualistic derangement.

They represent the nasty side of the biology of the Net: the fact that any simulated or real ecosystem produces more parasites than non-parasites, and that non-parasites have to spend a significant amount of energy fighting off the bugs.

Two decades is not significant in itself, but it should be a stark warning that viruses are not going to go away, that the Net is turning "wild", and that we need something other than daily antivirus updates to keep our systems safe.

Re:Viruses signal the organic nature of the net

[dekashizl]

They represent the nasty side of the biology of the Net: the fact that any simulated or real ecosystem produces more parasites than non-parasites, and that non-parasites have to spend a significant amount of energy fighting off the bugs.

The difference here is that we, as people, have an almost unlimited power, as compared to our physical biological ecosystem(s).

Our ability to alter the fabric of i-space (dynamic network reconfigurations, recompilable open-source megastructures, ...) provides somewhat divine powers over the ecosystem.

So rather than spending "a significant amount of energy fighting off the bugs", we will instead construct a system that is self-maintaining and actually utilizes the parasitic nature available for good (think of the "good" bacteria in your stomach).

I believe that the concept of Digital Rights is the key that will allow us to lock order into this future.

I also believe that several human generations will pass before we are able to sieze the reigns of DRM from corporate "dinosaurs" and propel ourselves as individuals into this new age.

This will be a world-wide revolution of a nature that cannot even be comprehended.

Re:Viruses signal the organic nature of the net

[JohnwheeleR]

Yeah, sure, whateva... and, there is no spoon

Re:Viruses signal the organic nature of the net

[heironymouscoward]

...we, as people, have an almost unlimited power

For good, or evil. The bugs in your stomach took many million years to go from deadly to cooperative, and they don't preclude a zillion other bugs that see you as a walking buffet.

Our physical biological ecosystems represent 3 billion years of massively parallel real-time calculations. What happens in the natural world is not particularly 'inefficient' or 'limited', it's just the conclusion of long and unrelenting application of natural laws.

What we're seeing in the Net today is the evidence that some of those same laws also apply.

The future has two faces. One is total and utter chaos, continuous warfare. The other is a balanced system obeying natural laws. The same thing, two points of view. What I'm proposing is that by understanding natural laws we can better understand the Net and where it's going.

And since this is the next question, the basic law of nature is that (species/algorithms/protocols/strategies) compete for finite resources. Evolution is driven by the selection on replicators, i.e. each generation consists of the descendants of those (species/alorithms/protocols/strategies) that survived the last time.

One of the most successful strategies in natural and arificial societies is simply to steal resources from another. Species/etc. that don't evolve defenses against such behaviour die out.

And one of the most solid defenses against a certain class of living parasite (microorganisms also called viruses) is to switch the locks of the immune system each generation through a process we call "sex".

So, my long-winded conclusion is that our systems do not need DRM, they need to get out and date.

Re:Viruses signal the organic nature of the net

[kalidasa]

When viruses write themselves, then they will be expressions of the organic nature of the internet.

Re:Viruses signal the organic nature of the net

[fermion]

And the universe is a computer

We use analogies to help us understand new things. By attaching the new thing to a known thing, the brain can 'file' it in such a way that the new thing can be efficiently 'retrieved', much like a primary index is used in a relational database. Which is not to say the brain works like a RDMS, but research indicates that one can develop some practical theories in education using the RDMS analogy

This is why we call these pieces of code worms and viruses instead of dejs and kafs. We may in fact be able to use the analogy to defend against these 'parasites', but taking an analogies too far tends to lead us down blind alleys, drop stitches, and generally ends up in cliche hell.

Re:Viruses signal the organic nature of the net

[dekashizl]

So, my long-winded conclusion is that our systems do not need DRM, they need to get out and date.

Heh, well said. Sex is definitely a proven method of shuffling defenses that allows genetic patterns to propogate -- by staying ahead of the competition in a competitive system.

You named two faces of the future: "total and utter chaos, continuous warfare" and "a balanced system obeying natural laws". You call them "the same thing, two points of view." I agree with that observation, but there is more to the picture.

What I am describing (as when I discussed our "divine powers" due to our "ability to alter the fabric of i-space") is a framework in which "the competition" is 100% controlled. It is the ability to introspect and self-mofidy that facilitates major paradigm shifts. (An excellent book on this and other topics is Godel, Escher, Bach: An Eternal Golden Braid by Douglas R. Hofstadter.)

In this case, the messy businesses of mutations and recombinations would be useful for generating new and interesting ideas and art much more so than for the survival of stakeholders within a mostly disordered system.

This controlled future may feel more like an abstract thought experiment, but I believe it is our destiny within several generations to manifest this Incomprehensible Revolution of Ascension.

Re:Viruses signal the organic nature of the net

[heironymouscoward]

"Model" is more accurate than "analogy".

Viruses don't work like organic viruses, but viruses, trojans, worms, spammers together work like parasites, and this is not an analogy, but intended as a literal statement. They represent a parasitical strategy which succeeds because the 'honest' strategies do not protect themselves enough.

Re:Viruses signal the organic nature of the net

[1lus10n]

So basically since no software can be utopian (made by humans, to error is human and so on ...) all software will evolve or die.

I whole heartedly agree. someone drop ms a line and tell them to evolve into something secure, or die.

Re:Viruses signal the organic nature of the net

[Pope]

Viruses, worms, trojans are way past the point of being expressions of individualistic derangement.

I disagree completely. It still takes a single person to take it upon themselves to sit down and code a virus, worm, trojan, etc. It's a directed effort based on the choice to wreak havoc on someone else's property. Take away the malicious nature so many people online seem to have, and the instances of these types of disruptions will vanish.

XBox viruses?

[3Suns]

Hmm, I just thought of something when looking at the top 2 stories... Why aren't there any XBox viruses? It seems like a prime target for worms, with internet connectivity via XBox Live, a well-published interface for firmware hacking via software, a homogenous monoculture of both hardware and software, not to mention probably dozens of well-known vulnerabilities from its use of Windows and DirectX alone. Is there anything special about the XBox that is protecting it more than PCs from a plague of viruses?

Re:XBox viruses?

[Jeedo]

Yes, unlike windows it doesnt have any ports open by default.

Re:XBox viruses?

[dknight]

You just HAD to go and give them ideas, didnt you?

Now we're all going to be flooded by worms/viruses from zombie X-boxes.

I'll remember to blame YOU for this.

Re:XBox viruses?

[Sqwubbsy]

Do you think they'll change that now that they're designing the chipset?
Seriously, if they do it on the OS level, might they do it on the 'black box'?

Re:XBox viruses?

Unsigned code can't be run on the xbox without a modchip (or with various hardware tricks that require physical access).

You can't connect to xbox live with a mod chip enabled. So no unsigned code can be delivered and run via xbox live.

Welcome to a preview of future version of windows with all kinds of DRM fun.

Re:XBox viruses?

[sverrehu]

There's a patent on XBox viruses, so you probably won't see any until the patent expires in 2018.

Re:XBox viruses?

because script kiddies can toy around with the windows boxes their mommys buy for them, but dont want to mess with that xbox in the same manner

Re:XBox viruses?

Doesn't the XBox only execute code that is Digitally signed? So wouldn't only a small percentage of people that have modded their XBoxes be at risk?

Re:XBox viruses?

[Archangel+Michael]

OMG!!!

This just came to me. What if Xbox is only a prelude to DRM based computing? What if the next Windows only accepts Signed Code, and will only run on DRM HW?

Talk about Monopolies!

Re:XBox viruses?

[AKnightCowboy]

This just came to me. What if Xbox is only a prelude to DRM based computing? What if the next Windows only accepts Signed Code, and will only run on DRM HW?

This *just* came to you? Did you just crawl out of your WWII bunker or something? Welcome to the 21st century, alas, no flying cars yet. :-)

Seriously though, this is definitely where computing is going and I can't necessarily say it's a bad thing. Viruses won't get very far if they have to be signed by a trusted authority before they're physically capable of running on your hardware. On the other hand, the days of compiling your own source code and running the resulting binaries is probably nearing an end if the trusted computing platform people have their say in it. Unless there's a setting to disable this I'd say open source computing is destined to die off.

I wouldn't worry too much though since as long as the Asian computer companies exist there'll be suppliers for hardware to satisfy our requirements for non-DRM capabilities.

Re:XBox viruses?

[lullabud]

you clearly haven't bothered to bother looking things up, but rather jump to inaccurate conclusions..

xbox-linux faq about methods of installation

Re:XBox viruses?

[YOU+LIKEWISE+FAIL+IT]

Ok, sure, you compromise a Mechwarrior or 007: Nightfire savegame, execute your buffer overflow, and your virus is in core. ( Assuming your victim has either game, and that they'll then go and load that particular save. )

Now tell me, how are you going to infect the Mechwarrior/007 savegame in the first place? Few people take advantage of the ability to use USB mass storage as XBox memory cards, and of those, fewer still would be dim enough to download trojanned savegames from an unknown source. Even then, where is your virus going to go to?

I think Grandparents conclusions are in fact perfectly reasonable.

YLFI

Re:XBox viruses?

[lcde]

Luck :)

Re:XBox viruses?

[lullabud]

i'm not saying it's possible to remotely exploit an xbox, i'm saying that it doesn't require hardware modifications.

Re:XBox viruses?

[Archangel+Michael]

What I meant, was that XBOX is the Trial Balloon for Trusted Computing, to work out the bugs, so to speak.

I can see it now, you get get your next PC for $0 and HAVE TO buy all your software from M$.

Re:XBox viruses?

[AKnightCowboy]

I can see it now, you get get your next PC for $0 and HAVE TO buy all your software from M$.

Buy? I think you mean lease all your software from MS. :-) Much more profitable for them if they have a guarenteed annual income from you.

Re:XBox viruses?

"Is there anything special about the XBox that is protecting it more than PCs from a plague of viruses?"

Yeah - they've all been modded to run Linux.

Pickin' and grinnin'
Mal the Elder

Re:XBox viruses?

Right. . .

and that's why I have a LAMP (Linux Apache MySQL PHP) server on my xbox. . .

no mod chip, just a game with (get this)
a security flaw that let arbitrary data enter the xbox.

I'm essentially the reason they chose a proc that isn't just 80x86 for the new xbox.

And I repeat, I never had to open the chasis.

Re:XBox viruses?

[darc]

Yes. The xbox requires signed code.

As for firmware hacking via software, that requires that you open the box and solder two pads to each other to enable writing to the bios.

It is not as simple as "enter once, run anytime". First of all, games running off the DVD do NOT boot from the hard drive at all. They have a fully self contained system in there. An xbox can boot and "play" without a hard drive properly formatted in it.

Next, running unsigned code requires that you run a signed program with a specific bug to get into 'unsigned mode' that expires when you reboot. Since you cannot sign your virus, your virus cannot run on reboot.

xbox live is also carefully controlled and sends out signed code. Sneaking in unsigned code is nearly impossible. Further, it's useless, as it won't run. The only boxes vulnerable to viruses would be mod chipped boxes.

Supposing that one uses the xbox font hack, the software only boot solution to implement a virus, it gets immediately detected on xbox live and banned as well. Live has mod detection. Even if the virus auto installed the font hack, etc, the only way to get it in is manually overflowing an existing program, which means, you know what you are doing. There's nearly NO way to get unintended code into these systems.

As for vulnerabilities for windows and directx, that is patently false, as all the overflows that we've used to get in, so to speak, were not in either of those. The xbox is a perfect example of the difficulty of getting a virus into a trusted computing system, one of the actual selling points of TCA.

Re:XBox viruses?

[radja]

that's a software patent, so not valid for european viruswriters ;)

Re:One more year and...

[Kyont]

Y2K Dogbert quote: because it's "a big, round number... biigg and rouunndd...". Mwahahahaa!

What wonders shall there be to come-Movie-"BOMBS".

"Time to start seriously prosecuting these a$$holes (spammers, virus authors, or Microsoft... you decide!)"

I'd like that technology they have in the movies that causes computers to explode. Send me a virus, will you? Take that! Trojan me? BOOM!

Journalists

[Doomrat]

"there are almost 60,000 viruses in existence"

Why do journalists insist on sticking poorly researched figures in a writeup? Do they think that this somehow makes it all seem more credible? This number is clearly just a count from a virus checker's definition file summary. I bet they failed to include or even comprehend the fact that viruses are not a Windows only thing - heck, game instructions for the Amiga would insist that you hard booted your machine to get rid of potentially evil RAM content type stuff.

Re:Journalists

[NecroBones]

Well, it should also be noted that most of those virus definitions in that count also include obsolete software and OS versions. Many of those were DOS based (including the uncommon "companion infectors", something unique to DOS), and floppy MBR infectors, etc. It's misleading to imply that over 60,000 strains are potentially going to infect your Windows XP box from across the 'net.

Celebrate!?

[GOPWillC]

I really don't see how you celebrate the creation of the first virus. It's like saying "Woo hoo, my PC has been fried, and I lost my long-worked on school report." It should be remembered, not celebrated, I guess their are some sado-masochistic PC owners who enjoy their PC getting damaged, and their work lost.

Re:Celebrate!?

[Satan+Dumpling]

Yeah, it was horrible. In college my dumbass roommates got the anti-cmos A virus on my 486, didn't even bother to tell me Win3.1 was acting weird. Lost everything on my 40 meg hard drive. Ever since, I update virus definitions religiously.

Re:Celebrate!?

[bananaape]

The next time you get mad at a virus, think of all the people at Symantec and McAfee that depend on them to feed their families.

Re:Celebrate!?

Good point.

I doubt Jessica Lynch will be holding a 5h year anal-rape anniversary party.

What virus menace?

[Realistic_Dragon]

The last time a virus inconvenienced me was back when I brought an ex-display A5000 with a collection of 200 viruses on it (according to the virus checker - never did get them all I think).

However, I get haraased by viruses on a daily basis... as part of my free geek tech support that people assume I run. In my opinion I wish viruses would totally trash hard disks as then I could just tell people to buy a Mac or install Linux for them instead rather than being forced to clean up - a long and painful process on Windows.

I don't suffer from a virus menace, I suffer from a stupid user menace, made worse by the fact that they don't knoe enough not to choose a crippled operating system.

Once and for all

[bigjnsa500]

Once and for all I'd like to see a breakdown of what systems these virus' go after. I wanna know how many AIX, how many Windows, SCO, DOS, OS 8-10, etc.. these things are meant for, you know, the whole schabang.

Re:Once and for all

[fermion]

As has been mentioned here ad infintum, such a set of numbers would be kind of silly. Without the knowledge of how easily the code spreads and how much damage an infected machine will sustain, the numbers are meaningless. One could in fact write several thousand trivial ineffective viruses for *nix and then argue that they be included in the list. it would not make *nix a less secure environment, it would only mean that someone cared enough to sit down and generate malicious code.

Wait a year.

[missing000]

Well despite the fact that they are quite malicious, some of those viruses are pretty clever.

Think about it. This really is something to celebrate.

Next year the viruses can legally drink.

A drunken virus should be much easier to thwack.

Re:Wait a year.

[DataCannibal]

apart from the British ones who have been getting smashed legally for a couple of years and illegally for even longer. And in some parts of Britain viruses are grandchildren already

Londo and the Computer Demons

[Alien54]

I am reminded of the Babylon 5 Episode where the Centauri Ambassador Londo Mollarri has offended someone he should not, resulting in his room and accounts being molested by some sort of Computer Demon, which proceeds to place all the music he hates, messing with the enviromental controls (including odors) and even messing with all of his communications and financial accounts. (episode synopsis here)

This equates to artificially intelligent versions of viruses, complete with very sophisticated capabilities. A script kiddies delight. Of course, properly written, it could be dangerous to play with, taking out a few script kiddy systems in the process.

(imagine demonic voices coming out of a system - "Who dares summon me?")

Re:Londo and the Computer Demons

[hesiod]

> imagine demonic voices coming out of a system - "Who dares summon me?"

Imagine? Hell, my PCs have already been possessed three times. It asks where I want to go today, which freaks me out -- Why does my computer want to know where I'm going!?!?!? Luckily, I know just what to do.
I splash Holy Water all over it. I know it works because the demon emits smoke, fire, and sparks in his death throes. Unfortunately, the PCs never work after exorcism, but I don't care, as long as that demon is dead/banished to hell and can't frighten anyone else or invade their computer.

Yes, I am

Anyone old enough to know what I'm talking about?

Yes. I am old enough to know what you are talking about.

However, that doesn't mean I do know what you are talking about.

Viruses and OS X

[Pyro226]

Because of the regular virus infections that take down half of the network at my Highschool (half of the computers are Macs, the rest are windows), all students that want to bring in laptops have to go the the computer lab and get a copy of Norton Antivirus installed. This rule applies to both Mac and Windows computers, despite the fact that we haven't gotten any Mac viruses. Because of this my friend got a copy of Norton on his nice new Powerbook.

Now the point of my story - My friend looked into exactly what Norton was checking for, and it turns out that almost half of the viruses it was checking for were actually Microsoft Word macros. Now, I don't know that much about Word macros, but I'm assuming that most of the ones that would mess up a Windows box are different from those that would mess up an OS X box. So before anyone says that virus only show up for windows because it is the most popular, also realize that Micro$oft can't even write a secure word processor.

Re:Viruses and OS X

[H8X55]

antivirus checklist

1. un-install ms word - you've just reduced your chances of being infected by foughly 50%
2. add favorite antivirus software of your choice add another 30-35% of protection.
.........

Re:Viruses and OS X

[Pyro226]

1. un-install ms word - you've just reduced your chances of being infected by foughly 50%

My friend doesn't have MS-Word, Norton was just being thorough. In a sort of ironic twist however, he uses the laptop to do Bioinformatics work with viruses; like comparing SARS with other viruses to try to figure out how it works.

Yes, we're in highschool. But we go to a vocational school, and we're both enrolled in Biotech.

Re:Viruses and OS X

[HeghmoH]

Actually, there are no (that I know of) Mac-specific MS Word macro viruses. However, they are still worth checking for on the Mac, for two reasons. First, although the macro virus probably won't work completely as it should on the Mac, often it can work well enough to at least self-replicate. Second, even if it can't, scanning for them still prevents an unsuspecting Mac user from passing on the virus to a Windows-using friend.

Re:Viruses and OS X

[poot_rootbeer]

Now, I don't know that much about Word macros, but I'm assuming that most of the ones that would mess up a Windows box are different from those that would mess up an OS X box.

You're missing half of the point.

You want your OS X virus scanner to identify those Windows-based Word macro viruses, even if they can't affect your Apple, so that they cannot affect other, Windows-based machines, when you pass that document along to someone else.

Without that virus check, you may not be susceptible to Word macro viruses, but you could still be communicable.

Re:Viruses and OS X

[Angst+Badger]

So before anyone says that virus only show up for windows because it is the most popular

This has always sounded like a bogus argument to me. Because more Linux boxen are servers in important roles and because the Linux internals are out there for everyone to see, Linux ought to be a more appealing target for virus writers except that it is more fundamentally secure than Windows. Windows is a more popular target because it is so easy to hijack, not because it is more popular.

also realize that Micro$oft can't even write a secure word processor.

The main problem is that most people, apparently including Microsoft's management, don't realize that Word (and by extension, Office) is not just a word processor; it is a fully-blown development platform designed to integrate at many levels to outside applications. Unfortunately, Microsoft continues to act as if Word was just an ordinary desktop app like, say, Winzip, instead of what it really is, a bytecode interpreter with a word processor bolted on top.

Re:Viruses and OS X

[Carnildo]

almost half of the viruses it was checking for were actually Microsoft Word macros.

Only half? With the latest version, it's around 95%.

Yeah, old stories (fuzzy feelings)

[danigiri]

A little tear streaked down on my cheek! O' the good ole' days!!!

Nowadays, with the advent of MacOSX (chugging along, thanks) and Linux, these little critters are a thing of the past....

Oh! You mean that they aren't exctinct like the ill-fated dinosaucers!?!? Geez! You mean they only run on MS Windows! You kidding? And to help them procreate and run rampant like in the ancient days, uncle Bill leaves the ports open??? Good 'ncle Bill!

PS: before the hordes of trolls and uninformed bots advocating the alleged security-via-obscurity of MacOSX come in by the legion, please do a google and a slashdot search (yes it even was published here) on PowerPC shell-codes, thank you. After having read and thouroughly understood the ample PDF's, come back and dare to post.
SPOILER: the CS library next to you surely has a publicily available wrinkled PowerPC assembly and arch book for you, go read them.

Re:Yeah, old stories (fuzzy feelings)

[happyfrogcow]

Nowadays, with the advent of MacOSX (chugging along, thanks) and Linux, these little critters are a thing of the past....

Do computers imitate life? Don't viruses mutate in nature? Whatever doesn't kill a virus only makes it stronger. Nice optimistic thinking, the world needs optimists, but I doubt viruses will simply die out because of Linux and OSX. Where there's a will, there's a way.

Re:Yeah, old stories (fuzzy feelings)

You mean that they aren't exctinct like the ill-fated dinosaucers!?!?

Ah, yes, the dinosaucers. Like the Teacup Rex and Chinasaurus.

Re:Yeah, old stories (fuzzy feelings)

[andfarm]

The article -- if I remember it correctly -- was a set of listings of PPC assembly to do things like exec /bin/sh. Nothing interesting, nothing that couldn't be generated by gcc. Nothing that remotely resembled a security hole.

"Celebrate"?-Do the viral dance.

"If it doesn't kill you, it makes you stronger... something like that."

Woo Hoo! Let's hear it for SARS and Ebola.

Re:do *NOT* read that article: you already read it

[ChopsMIDI]

hehe. I know I haven't read the article yet.

Wait for it..

[NegativeK]

Wait for it..

Viri! Virii! Viruses! Viren! Viris, viriis, virexies, virusenixien!

Okay, now there's no need for anymore of that.

The first virus?

[way2trivial]

I would have sworn i read that the first "virus" was a gentleman that set his computer to keep re-submitting a print/andor/processing job- and over the weekend it had replicated his request 20k times... bogging down the entire mini system...

Re:The first virus?

[Tin+Foil+Hat]

Nope. It may have happened, but what you described is a DoS (Denial of Service) attack.

60k?

[MoFoQ]

I thought there were more....including failed ones and the "text-based" ones where ppl are the replication mechanism....oh, the ol' "GOOD TIMES".

Virus

That's funny, the vacuum tubes in our SGI and Sun systems here keep blowing out, I'm getting to think it's a virus at work. I'm sure our IT staff hopes it doesn't keep up for another 20 years.

I for one...

[doublebackslash]

Welcome our new virus overlords!

nmap -sT -v -v -I -O 24.247.212.249

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2003-11-10 15:17 EST
Host 24.247.212.249.bay.mi.chartermi.net (24.247.212.249) appears to be up ... good.
Initiating Connect() Scan against 24.247.212.249.bay.mi.chartermi.net (24.247.212.249) at 15:17
Adding open port 5000/tcp (owner: [LL]36851)
Adding open port 1025/tcp
The Connect() Scan took 14 seconds to scan 1657 ports.
For OSScan assuming that port 1025 is open and port 1 is closed and neither are
firewalled
Interesting ports on 24.247.212.249.bay.mi.chartermi.net (24.247.212.249):
(The 1638 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE OWNER
21/tcp filtered ftp
25/tcp filtered smtp
80/tcp filtered http
110/tcp filtered pop-3
119/tcp filtered nntp
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1025/tcp open NFS-or-IIS
1080/tcp filtered socks
1434/tcp filtered ms-sql-m
5000/tcp open UPnP [LL]36851
6667/tcp filtered irc
12345/tcp filtered NetBus
12346/tcp filtered NetBus
Device type: general purpose
Running: Microsoft Windows 95/98/ME|NT/2K/XP
OS details: Microsoft Windows Millennium Edition (Me), Windows 2000 Professional or Advanced Server, or Windows XP
OS Fingerprint:
TSeq(Class=RI%gcd=1%SI=1D2C%IPID=I%T S=0)
T1(Resp=Y%DF=Y%W=FAF0%ACK=S++%Flags=AS%Ops=M NWNNT)
T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
T3(Resp =Y%DF=Y%W=FAF0%ACK=S++%Flags=AS%Ops=MNWNNT)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp= Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N% W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S+ +%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RI PTL=148%RID=E%RIPC K=F%UCK=F%ULEN=134%DAT=E)

TCP Sequence Prediction: Class=random positive increments
Difficulty=7468 (Worthy challenge)
TCP ISN Seq. Numbers: A30AF98A A30C5B20 A30DB6FF A30F4B7B A310E563 A3123C5D
IPID Sequence Generation: Incremental

Nmap run completed -- 1 IP address (1 host up) scanned in 16.341 seconds

Re:One more year and...

[hesiod]

> > One more year and... (Score:1)
> > They can legally drink?
> Twenty one is the legal drinking age last time I checked. But...

Wow, Twenty plus one equals 21! You're both right!

First infected program called 'VD'

[koa]

Does this strike anyone else how ironic that the first program to be infected with a virus was called 'VD' ?

I thought this was the first virus

http://slashdot.org/article.pl?sid=03/09/09/163125 0&mode=thread&tid=126&tid=128

Re:I thought this was the first virus

[gooru]

That's a bug not a virus. A bug is something that's wrong with a program. A virus is code that copies and spreads and is usually malevolent in nature, whereas bugs are usually accidental.

Re:I thought this was the first virus

[JamesP]

But it's not a bug, it's a feature!!!
20.19.18.17.16.15.14.13.12.11.10.9.8.7 .6.5.4.3.2.1 .0

Only counting distinct instances?

[192939495969798999]

They must be only counting distinct instances, because I am certain there are more than 60,000 total viruses (including variations). Doesn't mcAfee's (sp?) virus protector claim to protect against something like 300,000 different viruses?
Are they not counting trojans, worms, and the other ancillary definitions of malicious programs?

Re:Only counting distinct instances?

[DeltaSigma]

Well, if they have a few rules for file scanning, then they're protecting you from more viruses than they have definitions for, if you think about it...

Viruses

[TrippTDF]

I work in a design office where most people use Mac OS 10.2. I swear to God, now matter how many times I show people virus stats, or point them to articles about Macs and viruses, the SECOND there is something wonky going on, they call scream that they have a virus.

Downloading virus definitions?

[Strange+Ranger]

> there are almost 60,000 viruses in existence

So at this rate, how long until the virus definition files for your AV software are so big and so frequent that you need broadband just to stay updated enough to maintain a reasonable level of protection?
How long until it takes gigs of storage space to store them all?

Wonder if Symantec, McAfee, etc., will offer a remote storage service in the future? Does everybody really need to store the same list of virus definitions on C: ?

Are virus definitions the future of AV or will heuristics and other "AI" get good enough in the foreseeable future that the one-off approach of definitions will become obsolete?

Re:Downloading virus definitions?

McAfee has been trying for years to get everyone to move over to their McAfee Clinic service which stores the virus info on their servers.

Their current downloadable definitions are about 3mb

Re:Downloading virus definitions?

[xlsior]

Wonder if Symantec, McAfee, etc., will offer a remote storage service in the future? Does everybody really need to store the same list of virus definitions on C: ? Since you *need* the data from that list to actually detect virusses, that would be kind of pointless. Do you realy want to download this every single time you start your virus scanner? A local copy makes *much* more sense...

Re:Downloading virus definitions?

Must be defunct now. No mention of "Clinic" or online maintenance anywhere as a feature, product, or service except in Google caches. clinic.mcafee.com redirects to their main US page.

Re:Downloading virus definitions?

[slamb]

Does everybody really need to store the same list of virus definitions on C: ?

Yes. Someone mentioned that McAfee Clinic stores virus definitions on the server. I don't really know what he means by that, but it has to at least store the signatures and an ID number for each detectable virus on the local machine. (Once it knows "you have virus ID 0xdeadbeef", it can request details and removal code from the server.) The alternative is to send all your hard drive contents to them to check every time you run the virus scanner. That would take much more bandwidth, be a huge load on their server, and raise horrible privacy concerns.

Are virus definitions the future of AV or will heuristics and other "AI" get good enough in the foreseeable future that the one-off approach of definitions will become obsolete?

I hope they're not the future, because they suck. (What if the human immune system only fought things you've been vaccinated for? We'd all be dead.) I've heard more intelligent scanners mentioned, but I don't know a lot of details.

There are certainly several methods for improving virus/worm security without scanning at all. (In fact, I don't run antivirus software on my own machines; I use these other methods.)

First, there's not clicking on whatever crap someone sends you. If we could train users and remind them with a dialog whenever they do a potentially-insecure action, it would go a long way toward solving this problem.

Worms can be dramatically reduced with patching, since most exploit old, well-known vulnerabilities. Recent efforts in making patching easier/more automated should pay off in the long run. (Remember, you can't expect immediate benefit from this, because it's generally the people running older versions who have the problems.)

Then there's restricting what applications can do once they're on your system. Have you seen Norton Personal Firewall? I'm a little pissed at it (its language makes you think it's a stateful firewall; it's not), but it does one thing well: it also restricts local software on a per-executable basis. So it will pop up a dialog box saying "Microsoft Word is trying to flood the net with packets. Bitchslap?" or similar. That's a good idea for the prevention of worms, viruses, and spyware.

Also in this vein is running most things as a user-level account and making people enter passwords to install software. Unfortunately, this doesn't work well on Windows now - it's not that way out of the box, and too much software depends on having privileges it should not. (For example, I think my DVD-playing software requires "Administrator" or at least "Power User" privileges. Why?)

Re:Downloading virus definitions?

> Since you *need* the data from that list to actually detect virusses, that would be kind of pointless. Do you realy want to download this every single time you start your virus scanner? A local copy makes *much* more sense.

Not if your connection is faster than your hard drive data transfer rate, as in your average 2 year-old low-budget PC on a fat pipe that's already using I/O on the hard disk to run the O/S and other things users might want to be doing in addition to scanning for viruses.

Re:Downloading virus definitions?

[placeclicker]

I would say, by that time, people will have hundreds of gigs, and 1-3% for Virus Defintions won't bother them.

Not sure about the broadband thing.. people might stick with their dial up.

Re:Downloading virus definitions?

[Tin+Foil+Hat]

In order for your computer to read any file on the internet, including virus definitions, it first must make a local copy of it. So yeah, everybody does need to store the same list of virus definitions on C:. Well, at any rate, everyone who wants anti-virus software needs to store a virus definition file somewhere on their hard drive.

[OT rant]
That's what drives me up the wall about this whole peer-to-peer file sharing controversy. Everything on the internet, and I mean everything, consists entirely of file sharing. Yes, that means streaming media too. The peer-to-peer programs that the RIAA, et al, are decrying are conceptually no different than any other internet enabled application. I can use my browser to download illegal music too, and regular people can run web servers. You don't hear about the RIAA slamming web server software now do you?

Re:Downloading virus definitions?

Why can't files from the internet load to memory?

That's what drives me up a wall. 1 Gig of fast DDR sitting idle whilst my browser clunks along swapping files on C:. ugh.

Creative or Positive Uses?

[rueger]

Now that we have established that a sufficiently clever virus can spread rapidly enough to beat the Symantecs of the world, we should be worrying about what this technology can be used for.

Think about some of the things that hard core political organizations could do to their opponents? Think about corporate whistlebowers who could make sure that their secrets hit hundreds of thousands of computer screens in hours or days. Think about someone who sends something as virulent as last month's "Microsoft Support" virus, but with a nasty payload that wipes the user's hard drive.

Or perhaps, think about using viruses as a tool to rapidly spread secret or patent protected information for widespread use without royalties.

All in all, I think that at twenty years we're just seeing the tip of the iceberg. One of these days someone with imagination is going to do something large, fast spreading, and so far unimagined.

Inspired fond memories

Brought me back to the commemoration on the 200th Anniversary of Naval-Induced venereal disease.

Simple:

[KalvinB]

Joe Script Kiddie can't write code for an X-Box. Yet.

There's also not much to gain since Joe Home User won't be putting anything on the X-Box that JSK would want.

The virus would also have to wedge itself permanently into the system. Otherwise a simple press of the reset button and *poof* cured.

What do you do when your gaming system acts up?

Reset. Console don't get viruses because it's (virtually) impossible by design to make any permanent effects. All Nintendo systems are immune because the system doesn't depend on writable media. Worst that could happen is that your memory card gets fried. But that doesn't affect any of your games or the system itself.

Ben

Re:Simple:

[donutello]

Console don't get viruses because it's (virtually) impossible by design to make any permanent effects. All Nintendo systems are immune because the system doesn't depend on writable media. Worst that could happen is that your memory card gets fried. But that doesn't affect any of your games or the system itself.

I believe that's not true for the XBox which actually has a HD and I believe you can update your XBox via XBox Live.

Re:One more year and...

[jaymz666]

18 is legal drinking age somewhere.

I think Walker got there first.

In many ways John Walker's "Animal" program probably qualifies as the first virus, and it dates back to the mid seventies.

Wrong anniversary, this is their 21st.

[plover]

I remember an article in Scientific American that spoke to a young man named Richard Skrenta, who wrote an Apple ][ virus in 1982. I remember him bemoaning the fact that "it got onto his disks, the math teacher's disks and all his friends disks."

Sorry, but Fred Cohen was not the first virus writer.

These viruses can already drink, and they can probably vote on a Diebold machine. They may already have...

Re:Wrong anniversary, this is their 21st.

[beebware]

Ah - good ol' Richard Skrenta - founder of the Open Directory Project and many other things - who did, indeedy, write the Elk Cloner virus for the Apple II in 1982. I thought the BBC had the anniversary wrong, but I didn't have anywhere to "moan" by skrenta missing his bit of limelight until now ;)

Re:Wrong anniversary, this is their 21st.

[blamanj]

Indeed at least two sites document the Apple viruses in 1981. In addition, they were discussed in theory as early as 1949, and appeared in science fiction as least by 1975 in John Brunner's great Shockwave Rider, which was the inspiration for Robert Morris' famous Internet worm.

Re:Wrong anniversary, this is their 21st.

Viruses made an appearance in science fiction at least a couple of years before Brunner's coining of "worm"; David Gerrold's "When H.A.R.L.I.E. Was One", serialized in Galaxy around 1972-3, had a character talking about the problems caused by a program called VIRUS (Though it was actually more like a worm) - it was eventually purged from computers by a program called ANTIBODY

Subtle jibes and jabs

[Target+Practice]

I think the whole thing was a sideways jab at hackers:

While virus writers are usually socially adept, many hackers are not.

That's the only line that really stuck out to me in this story... If you read on, however, it looks like they're talking about crackers of sorts. Any idea on who they're trying to insult here?

Re:Subtle jibes and jabs

[tds67]

While virus writers are usually socially adept, many hackers are not.

I agree, that seems a bit out of place and strange.

It makes it sound like virus writers are swash-buckling, James Bond types...not what I think of them when I spend hours cleaning up after virus messes on our network.

Re:viruses

Yea, or even better yet -- switch to a one button mouse!

Really? Only 20 years?

The first attacks I recall long predated Microsoft. They were ordinary, text e-mails on UNIX systems containing ASCII escape sequences that programmed "dumb" terminals in order to set their so-called "reply" buffers (which many of the more advanced ones had), and then to request the reply. The stored reply buffer then contained commands that were executed as if the victim typed them. They were called "letter bombs".

Being nostalgic

[Looke]

Ah, Cascade, which caused the letters on the DOS text screen to tumble down to the bottom. Not the first virus, and not the most damaging virus, but certainly one of the more amusing ones ;-)

Re:Being nostalgic

not very damaging indeed, but it did slow down the pc very much, but i guess it had something to do with the virus being 1701 bytes (iirc), and that was pretty big for a virus those days..

Edmund Fitzgerald

[tds67]

Mr Cohen presented his results to a security seminar on 10 November, 1983.

The Edmund Fitzgerald sank in Lake Superior on November 10, 1975. Microsoft was also founded in 1975, I believe. There must be a connection.

November the 10th is never a good day.

Worms are TWENTY-FIVE years old...

[alispguru]

Don't know about viruses, but the first computer worms (as in programs that dynamically spread themselves across networks) were created at Xerox PARC in 1978. See here (scroll down to "1978") or here for details.

Re:Worms are TWENTY-FIVE years old...

[ch-chuck]

Nope - check out the Univac ANIMAL story for an earlier version of a self replicating program, 1975. (notice I'm not claiming ANIMAL was the 'first' self replicator either - 99.9% of claimed 'firsts' are just ignorant of other acheivements).

Re:Worms are TWENTY-FIVE years old...

[HisMother]

Fred Cohen is the self-proclaimed father of computer viruses. Any time you see a story about how "Fred Cohen wrote the first computer virus," you can be sure that the only expert the reporter talked to was, you guessed it, Fred Cohen.

Re:Worms are TWENTY-FIVE years old...

[addaon]

As a Lisp hacker (and as someone who can afford some karma for an offtopic), while I agree that S-exprs are much more graceful than XML, there is a very deep difference which should be remembered. S-exprs, in their commonly understood form, represent a tree. XML documents, in their specified form, represent a graph. That is, the set of structures representable in XML is a strict superset of those structures representable by S-exprs. With that said, very few people actually use the graph nature of XML (one of the few examples I can think is the anchor concept in XHTML). Just a quick fact check.

Re:Worms are TWENTY-FIVE years old...

[alispguru]

S-exprs, in their commonly understood form, represent a tree. XML documents, in their specified form, represent a graph.

Off-topic right back at you:

S-expressions as defined in the Common Lisp spec (and as implemented by many Scheme dialects) can also be graphs:

#1= (a . #1#)

represents a single cons node whose CDR points to itself. Like XHTML anchors, the graph notation is rarely used when typing in S-expression code or data, but it gets used a lot by the printer when *PRINT-CIRCLE* is on.

XML does get one thing right - document "packaging". The required header on XML documents gives the reader enough information to properly reconstruct a document in arbitrarily weird character encodings (a place where the Common Lisp spec punts to ASCII/implementation-dependent) and allows for versioning and other expansion.

As for the rest of XML, I'm with Philip Wadler when he says:

So the essence of XML is this: the problem it solves is not hard, and it does not solve the problem well.

Happy Anniversery

now to download some viruses and celebrate Woohoo!!!

Other Platforms?

This BBC article was actually pretty useless. The PC platform was not the dominant platform for the early period of viruses. No mention whatsoever of the Amiga, Atari ST and any other platforms - in Europe at least the first large-scale spread of viruses was on the Amiga and ST, due to the huge amounts of floppy disks being exchanged. At the time, the PC barely had a look in to home computing.

Not a very well researched article, IMHO.

Re:viruses

if you're running a mac, chances are you like the same sex as yourself. so no children will be had.

...and you probably already have a virus.

In my world

[JudgeFurious]

A person found guilty of writing a virus gets a death sentence. I'm still undecided on whether it's stoning or shoving a live snake up their ass but that's a trivial detail.

I so seriously hate those guys. If a button that caused all their heads to explode appeared before me no power in the universe could prevent me from pressing it. Repeatedly.

they made a typo

[kaan]

I can clear this up. See, it was supposed to say "there are almost 60,000 copies of viruses in existence on people's machines ".

I think they also got the number wrong, it's missing several 0's. It should be something like "six hundred mega-zillion", or some other gigantic number that I would write out if I knew how many 0's to add.

blame Canada

[segment]

"When you see a complex virus," she said, "it's come out of the hacking community." In her experience many malicious hackers have a borderline criminal view of the world and do not share mainstream ethical norms.

evil evil hackers. Someone should track them all down. Maybe some company could hire bounty hunters.

Superman theme comes on Wait look up in the router
It's a packet
It's a flame
Superman theme dies out
Oh damnit it's just another Microsoft flaw

my bad

Fred Cohen's original article

[ciurana]

Unfortunately I cannot find a web resource for it, but the original article appeared in Computers and Security. The article includes source code in a cross between pseudo-code and a shell command language.

The original article is:

Computer Viruses Theory and Experiments
Fred Cohen
Computers and Security no. 6 (1987)
Pages 22-35
Elsevier Science Publishers, BV (North-Holland)

This article was followed by a plethora of misguided "containment" articles also in Computers & Security. Cohen proved them wrong again in:

Computational Aspects of Computer Viruses
Fred Cohen
Computers & Security no. 8 (1989)
Pages 325-344
Elsevier Science Publishers, Ltd.

As an aside, I read that Mr. Cohen had to wait several years before being able to publish his papers because not a single publication in the US would print his articles. The first article is very entertaining and instructional.

Cohen's first computer virus pseudo-code:

program virus :=
{ 1234567;

subroutine infect-executable :=
{ loop: file = random-executable;
if first-line-of-file = 1234567
then goto loop;
prepend virus to file;
}

subroutine do-damage :=
{ whatever damage is desired }

subrutine trigger-pulled :=
{ return true on desired conditions }

main-program :=
{ infect-executable;
if trigger-pulled then do-damage;
goto next;
}
next: } // rest of the infrected program

(If I have time to scan them, I'll post a link to page scans of these articles; right now I have too much work.)

Cheers,

Eugene

Re:Fred Cohen's original article

Heh heh, yes, I'm familiar with his writings.

To all of those who have had the pleasure of meeting with or (worse yet) participating in working groups with Fred Cohen, perhaps you can explain to me how this man has created such a self aggrandizing career out of little more than his grating and boisterous persona?

Re:Viruses

[EverDense]

I work in a design office where most people use Mac OS 10.2. I swear to God, now matter how many times I show people virus stats, or point them to articles about Macs and viruses, the SECOND there is something wonky going on, they call scream that they have a virus.

Just tell that it is BSD dying!

This just in..

[Kjella]

Since the first viruses were made on Unix systems (*is* VAX a Unix system? anyway, SCO won't care), they are clearly derivative works of SCO. And all viruses made after that point have been using the methods and IP of these original viruses, and so they are also derivate works of SCO.

SCO is right now considering pontential legal action against these individuals, but have in the mean time offered a licence to use their IP, for the low low price of $599 per CPU affected by such IP. This has been nicknames "Licence to infect*" (*no legal indamnification provided).

Kjella

Re:This just in..

[gmuslera]

SCO don't work that way... would be more like: If you are infected by a virus, then you will be liable.

At least that could be a way to get rid of ancient worms that still are very widely spread, lets ask for US$ 700 to everyone infected with virus like nimda or msblaster to see if they worry a bit about that. A lot will be grateful with SCO for that.

In the same line... maybe the first properly called spam comes from an UNIX system (I think it was in usenet history in google), maybe SCO could sue all spammers for doing it.

You're almost describing emacs

[vrt3]

this page intentionally left blank

Re:You're almost describing emacs

[Piquan]

True, but there's a difference that's quite significant for this discussion. Microsoft Word treats files as structured objects, so they can hold code. Emacs doesn't; it treats files as byte streams. Sure, it has hooks to look for code (and ask the user if it should be executed), but it's out there where the user sees it.

Not always-

If there weren't viruses to exploit holes, then holes would not get fixed.

If there wern't viruses to exploit holes we'd be living in a VD free world! Some would argue against the patching of holes though.

Love, AC

Irony

[t_allardyce]

How ironic that the next story linked at the top of the page is "Microsoft Moving Into Chip Design With Xbox Next" Its one thing when they create shoddy software, but hardware! why they could kill us all!

Scriptable programs...

[Kjella]

So before anyone says that virus only show up for windows because it is the most popular, also realize that Micro$oft can't even write a secure word processor.

Tell me, if Linux users regularly sent perl/python/[scripting language of choice] code integrated with OpenOffice to eachother, and expected it to be run without having a clue of what it does, how many similar viruses would there be?

The problem is what it is trying to be, which is far more than a word processor. The macros/VB scripts try to be something like a sandbox, where the scripts can do their custom thing without taking the house down.

Unforturnately, locking it down in this way is both difficult and often limiting its usefulness. Sometimes the only difference is intent - if you wanted to do this, it's a feature - if you didn't want to, it's a virus/trojan/logical bomb.

I'm not saying that the feature is well implemented - it is not. But it's trying to be a far more customizable tool than just a word processor.

Kjella

Re:Scriptable programs...

[gl4ss]

*Tell me, if Linux users regularly sent perl/python/[scripting language of choice] code integrated with OpenOffice to eachother, and expected it to be run without having a clue of what it does, how many similar viruses would there be?*

do windows users really do this?

no, really, how usual it is that those macros are used in static word docs for anything useful?

Re:Scriptable programs...

[IM6100]

how usual it is that those macros are used in static word docs for anything useful?


Well, umm, by definition they're not used much at all in static word documents.

I know that my brother-in-law, who is a software engineer who hates Microsoft, can't migrate away from MS Office because he's an Excel macro weenie.

Re:Viruses

[TrippTDF]

Just tell that it is BSD dying!

Christ, throwing out a technical term to these people is like dangling a fake steak in front of a dog. He wants it, thinks he needs it, but when he gets it, he discovers he has no idea what it is at all.

These are people I've had to explain the concept of the megabyte to.

Why wait?

[StenD]

Since many viruses are written outside the US, it's quite likely that they "can legally drink" already.

Let me help you out

Here and here

Re:Let me help you out

[Dark+Fire]

Anonymous suggestions are not the same as anonymous donations. :(

The worlds second best virus

Disclaimier: I have no intention of writing this virus in the future. I have not written this virus. I am not in the process of writing this virus. I know of no individuals or groups who have/are/will design this virus.

Now that that is out of the way, on to the fun bits :)

Many people have come up with cool things for viruses to do, or ways to infect machines, or similar. IMHO, this is the design for the worlds second best virus... feel free to do with it as you wish... but don't patent it.. I'm claiming prior art :)

First off, the virus should have multiple infection vectors. It should scan the local network and infect writeable executeable files. It should also be able to infect .doc and .xls files via scripting (simplest method is to write a script to write the exe of the virus, then execute it.) It should also e-mail copies of itself to all contacts in the address book with a social engineering style letter -- with good grammar! It should also have several network methods of attack. It'd be nice to combine msblast, code red, and a couple as-yet-undisclosed vulnerabilities. It should try to upload itself to ftp servers. Both on access to one, and upon sniffing a ftp connection in network traffic. (Bonus points if it can inject a boot sector copy of itself into all the .iso's and bin/cue's out there. Read-only viruses are fun :)

Now, the virus should take steps to hide itself from the user. Of course this means masking the process. It should also mean hijacking the kernel and installing a few drivers so any infected file reads as uninfected to any nosy system process thinking its a virus scanner. But this is not the end.. It should be active in masking itself. First off, any dns requests to a windows update site, or any of the top-10 virus scanners update sites should be redirected to 127.0.0.1 (or to the spoofing machines IP which then responds with a look-alike site saying everything is updated.) Also, attempts should be made to spoof a dns response to any other machine on the lan that requests a dns for those sites. It may or may not work depending on the OS, but you can try, right?

The virus should organize itself into a P2P network. Just for kicks there should be a few hundred of the most "popular" mp3's on this network and the virus should download one a day into the "my music" folder on the hdd. This isn't so much a payload as it is a big finger to the RIAA. "I didn't download that music your honor, Microsoft's crappy software downloaded it for me without my knowledge." Ahh.. the joys of technology. Anyway, the p2p network isn't just for PO the ??AA. It surves a vital purpose...

Updating the virus. Every now and then MS fixes a security vulnerability. A p2p network for distributing viral updates would be a great run-around this. Of course the updates would have to be cryptographically signed and dated. We don't want any old goody-twoshoes uplodaing a fix to the p2p network. For security, any node with a update that doesn't match the signature will be removed from the network.

Depending on who the Architect of such a virus is, the virus can do any number of things... sniff out CC#'s, vote in slashdot polls, send spam, DDOS the entire west coast, order a copy of Wil Wheaton's Dancing Bearfoot from amazon.com, or just play cat-and-mouse with microsoft and anti-virus teams.

Now, as I said this could be the second best virus ever. What will be the best you ask? You'll have to wait until the machines take over for that answer.

Re:did you notice the department?

They are both holes waiting to be exploited ...

death sentence??

I read that some of u would happily give virus writers the death sentence, how blind can you be??

I would like to give them a medal,it keeps the software programmers (like M$)enough motivation to close leaks caused by moronic-programming which are a security hazard (like dcom, without msblast virus 40% of the windows webservers and 60 % of the webusers using windows would still be open for skriptkiddies to hack (read start an exe and ip and you will be given shell on remote computer),
so I am not talking about the virii opened by some dumb nitwit by clicking an exe called teenporn.jpg.exe, in that case the licence to reprocreate should be revoked from the guy opening that exe..

So lean back, and let nature take his course, you haven't seen nothing yet, the next generation virii are bad, realy bad, I have seen a skeleton (al functions present exept exploit code, and without replication/spreading code) of a virus which was capale of erasing (corrupting) the bios of a lot of hardware (DVD, mainboard, HDD, videocard etc.. from a lot of manufactors (using universal flash method).
If the msblast exploit code was used for this type of virus it would have been a disaster lots and lots of computers would have been trashed..

It's what you al wanted, whithout having REAL computerknowledge you want to click one button sending all your freinds a mail, pay your morgage, wank at sex-pages and play a game..
Sadly 95% of you don't know what you are doing or how the computer realy works.

EqX
Senior Programmer for a Not To Be Mentioned Security Company.
(sorry for my poor English)

That can't be

[Eudial]

And i thought DOS 1.0 was released in August 1981.

MOD PARENT UP, please

[alispguru]

Dang. Though, if you want to get really persnickety, ANIMAL was technically a Trojan horse, as it required human help to spread.

Good catch on going to the original source - if John Walker believes he was the first, I'm 99.9% inclined to believe him.

Re:MOD PARENT UP, please

[Haeleth]

> Though, if you want to get really persnickety, ANIMAL was technically a Trojan horse, as it required human help to spread.

And most modern "email viruses" are the same - they rely on idiots opening attachments. But nobody describes them as "Trojan horses". Possibly because they aren't full of Achaean soldiers.

Tragic -- Website doesn't work.

PHP & Linux - Hype all you want, but they just suck under load. Guess we'll all read this one later...

Anyone remember BITNET?

[surfcow]

BITNET was IBM's RSCS network, pre-TCP/IP. Back in the day, this was the Internet, no joke. BITNET got completely whacked by a virus back around 79 or 80(?).

Around Xmas, someone wrote a script that displayed a pretty Xmas tree ... then mailed itself to everyone in your address book. (Sound familiar?)

Dropped all of BITNET like a stone for days.

Re:One more year and...

> 18 is legal drinking age somewhere.

Most of the world?

It's 18 in the UK, 20 in Japan, and in France I believe the only requirement is that you've been weaned. The USA is one of the most restrictive countries outside the Muslim world.

Not to Ruin the Fun...

[Jason+Scott]

But there is definitely a predecessor to "VD": The Elk Cloner Virus. Showed up on the Apple II, and the message would appear after 50 resets of the disk. It would infect any disk put in where you did a CATALOG of that disk.

There is a webpage dedicated to it (with source!) at this location.

"Elk Cloner: The program with a personality"


It will get on all your disks
It will infiltrate your chips
Yes it's Cloner!

It will stick to you like glue
It will modify ram too
Send in the Cloner!


There are other similarly dated variants. Elk Cloner has been mentioned in the press in the past; this is someone at the BBC being lazy. As mentioned elsewhere in this thread, glorifying the process as if it was a great accomplishment is a little strange.

Gah.

[pb]

Dear BBC,

Next time you do an article about virus writing, would you care to mention how Microsoft lowered the bar for virus writers by creating a simplistic macro system with no security and way too much power, (for a word processor, no less!) and has since done nothing to fix this systemic flaw in their products?

How about a little credit where credit is due here, or a little investigative reporting? You could run 'controversial' stories with headlines like "Do users have a right to expect secure software?" or something. At least you didn't start parroting word-for-word MS' old propaganda on the subject, but I'm still not impressed.

Re:did you notice the department?

nothing to do with goatse. this is a reference to the tenacious d song wonderboy.

Re:One more year and...

kids here just aren't responsible

The "Lehigh" virus (aka PC-AIDS)

[teefal]

>The emergence of Brain kicked off lots of other viruses such as Lehigh, Jerusalem, Cascade and Miami.

I was a student consultant at the Lehigh University computer center (Bethlehem PA, USA) in 1986 when the "Lehigh" virus surfaced. We called it PC-AIDS and told people to wear their "floppy condoms" (write protect tape). A few consultants (Loren Keim et al) wrote the antivirus program for it.

As far as I know, this was the first virus to get national attention. A letter from our center's director was printed verbatim in a PC Magazine column, and that got picked up by other media.

It was interesting to see how people first reacted to the idea of a computer virus. Our references to AIDS and condoms certainly didn't help. It freaked people out (remember, this was 1986).

i thought...

i'm sure all microsoft copyrights say 1987 don't they? so wouldn't that be 26 years?

The first? I'm not so sure

[jimfrost]

Probably a decade ago I was involved in a discussion about the etymology of computer viruses.

I didn't know who wrote the first one, but I'd written one in I believe the fall of 1984 (could have been that winter). Not that I thought I was first, but it was at least pretty early. Nobody had heard the words "computer virus" before, and I certainly didn't use them. I called it a "self-replicating program." In my version I hooked the command interpreter for Apple DOS's "catalog" command and made it copy itself in place on whatever disk it was looking at. Simple and effective -- and benign, since all it did was replicate (although a few variants did more amusing things like change the catalog output subtly).

I knew that was pretty early, but it turned out that there were at least two earlier viruses on the Apple -- both done at colleges circa 1982. The only one I remember was done at I think Texas A&M, and IIRC theirs were substantially more sophisticated than mine.

Oh look, Google even knows about the Texas virus:

http://yarchive.net/risks/early_virus.html

"Almost" an accurate article

[robolemon]

Almost every year since 2000 has seen the unleashing of a virulent program that uses the net to travel.

Is anybody else bothered by this statement? "Almost every year"? I can certainly find hundreds of examples for each year.

20 years?? What about my PET?

[adeyadey]

What about the PET virus I wrote in 1981?
---
"Your computer has been infected by a virus.
Please place a blank cassette in tape #1 and press play and record.

When finished, please mail this tape to everyone in your address book who has a PET computer."
---
Mind you it never spread very far..

Wrong^3

[DynaSoar]

Cohen was not the first. I know of at least 2 if not 3 virii for the Apple II prior to Cohen's work. Here's links to stories about some:

http://www.cknow.com/vtutor/vtsladeapple.htm
an d
http://www.skrenta.com/

PET virus source code..

[adeyadey]

10 print chr$(12)
20 print "Your computer has been infected by a virus!"
30 print "Please place a blank cassette in tape deck # 1 and press play and record."
40 print "When finished, please mail this tape to everyone";
50 print " in your address book who has a PET computer."
60 save "I LUV U",1

----
I'll now wait for the police to call..

Re:Really? Only 20 years?

[jimfrost]

Hah, I remember letter bombs. They became so frequent when I was in college that I prefiltered my mail spool to remove control character sequences. Who knew I'd still be doing mail spool filtering fifteen years later?

We used to also blast control sequences straight to the terminal (since the default in BSD 4.2 and 4.3 was to allow anyone to write to any terminal). The one that we used a lot was the "hard reset" sequence of the vt220, which dropped the RS232 line and triggered a logout, but people rapidly reconfigured the terminals to ignore that. My favorite was to send a lot of nulls since that was more or less invisible but effectively locked up their terminal.

Of course people dealt with this by adding commands to their .login to disable public writeability of their terminal, so the way I dealt with that was to try to grab a descriptor to their tty between the start of login and when the .login script executed (these were the days of the vax, that was a reasonably large window) and just hang onto it in case I wanted to bomb them later.

Oh, the days of having that much free time.

Havent seen a real one in a while

[bl8n8r]

12 tricks, stoned, ambulance-a and others were what I would consider a virus. When these email "viruses" figure out how to be polymorphic replicators, *then* the internet as we know it will be ph#cked. How long will it take to scan every file on a 128 Gig harddrive for a polymorphic replicated Slammer derivative? Now how many people will actually sit through it without cancelling it so they can just get their email? It would never get cleaned up.

Remember when you first. . .

[Fantastic+Lad]

heard about the concept of the computer virus?

Wasn't that one of the coolest days ever? It was like Sci-Fi come to life!

Of course, it became an annoyance, but I still think the idea is pretty darned interesting. If somebody was writing about our world as a piece of speculative fiction, (and this is indeed what our world seems like most of the time to me, especially today), then the computer virus was probably one of the more inventive and award-winning ideas which pushed the book onto the best-seller list.

At least I hope so. Our present world seems kind of like a Neal Stephenson novel which isn't on crack. Maybe it isn't a best-seller.

In any case, I wonder who the main character is? Sure isn't me. I feel like a back-ground noise supporting cast member if anything. Might have brushed shoulders with him/her for a minute somewhere.

Either that, or I am the main character, and it's a really boring novel!

-FL

OT: November 10

[Experiment+626]

November the 10th is never a good day.

Be careful, today is the 228th anniversary of the United States Marine Corps, you're likely to incur the wrath of the jarheads with that kind of comment...

Either that or...

[EM+Adams]

All of our operating systems will act like a virus too by sending information about itself back to its creator so the creator can control the offspring...sort of like Windows...

Acorn all-the-way

[oberondarksoul]

"This is a friendly virus. It has done no damage to your computer. Perhaps this will serve as a warning not to copy commercial software in the future!" Ah, the good old days, running copies of Lemmings from dubious sources...

technically...

[ShadowRage]

viruses are actually pretty awseome considering what some of them do, the ingeniousness behind them is prolly why they called them "marvelous"

it also keeps competent software makers on their toes to make a more secure and virus free system, most virii dwell on security holes and architecture plagues. (eg, everything windows has to offer)
there's one virus that wins them all, it's that one that has polymorphic code, meaning it can execute on any system on a specific architecture..
a virus like that could be handy because it could help bridge the gap between most operating systems in compatibility..

sometimes with the bad you get the good..
example, when the soviets launched sputnik, this was a "bad" thing for americans, 2 reasons, nuclear weapons being launched from space, and ego.

so, in light of that, (D)ARPA was formed, then came the arpanet, which led to the internet.

so good does come out of seemingly bad events.
virus writing can be considered an art in some cases, considering... especially if someone found out how to make one that could attack any linux system no matter what. now that would be scary, but would show skill.

Stoned

[DJTodd242]

This slashdot posting is now stoned!

So time

[Loosewire]

To let off.... -" were commmemorating 20 years of virus' by releasing the biggest best most beastly one yet" :-)

Re:So time

:D ,

Good idea,there are some undocumented vulnerabilities to be used for spreading it. :D
try to use several vulnerabilities to make spreading (trought as much chanals as possible (P2P, irc, direct conection, mail, vulnscanning etc) more likely to succeed .

Make it a nice polimorfic stealthy one,
and as payload:
Spread for 5-24 hours before (depnding on connection speed etc)
flash mainboard-bios
flash agp0 bios
flash ide0 bios
flash ide1 bios
etc.
then shutdown. (and this will be permenantly)

O happy days.. :D

The first computer virus was for a program...

Mr Cohen added his virus to a graphics program called VD that was written for a make of mini-computer called a Vax.

MWAHAHAHAHAHAHA!!! The first computer virus was added to a program call VD!!! How appropriate...oops I'm on /. so a lot of you dorks living in your parents' basement won't understand the acronym. Venereal Disease, as in a disease transmitted through sexual intercourse. Most of /. has no experience in such matters, so no need to be alarmed.

Legalize M$ bashing!

Legalize M$ bashing!

20 years of virii?

[monkeyboy87]

Is Windows that old??? my my my, how the years are flying by...

And the finite resource of the future Internet?

[Ayanami+Rei]

The end-user. {attention, credit card, identity}
Everything else is superfluous.

Isn't it obvious? (blogs with trackbacks, webcams, spam, 419s, personalized mailing lists, portal pages, etc.)

(incomplete post, sorry)

[Ayanami+Rei]

Oh, and what about viruses?
Most viruses now if they aren't trying to help spammers, are creating zombies to launch DDoSs (creating artificial scarecity of a website, possibly to promote a competitor) or to crack IRC channels (again, competing for other's attention)

So you missed the whole Slashdot rumor mill

[Ayanami+Rei]

about how the XBox was a test platform for Microsoft's Paladium DRM tech? (oh, I meant "TCPA", sorry).

No!

[Ayanami+Rei]

The vulnerable part of Office is not Word. Word is (well historically, I don't know about 2003) a GIGANTIC set of controls/objects that are linked together by Office itself.

Rather, it's the fact that Office at it's core is based heavily on VBscript and other realtime automation tech. It is this component that is exploitable (and quite easily). Because Office exposes so many controls to the scripting environment, it is very easy to write Macros that can use these features to propogate themselves into all your Office work.

You can do really cool stuff with Macros, and you can also do really nasty stuff (how are you to encode checking for "purpose"?)

This is why managed/signed code is a good feature. Office2003 should be less susceptible to this sort of thing: set to only run macros signed by people you trust.

with mozilla you can set RAM usage for net cache

[Ayanami+Rei]

make it >>> than the disk cache size, and you're flying.

Not that bad...

[z01d]

how long until the virus definition files for your AV software are so big and so frequent that you need broadband just to stay updated enough to maintain a reasonable level of protection?

AFAIK, most modern AV product are using incremetal virus pattern (or definition, in Symantec's language) file update, which means you only need to download 100K or so per-week. That's really doable even for dial-up users.

Are virus definitions the future of AV or will heuristics and other "AI" get good enough in the foreseeable future

The company I'm working for are doing such researchs for a long time, of course you can detect all virus by some abnormal behaviors, such as network activity, registry operation, address book enumeration, etc. The difficult part is, you can not make sure that all your detections are really virus. False report may worse than negligence, sometimes. There's still a long way to go.

Mod parent up

[Animats]

He's right. I was there when it happened. See the link. The source code is available.

As with many other things in 1970s computing, UNIVAC was way ahead.

back in my day...

[Euhemeros]

Before Micro$oft, IBM was in charge of flawed software.
In the 1960-70s they developed a time-sharing system for mainframes called CMS.
You logged in to your virtual machine and had a virtual mini-disk of your own files,
and mounted and read other mini-disks containing the
"SYSTEM" and applications and data.
After reading the directory of such a virtual drive into your VM, CMS would
run a specially-named "On Access" shell script that could be set there
by the disk's owner. These could
ask for a password or just run some accounting, etc.
But you were not in control of what they did.
Most casual users never used the feature and
were even unaware of how to set it up.
So hackers would write little scripts that jumped
onto your mini-drive, to spread to those who
later accessed your files.
It was a kinder, gentler time, of course, so although they could erase or patch files, I never
saw any worse than a cryptic "we are control your ..." sort of message.
I first saw this in early 1978, but the system was
a few years on by then.

Much Older (Core Wars!!)

[tommck]

My professor in college referred to an old game called Core Wars in which people would write viruses to battle each other. It was from the 60's! He even had us play as an assignment.

There are a million pages out there on virus history. I little research goes a long way... The name "virus" is 20 years old, but the concept is two to three times as old as that.

Here's a google cache link to an article referring to Core Wars

T

Animals

[skelf]

I can't believe I'm this old, but I seem to remember writing what were called "animals" in honeywell assembler code back in 1983 during a systems programming class at Dartmouth. I don't suppose these were technically viruses, but they did self-propagate. Does anybody remember these things being called "animals" back then?

Yeah, yeah, "don't feed the troll"

[fizbin]

it did NOT fit inside a udp packed, the command to retrieve the virus fit in the udp packet..

try learning about what you talk about....

if a virus is not written in assembler, it's from a poeser wannabe.

Um, no. Wired has a surprisingly detailed article about slammer. If you're too lazy to read it, the poster you were disparaging was in fact completely correct.

Perhaps you're thinking of LoveSan, aka msblast?

As for the "assembly is the only real language, everyone else is a poeser wannabe" comment, I do have to say that the first MSWord .doc-file viruses were a cool hack, even if they were written in a dumbed-down version of visual basic.

Viruses are older than that....

[David+Gerrold]

With all due respect, I first heard a programmer talking about a program called VIRUS in the summer of 1968, as well as another program called VACCINE. I immediately incorporated the idea into the novel I was writing at the time, WHEN HARLIE WAS ONE. (Published in 1972.) Now, it's possible that the VIRUS story was apocryphal in 1968, but this programmer seemed to think it had actually happened; at least, that's the way he told it. John Brunner created the term "worm" in his 1974 novel, THE SHOCKWAVE RIDER, and he did much more with the idea than anyone else had ever done, accurately predicting the way worms would prowl a network. But even before widespread online connectivity, in the days when shareware was distributed on 5" floppies, we were all being warned about the danger of viruses in shareware distributions. Compuserve forums had software for download, and those files were all routinely scanned for viruses. Of course, in those days, viruses and Trojans were a lot simpler and a lot easier to block. (Except for the fact that we had to hike five minles barefoot through the snow, uphill both ways, every morning, just to get to the computer.) So I wonder why folks are marking 1983 as the beginning of the viral era? If we're talking only about PC's, it's possible that the first viruses were distributed in 78 or 79. If we're talking about DEC-10s and PDP-11s, it's possible that the first viruses were ten years older.

Re:One more year and...

[F34nor]

louisiana was the last state in the union with 18. But the feds made it so you loose federal matching funds for highways if you don't make it 21. And no one is dumb enough to loose that much money for people who don't bother to vote anyway. Hence federal law is basically 21.

This number which seems dumb (and is) is due to the fact that the liver is still developing until your 21. So good thought bad idea. The reality of the remnants of the puritan culture in the US really means that people will do anything to drink from about 13 on. (Becasue its bad and bla bla bla.) If all you drank was one glass of red from 13 on you'd probably be a hell of a lot less of a Barney the the jackasses who drink 15 drinks a night from highschool on.